云环境下基于签密的异构跨域身份认证方案

doi:10.11772/j.issn.1001-9081.2019071185

计算机应用 ›› 2020, Vol. 40 ›› Issue (3): 740-746.DOI: 10.11772/j.issn.1001-9081.2019071185

云环境下基于签密的异构跨域身份认证方案

江泽涛, 徐娟娟

桂林电子科技大学广西图像图形处理与智能处理重点实验室, 广西桂林 541004

收稿日期:2019-07-08 修回日期:2019-09-23 出版日期:2020-03-10 发布日期:2019-10-25
通讯作者: 徐娟娟
作者简介:江泽涛(1961-),男,江西九江人,教授,博士,主要研究方向:图像处理、计算机视觉、网络信息安全;徐娟娟(1994-),女,广西钦州人,硕士研究生,主要研究方向:网络信息安全。
基金资助:
国家自然科学基金资助项目（61876049， 61762066， 61572147）；广西科技计划项目（C16380108）；广西图像图形智能处理重点实验项目（GIIP201701， GIIP201801， GIIP201802， GIIP201803）；广西研究生教育创新计划资助项目（2019YCXS043）。

Heterogenous cross-domain identity authentication scheme based on signcryption in cloud environment

JIANG Zetao, XU Juanjuan

Guangxi Key Laboratory of Image and Graphic Intelligent Processing in Guangxi, Guilin University of Electronic Technology, Guilin Guangxi 541004, China

Received:2019-07-08 Revised:2019-09-23 Online:2020-03-10 Published:2019-10-25
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61876049, 61762066, 61572147), the Guangxi Science and Technology Plan (C16380108), the Key Experimental Project of Guangxi Image and Graphics Intelligent Processing (GIIP201701, GIIP201801, GIIP201802, GIIP201803), the Guangxi Graduate Education Innovation Program (2019YCXS043).

摘要/Abstract

摘要： 针对现有交互频繁的密码体制之间不能实现不同密码体制安全高效的跨域认证（公共密钥基础设施（PKI）↔无证书公钥密码体制（CLC））的问题，提出了一种云环境下基于签密的异构跨域身份认证的方法。该方法重新构建了异构系统跨域身份认证模型，设计了用户（U）与云服务提供商（CSP）两个不同的密码体制PKI↔CLC，去除所属域管理中心的跨域认证计算，引入了第三方云间认证中心（CA）来完成U和CSP的交互信息认证，采用签密算法对不同安全域内的U签密，完成了异构系统的双向实体跨域身份认证并降低了U的计算开销。实验结果表明，与匿名认证、代理重签名方法相比，所提跨域认证的效率分别提高了53.5%和23.2%。该方法实现了不同密码体制U身份的合法性、真实性、安全性，具有抵抗重放攻击、替换攻击和中间人攻击的功能。

关键词: 云环境, 签密, 异构系统, 跨域身份认证, 双向实体认证

Abstract: For the problem that secure and efficient cross-domain authentication (between Public Key Infrastructure (PKI) and Certificateless Public Key Cryptography (CLC)) in different cryptosystems cannot be achieved in cryptosystems that already existed and frequently interacted, a signcryption based heterogeneous cross-domain identity authentication method was proposed in cloud environment. The cross-domain identity authentication was re-established for heterogeneous systems, two different cryptosystems (PKI↔CLC) between Users (U) and Cloud Service Provider (CSP) was designed, the calculation of cross-domain authentication of domain management center was removed, and the third party inter-cloud authentication center (CA) was introduced to complete mutual information authentication between U and CSP, the signcryption algorithm was adopted to complete the signcryption for the U in different security domains, as a result, the bidirectional entity cross-domain identity authentication of heterogeneous system was realized and the computing overhead of U was reduced. Compared with anonymous authentication and proxy re-signature, the efficiency of the proposed cross-domain authentication is improved by 53.5% and 23.2% respectively. In addition, the method realizes legality, authenticity and security of U identities in different cryptosystems and has the ability to resist replay attack, replacement attack and man-in-the-middle attack.

Key words: cloud environment, signcryption, heterogeneous system, cross-domain identity authentication, bidirectional entity authentication

中图分类号:

TP309

江泽涛, 徐娟娟. 云环境下基于签密的异构跨域身份认证方案[J]. 计算机应用, 2020, 40(3): 740-746.

JIANG Zetao, XU Juanjuan. Heterogenous cross-domain identity authentication scheme based on signcryption in cloud environment[J]. Journal of Computer Applications, 2020, 40(3): 740-746.

参考文献

[1] 周彦伟, 杨波, 吴振强, 等. 基于身份的跨域直接匿名认证机制[J]. 中国科学:信息科学,2014,44(9):1102-1120. (ZHOU Y W,YANG B,WU Z Q, et al. Direct anonymous authentication scheme in cross-domain based on identity[J]. SCIENTIA SINICA Informationis,2014,44(9):1102-1120.)
[2] 张玉清, 王晓菲, 刘雪峰, 等. 云计算环境安全综述[J]. 软件学报, 2016,27(6):1328-1348.(ZHANG Y Q,WANG X F,LIU X F,et al. Survey on cloud computing security[J]. Journal of Software,2016,27(6):1328-1348.)
[3] 张文芳, 王小敏, 郭伟, 等. 基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J]. 电子学报,2014,42(6):1095-1102. (ZHANG W F,WANG X M,GUO W,et al. An efficient inter-enterprise authentication scheme for VE based on the elliptic curve cryptosystem[J]. Acta Electronica Sinica,2014,42(6):1095-1102.)
[4] ZHENG Z. Status quo and development on cross-domain authentication based on public key cryptosystems[C]//Proceedings of the 2012 International Symposium on Information Technologies in Medicine and Education. Piscataway:IEEE,2012:1106-1109.
[5] MILL N G L,PREZ M G,PREZ G M,et al. PKI-based trust management in inter-domain scenarios[J]. Computers and Security, 2010,29(2):278-290.
[6] HE D,ZEADALL Y S,KUMAR N,et al. Anonymous authentication for wireless body area networks with provable security[J]. IEEE Systems Journal,2016,11(4):2590-2601.
[7] NI L,CHEN G,LI J,et al. Strongly secure identity-based authenticated key agreement protocols without bilinear pairings[J]. Information Sciences,2016,367/368:176-193.
[8] 王中华, 韩臻, 刘吉强, 等. 云环境下基于PTPM和无证书公钥的身份认证方案[J]. 软件学报,2016,27(6):1523-1537. (WANG Z H,HAN Z,LIU J Q,et al. ID authentication scheme based on PTPM and certificateless public key cryptography in cloud environment[J]. Journal of Software,2016,27(6):1523-1537.)
[9] 杨小东, 安发英, 杨平, 等. 云环境下基于代理重签名的跨域身份认证方案[J]. 计算机学报,2019,42(4):756-771.(YANG X D,AN F Y,YANG P,et al. Cross-domain authentication scheme based on proxy re-signature in cloud environment[J]. Chinese Journal of Computers,2019,42(4):756-771.)
[10] 杨小东, 安发英, 杨平, 等. 基于无证书签名的云端跨域身份认证方案[J]. 计算机工程,2017,43(11):128-133,145. (YANG X D,AN F Y,YANG P,et al. Cross-domain identity authentication scheme in cloud based on certificateless signature[J]. Computer Engineering,2017,43(11):128-133,145.)
[11] 高阳, 马文平, 刘小雪. 基于信任的服务实体跨域认证方案[J]. 系统工程与电子技术,2019,41(2):438-443. (GAO Y,MA W P,LIU X X. Cross-domain authentication scheme based on trust for service entity[J]. Systems Engineering and Electronics, 2019,41(2):438-443.)
[12] 马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报,2018,46(11):2571-2579. (MA X T,MA W P, LIU X X. A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica,2018,46(11):2571-2579.)
[13] 周致成, 李立新, 郭松, 等. 基于区块链技术的生物特征和口令双因子跨域认证方案[J]. 计算机应用,2018,38(6):1620-1627.(ZHOU Z C,LI L X,GUO S,et al. Biometric and password two-factor cross domain authentication scheme based on blockchain technology[J]. Journal of Computer Applications, 2018,38(6):1620-1627.)
[14] 周致成, 李立新, 李作辉. 基于区块链技术的高效跨域认证方案[J]. 计算机应用,2018,38(2):316-320. (ZHOU Z C,LI L X,LI Z H. Efficient cross-domain authentication scheme based on blockchain technology[J]. Journal of Computer Applications, 2018,38(2):316-320.)
[15] 谢艳容, 马文平, 罗维. 一种新的信息服务实体跨域认证模型[J]. 计算机科学,2018,45(9):177-182. (XIE Y R,MA W P, LUO W. New cross-domain authentication model for information services Entity[J]. Computer Science,2018,45(9):177-182.)
[16] WANG W,HU N,LIU X. BlockCAM:a blockchain-based crossdomain authentication model[C]//Proceedings of the 2018 IEEE International Conference on Data Science and Cyberspace. Piscataway:IEEE,2018:896-901.
[17] YUAN C,ZHANG W,WANG X. Heterogeneous cross-domain authenticated key agreement protocols in the EIM system[J]. Arabian Journal for Science and Engineering,2017,42(8):3275-3287.
[18] ZHENG Y. Digital signcryption or how to achieve cost(signature & encryption)? cost (signature)+ cost (encryption)[C]//Proceedings of the 1997 Annual International Cryptology Conference, LNCS 1294. Berlin:Springer,1997:165-179.
[19] 张玉磊, 王欢, 刘文静, 等. 异构双向签密方案的安全性分析和改进[J]. 电子与信息学报,2017,39(12):3045-3050. (ZHANG Y L,WANG H,LIU W J,et al. Security analysis and improvement of mutual signcryption schemes under heterogeneous systems[J]. Journal of Electronics and Information Technology, 2017,39(12):3045-3050.)

云环境下基于签密的异构跨域身份认证方案

Heterogenous cross-domain identity authentication scheme based on signcryption in cloud environment

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	孙敏, 叶侨楠, 陈中雄. 云环境下方差定向变异遗传算法的任务调度[J]. 计算机应用, 2019, 39(11): 3328-3332.
[2]	苏靖枫, 柳菊霞. 不含双线性对的高效无证书聚合签密方案[J]. 计算机应用, 2018, 38(2): 374-378.
[3]	马生俊, 陈旺虎, 俞茂义, 李金溶, 郏文博. 云环境下影响数据分布并行应用执行效率的因素分析[J]. 计算机应用, 2017, 37(7): 1883-1887.
[4]	薛弘晔, 朱天磊, 罗香玉, 冯健. 基于资源需求分布特征的异构云环境虚拟机放置算法[J]. 计算机应用, 2017, 37(12): 3386-3390.
[5]	刘明烨, 韩益亮, 杨晓元. 基于低密度生成矩阵码的签密方案[J]. 计算机应用, 2016, 36(9): 2459-2464.
[6]	许川佩, 王光. 基于OpenCL的尺度不变特征变换算法的并行设计与实现[J]. 计算机应用, 2016, 36(7): 1801-1806.
[7]	刘建华, 毛可飞, 胡俊伟. 基于双线性对的无证书聚合签密方案[J]. 计算机应用, 2016, 36(6): 1558-1562.
[8]	左黎明, 陈仁群, 郭红丽. 可证安全的基于身份的签密方案[J]. 计算机应用, 2015, 35(3): 712-716.
[9]	蓝锦佳, 韩益亮, 杨晓元. 基于多变量密码体制的签密方案[J]. 计算机应用, 2015, 35(2): 401-406.
[10]	王大星, 滕济凯. 可证明安全的基于身份的聚合签密方案[J]. 计算机应用, 2015, 35(2): 412-415.
[11]	明洋张琳韩娟周俊. 标准模型下广义指定验证者签密[J]. 计算机应用, 2014, 34(2): 464-468.
[12]	何龙彭新光. 基于双线性对签密的安全高效远程证明协议[J]. 计算机应用, 2013, 33(10): 2854-2857.
[13]	孙华孟坤. 标准模型下可证安全的有效无证书签密方案[J]. 计算机应用, 2013, 33(07): 1846-1850.
[14]	张雪枫魏立线王绪安. 无证书的可公开验证聚合签密方案[J]. 计算机应用, 2013, 33(07): 1858-1860.
[15]	仝瑞阳孟庆见陈明. 高效安全的身份混合签密方案[J]. 计算机应用, 2013, 33(05): 1382-1393.