Openstack authentication protocol based on digital certificate

Zhiqiang ZHU; Renhao LIN; Cuiyun HU

doi:10.11959/j.issn.1000-436x.2019030

您当前的位置：

首页 >

文章列表页 >

Openstack authentication protocol based on digital certificate

Correspondences | 更新时间：2024-06-05

- Openstack authentication protocol based on digital certificate
- Journal on Communications Vol. 40, Issue 2, Pages: 188-196(2019)
- 作者机构：
  
  1. 解放军战略支援部队信息工程大学密码工程学院，河南郑州 450001
  2. 郑州信大先进技术研究院，河南郑州 450001
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2016YFB0501900)
- DOI：10.11959/j.issn.1000-436x.2019030
  CLC： TP309
- Online First：2019-02，
  
  Published：25 February 2019
- 稿件说明：
移动端阅览
Zhiqiang ZHU, Renhao LIN, Cuiyun HU. Openstack authentication protocol based on digital certificate[J]. Journal on Communications, 2019, 40(2): 188-196.
DOI：

Zhiqiang ZHU, Renhao LIN, Cuiyun HU. Openstack authentication protocol based on digital certificate[J]. Journal on Communications, 2019, 40(2): 188-196. DOI： 10.11959/j.issn.1000-436x.2019030.

摘要

openstack 作为开源云平台的行业标准，其身份认证机制采用的是 keystone 组件提供的基于用户名/口令的单因素认证方式，不适用于对安全等级需求较高的应用场景。因此，设计出一种基于数字证书的身份认证协议，该协议包括云用户身份标识协议和云用户身份鉴别协议，来满足高安全性应用场景的安全需求。通过对keystone组件进行扩展实现了基于数字证书的身份认证系统，该系统综合运用了密码认证服务器、UKey、加密、完善的密钥管理等技术。经分析，该系统能够有效抵抗多种网络攻击，提高了云用户在登录云平台时的安全性。

Abstract

As the industry standard for open source cloud platforms

openstack uses the single-factor authentication method based on username and password that provides by keystone components to identity authentication mechanism

while it is not suitable for application scenarios with high security level requirements.A digital certificate-based identity authentication protocol which had cloud user identification protocol and authentication protocol was designed to meet the requirements.With expending the keystone component to achieve a digital certificate-based identity authentication system

a combination of authentication server

UKey technology

encryption technology and well-established key management and so on was used.According to the research

the system can effectively resist multiple cyber-attacks and improve the security of cloud users when they log in to the cloud platform.

关键词

Keywords

references

王斌锋 , 苏金树 , 陈琳 . 云计算数据中心网络设计综述 [J ] . 计算机研究与发展 , 2016 , 53 ( 9 ): 2085 - 2106 .

WANG B F , SU J S , CHEN L . Overview of cloud computing data center network design [J ] . Computer Research and Development , 2016 , 53 ( 9 ): 2085 - 2106 .

张玉清 , 王晓菲 , 刘雪峰 , 等 . 云计算环境安全综述 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1328 - 1348 .

ZHANG Y Q , WANG X F , LIU X F , et al . Survey on cloud computing security [J ] . Journal of Software , 2016 , 27 ( 6 ): 1328 - 1348 .

HARN L , REN J . Generalized digital certificate for user authentication and key establishment for secure communications [J ] . IEEE Transactions on Wireless Communications , 2011 , 10 ( 7 ): 2372 - 2379 .

WEN X , GU G , LI Q , et al . Comparison of open-source cloud manegement platforms:openstack and OpenNebula [C ] // IEEE Fuzzy Systems and Knowledge Discovery . 2012 : 2457 - 2461 .

SEFRAOUI O , AISSAOUI M , ELEULDJ M . openstack:toward an open-source solution for cloud computing [J ] . International Journal of Computer Applications , 2012 , 55 ( 3 ): 38 - 42 .

KHAN R H , YLITALO J , AHMED A S . Openid authentication as a service in openstack [C ] // The 7th International Conference on Information Assurance and Security . 2011 : 372 - 377 .

MARTINELLI S , NASH H , TOPOL B . Identity,authentication,and access management in openstack:implementing and deploying keystone [M ] . O’Reilly Media , 2015 .

ABDULLA N , ERÇELEBI E , . Identify cloud security weakness related to authentication and identity management (IAM) using openstack keystone model [C ] // International Conference on Engineering and Technology,Computer,Basics and Applied Sciences . 2017 : 1 - 5 .

COOPER J D . Analysis of security in cloud platforms using openstack as case study [D ] . AGDER:The University of AGDER Faculty of Engineering and Science , 2013 .

TORKURA K A , CHENG F , MEINEL C . Application of quantitative security metrics in cloud computing [J ] . Internet Technology ＆ Secured Transactions , 2015 : 256 - 262 .

WOO S W , JOH H C , ALHAZMI O H , et al . Modeling vulnerability discovery process in apache and iis http servers [J ] . Computers ＆ Security , 2011 , 30 ( 1 ): 50 - 62 .

SITARAM D , HARWALKAR S , SIMHA U , et al . standards based integration of advanced key management capabilities with openstack [C ] // IEEE International Conference on Cloud Computing in Emerging Markets . 2016 ： 98 - 103 .

王帅 , 常朝稳 , 魏彦芬 . 基于云计算的 USB Key 身份认证方案 [J ] . 计算机应用研究 , 2014 , 31 ( 7 ): 2130 - 2134 .

WANG S , CHANG C W , WEI Y F . USB key authentication scheme based on cloud computing [J ] . Computer Application Research , 2014 , 31 ( 7 ): 2130 - 2134 .

李鹏坤 , 王小峰 , 苏金树 , 等 . 基于标识密码的数据报传输层安全协议 [J ] . 软件学报 , 2017 , 28 ( 2 ): 90 - 97 .

LI P K , WANG X F , SU J S , et al . Datagram transport layer security protocol based on identity cipher [J ] . Journal of Software , 2017 , 28 ( 2 ): 90 - 97 .

周长春 , 田晓丽 , 张宁 , 等 . 云计算中身份认证技术研究 [J ] . 计算机科学 , 2016 , 43 ( 6A ): 339 - 341 .

ZHOU C C , TIAN X L , ZHANG N , et al . Research on identity authentication technology in cloud computing [J ] . Computer Science , 2016 , 43 ( 6A ): 339 - 341 .

CUI B , XI T . Security analysis of openstack keystone [C ] // International Conference on Innovative Mobile ＆ Internet Services in Ubiquitous Computing . 2015 : 283 - 288 .

Views

2124

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Cryptographic service optimization scheduling algorithm for collaborative jobs in cloud environment

M-RSF: a multilevel feedback queue task scheduling mechanism for Unikernel

Scheduling framework based on reinforcement learning in online-offline colocated cloud environment

Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing

Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud

Related Author

CAO Xiaogang

LI Fenghua

GENG Kui

LI Zifu

KOU Wenlong

DONG Bonan

YANG Qiusong

LI Mingshu

Related Institution

Institute of Information Engineering, Chinese Academy of Sciences

School of Cyber Security, University of Chinese Academy of Sciences

Key Laboratory of Cyberspace Security Defense

University of Chinese Academy of Sciences

National Engineering Research Center for Fundamental Software, Institute of Software Chinese Academy of Sciences

AI问答

⁰