浏览全部资源
扫码关注微信
UCAP:云计算中一种PCL安全的用户认证协议
UCAP:a PCL secure user authentication protocol in cloud computing
- 通信学报 2018年39卷第8期 页码:94-105
- 作者机构:
1. 青海广播电视大学教育信息技术与资源建设中心,青海 西宁 810008
2. 西安电子科技大学计算机学院,陕西 西安 710071
- 作者简介:
[ "李学峰(1975-),男,安徽宿州人,青海广播电视大学副教授,“西部之光”访问学者(在西安电子科技大学访学),主要研究方向为密码学、协议设计与形式化分析等。" ]
[ "张俊伟(1982-),男,陕西西安人,博士,西安电子科技大学副教授,主要研究方向为密码学、网络安全等。" ]
[ "马建峰(1963-),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为信息安全、密码学与无线网络安全等。" ]
- 基金信息:国家自然科学基金资助项目(61472310);国家自然科学基金资助项目(61372075);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016007);青海社会科学规划课题基金资助项目(16034)
DOI:10.11959/j.issn.1000-436x.2018147
中图分类号: TP309-
网络出版日期:2018-08,
纸质出版日期:2018-08-25
- 稿件说明:
移动端阅览
李学峰, 张俊伟, 马建峰. UCAP:云计算中一种PCL安全的用户认证协议[J]. 通信学报, 2018,39(8):94-105.
Xuefeng LI, Junwei ZHANG, Jianfeng MA. UCAP:a PCL secure user authentication protocol in cloud computing[J]. Journal on communications, 2018, 39(8): 94-105.
李学峰, 张俊伟, 马建峰. UCAP:云计算中一种PCL安全的用户认证协议[J]. 通信学报, 2018,39(8):94-105. DOI: 10.11959/j.issn.1000-436x.2018147.
Xuefeng LI, Junwei ZHANG, Jianfeng MA. UCAP:a PCL secure user authentication protocol in cloud computing[J]. Journal on communications, 2018, 39(8): 94-105. DOI: 10.11959/j.issn.1000-436x.2018147.
摘要
云计算利用网络使 IT 服务变得弹性可变,如果用户需要登录到云端来使用服务与应用,系统需要确保使用者的身份合法,才能为其服务。为此,提出一种面向云计算协议组合逻辑(PCL
protocol composition logic)安全的用户认证协议(UCAP)。UCAP引入了可信第三方,使用基于对称加密密钥的认证方法,确保参与认证双方的相互认证,实现协议会话的认证性和密钥机密性。协议主要分成2个阶段:初始认证阶段,由可信第三方生成根会话密钥后,认证双方相互认证;重认证阶段,不需要可信第三方的参与,认证双方快速生成子会话密钥并实现相互认证。在协议组合逻辑模型下给出所提协议的形式化描述并利用顺序组合证明方法分析了所提协议的安全属性。同其他相关协议比较及实验分析表明,UCAP在不影响安全性的前提下,提高了用户认证的通信与计算效率,不但在重认证阶段不依赖可信第三方,而且整个过程不依赖可信第三方同步时钟。
Abstract
As the combine of cloud computing and Internet breeds many flexible IT services
cloud computing becomes more and more significant.In cloud computing
a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this
a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session
which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase
the trusted third party generated a root communication session key.In the re-authentication phase
communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol
a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works
the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes
while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results
the proposed protocol is suitable for the mutual authentication in cloud computing.
关键词
Keywords
references
林闯 , 苏文博 , 孟坤 , 等 . 云计算安全:架构,机制与模型评价 [J ] . 计算机学报 , 2013 , 36 ( 9 ): 1765 - 1784 .
LIN C , SU W B , MENG K , et al . Cloud computing security:architecture ,mechanism and modeling [J ] . Chinese Journal of Computers , 2013 , 36 ( 9 ): 1765 - 1784 .
KANDUKURI B R , RAKSHIT A . Cloud security issues [C ] // IEEE International Conference on Services Computing . 2009 : 517 - 520 .
XIAO Z , XIAO Y . Security and privacy in cloud computing [J ] . IEEE Communications Surveys & Tutorials , 2013 , 15 ( 2 ): 843 - 859 .
BOYKO V , MACKENZIE P , PATEL S . Provably secure password-authenticated key exchange using Diffie-Hellman [C ] // International Conference on the Theory and Applications of Cryptographic Techniques . 2000 : 156 - 171 .
MACKENZIE P , PATEL S , SWAMINATHAN R . Password-authenticated key exchange based on RSA [C ] // International Conference on the Theory and Application of Cryptology and Information Security . 2000 : 599 - 613 .
BERTINO E , PACI F , FERRINI R , et al . Privacy-preserving digital identity management for cloud computing [J ] . Bulletin of the Technical Committee on Data Engineering , 2009 , 32 ( 1 ): 21 - 27 .
BRAINARD J , JUELES A , KALISKI B S , et al . A new two-server approach for authentication with short secret [C ] // The 12th Conference USENIX Security . 2003 : 201 - 214 .
KOHL J , NEUMAN C . The Kerberos network authentication service (v5) [R ] . 1993 .
HOJABRI M , . Innovation in cloud computing:implementation of Kerberos version5 in cloud computing in order to enhance the security issues [C ] // 2013 International Conference on Information Communication and Embedded Systems (ICICES) . 2013 : 452 - 456 .
ZISSIS D , LEKKAS D . Addressing cloud computing security issues [J ] . Future Generation Computer Systems , 2012 , 28 ( 3 ): 583 - 592 .
BINU S , MISBAHUDDIN M , RAJ P . A mobile based remote user authentication scheme without verifier table for cloud based services [C ] // The Third International Symposium on Women in Computing and Informatics . 2015 : 502 - 509 .
DATTA A . Security analysis of network protocols:compositional reasoning and complexity-theoretic foundations [D ] . Stanford University , 2005 .
ZHNG J , MA J F , YANG C . Protocol derivation system for the needham-schroeder family [J ] . Security and Communication Networks , 2015 , 8 ( 16 ): 2687 - 2703 .
DATTA A , DEREK A , MITCHELL J C , et al . Protocol composition logic (PCL) [J ] . Electronic Notes in Theoretical Computer Science , 2007 , 172 : 311 - 358 .
ZHANG H , CHEN L . An efficient authentication protocol of WLAN and its security proof [C ] // The 2008 International Conference on Communications and Networking . 2008 : 1133 - 1137 .
HE C , SUNDARARAJAN M , DATTA A , et al . A modular correctness proof of IEEE 802.11i and TLS [C ] // The 12th ACM conference on Computer and communications security . 2005 : 2 - 15 .
王丽丽 , 冯涛 , 马建峰 . 协议组合逻辑安全的 4G 无线网络接入认证方案 [J ] . 通信学报 , 2012 , 33 ( 4 ): 77 - 84 .
WANG L L , FENG T , MA J F . Secure access authentication scheme for 4G wireless network based on PCL [J ] . Journal on Communications , 2012 , 33 ( 4 ): 77 - 84 .
URIEN P , MARIE E , KIENNERT C . An innovative solution for cloud computing authentication:grids of EAP-TLS smart cards [C ] // 2010 Fifth International Conference on Digital Telecommunications (ICDT) . 2010 : 22 - 27 .
LI C T , LEE C W , SHEN J J . A secure three-party authenticated keyexchange protocol based on extended chaotic maps in cloud storage service [C ] // The 2015 International Conference on Information Networking (ICOIN) . 2015 : 31 - 36 .
ZISSIS D , LEKKAS D . Addressing cloud computing security issues [J ] . Future Generation Computer Systems , 2012 , 28 ( 3 ): 583 - 592 .
YIN X C , LIU Z G , LEE H J . An efficient and secured data storage scheme in cloud computing using ECC-based PKI [C ] // 2014 16th International Conference on Advanced Communication Technology(ICACT) . 2014 : 523 - 527 .
YAN L , RONG C , ZHAO G . Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography [C ] // IEEE International Conference on Cloud Computing . 2009 : 167 - 177 .
GOEL A , GUPTA G , BHUSHAN M , et al . Identity management in hybrid cloud [C ] // 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) . 2015 : 1096 - 1100 .
YANG J H , LIN P Y . An ID-based user authentication scheme for cloud computing [C ] // 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal (IIH-MSP) . 2014 : 98 - 101 .
QIAN L , LUO Z , DU Y , et al . Cloud computing:an overview [M ] // Springer Berlin Heidelberg , 2009 : 626 - 631 .
0
浏览量
1079
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151733 今日访问量:2