• No results found

Design of Security Policy Based on User Identity Authentication Technology in Cloud Environment

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Design of Security Policy Based on User Identity Authentication Technology in Cloud Environment"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

2017 2nd International Conference on Information Technology and Industrial Automation (ICITIA 2017) ISBN: 978-1-60595-469-1

Design of Security Policy Based on User

Identity Authentication Technology

in Cloud Environment

Hongxiu Duan, Jun Qin and Yuan Dai

ABSTRACT

Cloud computing application fields are growing, Apply Identity authentication to the cloud environment has certain limitation and particularity. How to ensure the safety of the cloud computing by the identity authentication technology is a problem that the service providers should concern and it is also difficult. CPK technology is a technology with independent intellectual property rights in China. The biggest advantage of CPK is to create a large scale key by a few resources. Identity authentication and access control is an indispensable part in cloud computing security. This thesis proposes a new access control scheme which combine the role-based access control scheme and the public key authentication scheme. It can enhance the security of the access control model so as to improve the security of cloud computing. It may occur forgery attacks due to the large number of users in the cloud computing environment. To solve this problem, this thesis proposes a two-way authentication schemes to resist different kinds of forgery attacks. This thesis designs an experiment for the CPK authentication system on the Cloud Sim platform. The results of the simulation show that the user authentication can be effective in cloud computing environment.

INTRODUCTION

Cloud computing has become one of the hottest research trends in recent years, but its security is a concern for users. The cloud service provider needs to ensure that ________________________

Hongxiu Duan, Yuan Dai, Communication University of China in Nanjing, Nanjing, China, 211172

(2)

every user has access to the data that the user has access to, cloud service providers must have a complete authentication mechanism if it wants to provide a secure service.

In the field of information security, the Combined Public Key (CPK) is an encryption algorithm. CPK uses the scale of the key production approach, which corresponds to the large number of users in the cloud computing environment, which can be distributed without a third party involvement. CPK sometimes-freewheeling, key generation process is simple, generated key high safety, and CPK adopts the model of centralized key management, even in a distributed environment, also has the security; CPK does not require the support of an online database, which can greatly reduce bandwidth costs in the cloud[1]. The CPK scale production private key consumes fewer resources and avoids the waste of resources in the cloud. In theory, CPK systems can be used in all areas requiring authenticity and security.

This paper mainly studies the CPK technology migrated to cloud computing environment, and the identity authentication and the combination of multilevel access control method based on role, for the cloud environment based on the security of identity authentication technology research train of thought.

ACCESS CONTROL DESIGN BASED ON ROLES IN THE CLOUD ENVIRONMENT

Cloud computing uses the Internet to allocate very centralized computing tasks to a large number of computer terminals[2]. In the information system, access control is closely related to identity management, and it is important to protect the confidentiality, integrity, and availability of data in cloud computing[3]. Role-Based Access Control (RBAC) the appropriate users and permissions "separation", first assigned a Role for the user, and then according to the user's Role information to obtain Access belongs to the Role.

Role-based Cloud Platform Access Control Model

The role-based cloud platform access control model is shown in Figure 1. The model consists of five functional modules, respectively is a cloud platform and directory service, audit system, unified authorized platform, role-based access control modules and interactive platform.

(1) Interactive platform: direct interaction with the user, the user can log in the platform, and customize the required permissions; the role of the platform is a bond connecting cloud computing platform and users.

(3)
[image:3.612.136.451.119.232.2]

relationship between roles and permissions also authorized by the unified platform is responsible for the management.

Figure 1. Role-based cloud platform access control model.

(3) Role-based access control modules: the module is responsible for detecting and judging the validity of the user's access to the resource. Cloud computing users only through role-based access control module testing before can be grouped according to their role has permissions on access to appropriate resources, otherwise refused access to the resource.

(4) Directory service: service directory lists the cloud computing users after assigned roles and permissions, within the scope of their authority as access to various resources, the size of the cloud computing users can only access the service directory allows it to access resources.

(5) Cloud platform: cloud computing platform for cloud computing users. The services customized on the interaction platform in (1) are implemented through the cloud platform.

The CPK Authentication and Access Control Model Merged Under the Cloud Environment

(4)
[image:4.612.100.493.89.244.2]

Figure 2. The CPK certification is combined with the RBAC2 model.

In Figure 2, the user set is represented by U, the character set is represented by R, the privilege set is represented by P, the session set is represented by S, described each symbol is as follows:

R P

PA  , Represents a multi-level authority to the role distribution, R

U

UA  , Represents a multi-level user to role distribution,

U S

US  , Mapping the user and the session to a mapping relationship, where the user corresponds to the session;

R 2 S

SR  , The role and the session are mapped into a mapping relationship, with roles and sessions corresponding to each other;

R R

RH  , The inheritance hierarchy in the role set R.

In Figure 2, CPK KMC stands for CPK key management center, and CPK ID represents the ID certificate for CPK. User request to cloud computing, the first issue key to KMC key management center application, KMC key management center distribution for the user ID certificate, in combination of CPK and RBAC model, the user ID is always as the important basis to judge the user role. In the RBAC2 model, based on the instructions of the user id user roles assigned key level for the user, so that users can access the corresponding permissions under cloud computing resources.

CPK CERTIFICATION DESIGN BASED ON CLOUD ENVIRONMENT

(5)

of users in the cloud computing environment, at the same time, relative to other authentication, CCPK systems use less resources.

Cloud Computing Security Framework

In the context of cloud computing, it is widely acknowledged that the SPI (software-platform-infrastructure) model, it provides services for SaaS, PaaS and IaaS. The common cloud platform architecture is shown in Figure 3.

Figure 3. Cloud platform infrastructure.

On this basis, the CPK combination public key system is introduced to enhance the security performance of the framework. As shown in Figure 4.

[image:5.612.200.411.222.352.2]

In Figure 4, a security link is added above the IaaS layer to ensure that the data transmission in the cloud is transmitted in a secure link; Second, add security apis on the PaaS layer and secure encapsulation for the development environment to prevent illicit development in the development process; Finally, there is a need for authentication and authorization to increase security controls for user applications on the SaaS layer.

(6)

Model Design for CPK Applications Based on Cloud Environment

Through analysis, it is feasible to apply CPK authentication system to the cloud computing environment, and this section mainly designs a general structural model of CCPK and analyzes the model. The CCPK application architecture diagram is shown in Figure 5.

In the Figure 5 system structure, the user has a connection to the cloud service provider and the CPK system. The CPK authentication system can be understood as a middle module responsible for user registration, certificate issuance, and user key management. At the same time, the popularity of cloud computing also makes it possible for users to join "cloud" after consulting with cloud providers.

A CPK Authentication Scheme Based on the Cloud Environment

[image:6.612.161.452.355.570.2]

In the case of a large number of users in the cloud computing environment, it is possible to produce various forms of faked attacks, and this section proposes a two-way user CCPK authentication scheme. The authentication process is shown in Figure 6.

Figure 5. CCPK application architecture.

(7)
[image:7.612.118.478.87.310.2]

Figure 6. CCPK bi-directional authentication scheme.

CPK's centralized authentication should have features that are not faked, trusted, unduplicated, non-repudiated, and immutable, etc[4]. In this authentication scheme, only the authentication parties can receive each other's random public key, and the keys are kept separately. The authentication information in the certification process to send the CPK composite keys, the user can hold the update key at any time to their own public key private key to update operations, further improve the flexibility and security of the authentication system.

SIMULATION EXPERIMENT ANALYSIS

In the experiment, the authentication scheme of CCPK was simulated, and the authentication process of the cloud was completed, and the authentication method was simulated using the socket in Java.

(8)

CONCLUSIONS

This thesis puts forward the improvement under the cloud computing environment of CPK authentication scheme with the method of authentication protocol for two-way authentication, its security has improved obviously. Further research is needed to further study the certification agreements that both guarantee safety and improve certification efficiency.

The core algorithm of the CPK authentication system—the CPK identity authentication algorithm—has certain weaknesses. With a large number of users in the cloud computing environment, there needs to be further research and deployment on the possibility of the CPK algorithm to collude attacks.

ACKNOWLEDGEMENTS

Project supported by the Natural Science Foundation of the Jiangsu Higher Education Institutions of China (Grant No. 14KJD520011).

REFERENCES

1. Nan Xianghao, Huaping Chen, Zhong Chen,Yifa Li. Combination public key (CPK) system

standard In Chinese (V3.0) [J]. Computer security, 2000, 11:1-2.

2. Nan Xianghao. CPK combinatorial public key system. In Chinese (v8.0) [J]. Information

security and communication confidentiality. 2013 34 (3) : 39-44-.

3. Jun Guo. Based on role based access control classification authorization management. In Chinese

[D]. Xi 'an university of electronic science and technology, 2012.

4. Xianbo Wang. The research and design of the system of public key certification based on

identities In Chinese [D]. University of Shandong, 2008.

5. Wei Li. The key problem of digital signature and network certification application In Chinese

Figure

Figure 1. Role-based cloud platform access control model.
Figure 2. The CPK certification is combined with the RBAC2 model.
Figure 4. Enhanced cloud computing framework.
Figure 6.
+2

References

Download now ( PDF - 8 Page - 726.30 KB )

Related documents

Lean manufacturing: Trends and implementation issues

The reason of why enterprises cannot adopt lean manufacturing techniques is that ineffective inventory management, lack of supplier participation, lack of quality

Application Note AN_255. USB to I2C Example using the FT232H and FT201X devices

There are several specific sequences in chapter 9 which use the General Call Address (0x00) to send commands instead of data to the FT201X. These are demonstrated in the example

Rotary Drum Vacuum Filters for Production of Wallboard-Grade Gypsum

The operating performance results of the rotary drum vacuum filters at Coleson Cove are presented, proving the capability to produce wallboard quality gypsum filter cake with

Prompt fission neutron emission in the reaction 235U(n,f)

(B) The average neutron multiplicity per fission as a function of the heavy fragment mass from this study compared to data from Refs.. The dashed red line indicates the

Integrating evidence into practice: use of McKenzie-based treatment for mechanical low back pain

Firstly, we summarized the current research evidence for DP exercises, as applied under the McKenzie method, in the treatment of mechanical LBP using a systematic

Future broadband access network challenges

Therefore, seamless integration of wired and wireless services for future-proof access networks will lead to the convergence of ultimate high bandwidth for both fixed and

Hydrolysis of Lignocellulosic Waste for Valuable Chemicals

The order of ethanol yield from rice husk on the basis of different catalysts, used during pretreatment is sodium sulfide > sodium sulfite > maleic acid

Analysis Of Aggravating Factors Of Heavy Metal Contents And Genotoxicity Of Soil Samples In Relation To Vehicular Emissions

In order to evaluate the effects of vehicular emis- sions on pollen viability, different plant species viz ., Cannabis sativa , Hamelia patens , Jatropha panduraefo- lia