云安全联盟认证与密钥协商

项目名称： 云安全联盟认证与密钥协商

项目编号： No.61272511

项目类型： 面上项目

立项/批准年度： 2013

项目学科： 自动化技术、计算机技术

项目作者： 郑军

作者单位： 北京理工大学

项目金额： 82万元

中文摘要： 在云计算应用快速发展的背景下，云安全问题日益突出。目前大多数云计算系统仅提供基于证书的相互认证和传统公钥加密技术，认证过程繁琐，证书管理复杂，异构云之间安全密钥协商解决方案匮乏，安全性差。针对云安全存在的联盟认证及密钥协商问题，本课题将基于云流量分析构建云安全模型。课题重点研究混合云环境下，单个云内部及多个云之间的认证问题，提出基于身份的相互盲认证，解决基于证书的认证所存在的单点崩溃及网络瓶颈问题。所提出的盲认证具有匿名性和可跟踪性，能够实现隐私保护。采用群的直积分解及群同构技术实现异构云之间的安全认证，有效解决现有云安全认证复杂及大量密钥存储问题。针对异构云的安全协同计算，本课题重点研究密钥同态技术，提出一轮非对称群组密钥协商，实现匿名协商，避免传统密钥协商加密消息所产生的安全隐患，同时解决时区差异条件下的多轮在线密钥协商。课题将通过实验验证所提出模型及方法的安全性并进行性能分析。

中文关键词： 跨域认证；密钥协商；云计算；联盟签名；可证明安全理论

英文摘要： Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. With the rapid development of cloud computing, it also be confused with serious security problems. Today most cloud computing system provide data security and mutual authentication with asymmetric and traditional public key cryptography. For these research work, the authentication process is cumbersome, and the certificate management is complicated, and there is not a good scheme of key negotiation among entities in heterogeneous cloud network. This project studies the problem of mutual authentication among servers in the Intra-Cloud and Inter-Cloud, such as the authentication among multiple heterogeneous clouds. We consider the federated authentication of servers from different clouds, which would bring some inconvenience for a hybrid cloud that includes multiple private clouds and public clouds. The project proposes a Alliance-Authentication agreement among clouds. This scheme constructs a large prime group over elliptic curve, and uses direct product decomposition of the large prime group to construct multiple automorphism groups. Each cloud can generate key parameters from different automorphism groups, and all the members in the same cloud would register themselves to their key management center KMC) with their blinded

英文关键词： Cross-domain Authentication；Key Agreement；Cloud Computing；Alliance Signature；Provable Security Theory