通信学报 ›› 2018, Vol. 39 ›› Issue (8): 94-105.doi: 10.11959/j.issn.1000-436x.2018147
• 论文Ⅱ:学术论文 • 上一篇 下一篇
李学峰1,2,张俊伟2,马建峰2
修回日期:
出版日期:
发布日期:
作者简介:
基金资助:
Xuefeng LI1,2,Junwei ZHANG2,Jianfeng MA2
Revised:
Online:
Published:
Supported by:
摘要:
云计算利用网络使 IT 服务变得弹性可变,如果用户需要登录到云端来使用服务与应用,系统需要确保使用者的身份合法,才能为其服务。为此,提出一种面向云计算协议组合逻辑(PCL,protocol composition logic)安全的用户认证协议(UCAP)。UCAP引入了可信第三方,使用基于对称加密密钥的认证方法,确保参与认证双方的相互认证,实现协议会话的认证性和密钥机密性。协议主要分成2个阶段:初始认证阶段,由可信第三方生成根会话密钥后,认证双方相互认证;重认证阶段,不需要可信第三方的参与,认证双方快速生成子会话密钥并实现相互认证。在协议组合逻辑模型下给出所提协议的形式化描述并利用顺序组合证明方法分析了所提协议的安全属性。同其他相关协议比较及实验分析表明,UCAP在不影响安全性的前提下,提高了用户认证的通信与计算效率,不但在重认证阶段不依赖可信第三方,而且整个过程不依赖可信第三方同步时钟。
关键词: 云计算, 用户认证, 协议组合逻辑, 机密性, 相互认证
Abstract:
As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.
Key words: cloud computing, user authentication, protocol composition logic, confidentiality, mutual authentication
中图分类号:
TP309
李学峰,张俊伟,马建峰. UCAP:云计算中一种PCL安全的用户认证协议[J]. 通信学报, 2018, 39(8): 94-105.
Xuefeng LI,Junwei ZHANG,Jianfeng MA. UCAP:a PCL secure user authentication protocol in cloud computing[J]. Journal on Communications, 2018, 39(8): 94-105.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.infocomm-journal.com/txxb/CN/10.11959/j.issn.1000-436x.2018147
https://www.infocomm-journal.com/txxb/CN/Y2018/V39/I8/94
图1
本文方案的协议模型"
表1
A、B、S角色执行动作Cord的描述"
表2
UCAP的前提条件"
表3
UCAP安全属性"
表4
UCAP的不变量"
表5
协议功能及安全性比较"
表6
协议性能比较"
表7
协议计算时延对比(单位为ms)"
图2
不同CPU主频下的认证时延"