计算机应用 ›› 2020, Vol. 40 ›› Issue (3): 740-746.DOI: 10.11772/j.issn.1001-9081.2019071185

• 网络空间安全 • 上一篇    下一篇

云环境下基于签密的异构跨域身份认证方案

江泽涛, 徐娟娟   

  1. 桂林电子科技大学 广西图像图形处理与智能处理重点实验室, 广西 桂林 541004
  • 收稿日期:2019-07-08 修回日期:2019-09-23 出版日期:2020-03-10 发布日期:2019-10-25
  • 通讯作者: 徐娟娟
  • 作者简介:江泽涛(1961-),男,江西九江人,教授,博士,主要研究方向:图像处理、计算机视觉、网络信息安全;徐娟娟(1994-),女,广西钦州人,硕士研究生,主要研究方向:网络信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61876049, 61762066, 61572147);广西科技计划项目(C16380108);广西图像图形智能处理重点实验项目(GIIP201701, GIIP201801, GIIP201802, GIIP201803);广西研究生教育创新计划资助项目(2019YCXS043)。

Heterogenous cross-domain identity authentication scheme based on signcryption in cloud environment

JIANG Zetao, XU Juanjuan   

  1. Guangxi Key Laboratory of Image and Graphic Intelligent Processing in Guangxi, Guilin University of Electronic Technology, Guilin Guangxi 541004, China
  • Received:2019-07-08 Revised:2019-09-23 Online:2020-03-10 Published:2019-10-25
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61876049, 61762066, 61572147), the Guangxi Science and Technology Plan (C16380108), the Key Experimental Project of Guangxi Image and Graphics Intelligent Processing (GIIP201701, GIIP201801, GIIP201802, GIIP201803), the Guangxi Graduate Education Innovation Program (2019YCXS043).

摘要: 针对现有交互频繁的密码体制之间不能实现不同密码体制安全高效的跨域认证(公共密钥基础设施(PKI)↔无证书公钥密码体制(CLC))的问题,提出了一种云环境下基于签密的异构跨域身份认证的方法。该方法重新构建了异构系统跨域身份认证模型,设计了用户(U)与云服务提供商(CSP)两个不同的密码体制PKI↔CLC,去除所属域管理中心的跨域认证计算,引入了第三方云间认证中心(CA)来完成U和CSP的交互信息认证,采用签密算法对不同安全域内的U签密,完成了异构系统的双向实体跨域身份认证并降低了U的计算开销。实验结果表明,与匿名认证、代理重签名方法相比,所提跨域认证的效率分别提高了53.5%和23.2%。该方法实现了不同密码体制U身份的合法性、真实性、安全性,具有抵抗重放攻击、替换攻击和中间人攻击的功能。

关键词: 云环境, 签密, 异构系统, 跨域身份认证, 双向实体认证

Abstract: For the problem that secure and efficient cross-domain authentication (between Public Key Infrastructure (PKI) and Certificateless Public Key Cryptography (CLC)) in different cryptosystems cannot be achieved in cryptosystems that already existed and frequently interacted, a signcryption based heterogeneous cross-domain identity authentication method was proposed in cloud environment. The cross-domain identity authentication was re-established for heterogeneous systems, two different cryptosystems (PKI↔CLC) between Users (U) and Cloud Service Provider (CSP) was designed, the calculation of cross-domain authentication of domain management center was removed, and the third party inter-cloud authentication center (CA) was introduced to complete mutual information authentication between U and CSP, the signcryption algorithm was adopted to complete the signcryption for the U in different security domains, as a result, the bidirectional entity cross-domain identity authentication of heterogeneous system was realized and the computing overhead of U was reduced. Compared with anonymous authentication and proxy re-signature, the efficiency of the proposed cross-domain authentication is improved by 53.5% and 23.2% respectively. In addition, the method realizes legality, authenticity and security of U identities in different cryptosystems and has the ability to resist replay attack, replacement attack and man-in-the-middle attack.

Key words: cloud environment, signcryption, heterogeneous system, cross-domain identity authentication, bidirectional entity authentication

中图分类号: