基于数字证书的openstack身份认证协议

朱智强; 林韧昊; 胡翠云

doi:10.11959/j.issn.1000-436x.2019030

您当前的位置：

首页 >

文章列表页 >

基于数字证书的openstack身份认证协议

学术通信 | 更新时间：2024-06-05

- 基于数字证书的openstack身份认证协议
- Openstack authentication protocol based on digital certificate
- 通信学报 2019年40卷第2期页码：188-196
- 作者机构：
  
  1. 解放军战略支援部队信息工程大学密码工程学院，河南郑州 450001
  2. 郑州信大先进技术研究院，河南郑州 450001
- 作者简介：
  
  [ "朱智强（1961- ），男，河南汝南人，博士，解放军战略支援部队信息工程大学教授，主要研究方向为云计算与信息安全。" ]
  [ "林韧昊（1993- ），男，河南郑州人，解放军战略支援部队信息工程大学硕士生，主要研究方向为云计算安全与云环境下的资源调度技术。" ]
  [ "胡翠云（1985- ），女，河南辉县人，博士，解放军战略支援部队信息工程大学讲师，主要研究方向为云计算安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0501900)
- DOI：10.11959/j.issn.1000-436x.2019030
  中图分类号： TP309
- 网络出版日期：2019-02，
  
  纸质出版日期：2019-02-25
- 稿件说明：
移动端阅览
朱智强, 林韧昊, 胡翠云. 基于数字证书的openstack身份认证协议[J]. 通信学报, 2019,40(2):188-196.

Zhiqiang ZHU, Renhao LIN, Cuiyun HU. Openstack authentication protocol based on digital certificate[J]. Journal on communications, 2019, 40(2): 188-196.
朱智强, 林韧昊, 胡翠云. 基于数字证书的openstack身份认证协议[J]. 通信学报, 2019,40(2):188-196. DOI： 10.11959/j.issn.1000-436x.2019030.

Zhiqiang ZHU, Renhao LIN, Cuiyun HU. Openstack authentication protocol based on digital certificate[J]. Journal on communications, 2019, 40(2): 188-196. DOI： 10.11959/j.issn.1000-436x.2019030.

摘要

openstack 作为开源云平台的行业标准，其身份认证机制采用的是 keystone 组件提供的基于用户名/口令的单因素认证方式，不适用于对安全等级需求较高的应用场景。因此，设计出一种基于数字证书的身份认证协议，该协议包括云用户身份标识协议和云用户身份鉴别协议，来满足高安全性应用场景的安全需求。通过对keystone组件进行扩展实现了基于数字证书的身份认证系统，该系统综合运用了密码认证服务器、UKey、加密、完善的密钥管理等技术。经分析，该系统能够有效抵抗多种网络攻击，提高了云用户在登录云平台时的安全性。

Abstract

As the industry standard for open source cloud platforms

openstack uses the single-factor authentication method based on username and password that provides by keystone components to identity authentication mechanism

while it is not suitable for application scenarios with high security level requirements.A digital certificate-based identity authentication protocol which had cloud user identification protocol and authentication protocol was designed to meet the requirements.With expending the keystone component to achieve a digital certificate-based identity authentication system

a combination of authentication server

UKey technology

encryption technology and well-established key management and so on was used.According to the research

the system can effectively resist multiple cyber-attacks and improve the security of cloud users when they log in to the cloud platform.

关键词

Keywords

references

王斌锋 , 苏金树 , 陈琳 . 云计算数据中心网络设计综述 [J ] . 计算机研究与发展 , 2016 , 53 ( 9 ): 2085 - 2106 .

WANG B F , SU J S , CHEN L . Overview of cloud computing data center network design [J ] . Computer Research and Development , 2016 , 53 ( 9 ): 2085 - 2106 .

张玉清 , 王晓菲 , 刘雪峰 , 等 . 云计算环境安全综述 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1328 - 1348 .

ZHANG Y Q , WANG X F , LIU X F , et al . Survey on cloud computing security [J ] . Journal of Software , 2016 , 27 ( 6 ): 1328 - 1348 .

HARN L , REN J . Generalized digital certificate for user authentication and key establishment for secure communications [J ] . IEEE Transactions on Wireless Communications , 2011 , 10 ( 7 ): 2372 - 2379 .

WEN X , GU G , LI Q , et al . Comparison of open-source cloud manegement platforms:openstack and OpenNebula [C ] // IEEE Fuzzy Systems and Knowledge Discovery . 2012 : 2457 - 2461 .

SEFRAOUI O , AISSAOUI M , ELEULDJ M . openstack:toward an open-source solution for cloud computing [J ] . International Journal of Computer Applications , 2012 , 55 ( 3 ): 38 - 42 .

KHAN R H , YLITALO J , AHMED A S . Openid authentication as a service in openstack [C ] // The 7th International Conference on Information Assurance and Security . 2011 : 372 - 377 .

MARTINELLI S , NASH H , TOPOL B . Identity,authentication,and access management in openstack:implementing and deploying keystone [M ] . O’Reilly Media , 2015 .

ABDULLA N , ERÇELEBI E , . Identify cloud security weakness related to authentication and identity management (IAM) using openstack keystone model [C ] // International Conference on Engineering and Technology,Computer,Basics and Applied Sciences . 2017 : 1 - 5 .

COOPER J D . Analysis of security in cloud platforms using openstack as case study [D ] . AGDER:The University of AGDER Faculty of Engineering and Science , 2013 .

TORKURA K A , CHENG F , MEINEL C . Application of quantitative security metrics in cloud computing [J ] . Internet Technology ＆ Secured Transactions , 2015 : 256 - 262 .

WOO S W , JOH H C , ALHAZMI O H , et al . Modeling vulnerability discovery process in apache and iis http servers [J ] . Computers ＆ Security , 2011 , 30 ( 1 ): 50 - 62 .

SITARAM D , HARWALKAR S , SIMHA U , et al . standards based integration of advanced key management capabilities with openstack [C ] // IEEE International Conference on Cloud Computing in Emerging Markets . 2016 ： 98 - 103 .

王帅 , 常朝稳 , 魏彦芬 . 基于云计算的 USB Key 身份认证方案 [J ] . 计算机应用研究 , 2014 , 31 ( 7 ): 2130 - 2134 .

WANG S , CHANG C W , WEI Y F . USB key authentication scheme based on cloud computing [J ] . Computer Application Research , 2014 , 31 ( 7 ): 2130 - 2134 .

李鹏坤 , 王小峰 , 苏金树 , 等 . 基于标识密码的数据报传输层安全协议 [J ] . 软件学报 , 2017 , 28 ( 2 ): 90 - 97 .

LI P K , WANG X F , SU J S , et al . Datagram transport layer security protocol based on identity cipher [J ] . Journal of Software , 2017 , 28 ( 2 ): 90 - 97 .

周长春 , 田晓丽 , 张宁 , 等 . 云计算中身份认证技术研究 [J ] . 计算机科学 , 2016 , 43 ( 6A ): 339 - 341 .

ZHOU C C , TIAN X L , ZHANG N , et al . Research on identity authentication technology in cloud computing [J ] . Computer Science , 2016 , 43 ( 6A ): 339 - 341 .

CUI B , XI T . Security analysis of openstack keystone [C ] // International Conference on Innovative Mobile ＆ Internet Services in Ubiquitous Computing . 2015 : 283 - 288 .

浏览量

1319

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

基于强化学习的在线离线混部云环境下的调度框架

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

公有云中身份基多源IoT终端数据PDP方案