通信学报 ›› 2019, Vol. 40 ›› Issue (2): 188-196.doi: 10.11959/j.issn.1000-436x.2019030

• 学术通信 • 上一篇    下一篇

基于数字证书的openstack身份认证协议

朱智强1,2,林韧昊1,胡翠云1   

  1. 1 解放军战略支援部队信息工程大学密码工程学院,河南 郑州 450001
    2 郑州信大先进技术研究院,河南 郑州 450001
  • 修回日期:2018-06-30 出版日期:2019-02-01 发布日期:2019-03-04
  • 作者简介:朱智强(1961- ),男,河南汝南人,博士,解放军战略支援部队信息工程大学教授,主要研究方向为云计算与信息安全。|林韧昊(1993- ),男,河南郑州人,解放军战略支援部队信息工程大学硕士生,主要研究方向为云计算安全与云环境下的资源调度技术。|胡翠云(1985- ),女,河南辉县人,博士,解放军战略支援部队信息工程大学讲师,主要研究方向为云计算安全。
  • 基金资助:
    国家重点研发计划基金资助项目(2016YFB0501900)

Openstack authentication protocol based on digital certificate

Zhiqiang ZHU1,2,Renhao LIN1,Cuiyun HU1   

  1. 1 Institute of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China
    2 Zhengzhou Xinda Institute of Advanced Technology,Zhengzhou 450001,China
  • Revised:2018-06-30 Online:2019-02-01 Published:2019-03-04
  • Supported by:
    The National Key Research and Development Program of China(2016YFB0501900)

摘要:

openstack 作为开源云平台的行业标准,其身份认证机制采用的是 keystone 组件提供的基于用户名/口令的单因素认证方式,不适用于对安全等级需求较高的应用场景。因此,设计出一种基于数字证书的身份认证协议,该协议包括云用户身份标识协议和云用户身份鉴别协议,来满足高安全性应用场景的安全需求。通过对keystone组件进行扩展实现了基于数字证书的身份认证系统,该系统综合运用了密码认证服务器、UKey、加密、完善的密钥管理等技术。经分析,该系统能够有效抵抗多种网络攻击,提高了云用户在登录云平台时的安全性。

关键词: 云计算, 数字证书, 身份认证系统, 身份认证协议

Abstract:

As the industry standard for open source cloud platforms,openstack uses the single-factor authentication method based on username and password that provides by keystone components to identity authentication mechanism,while it is not suitable for application scenarios with high security level requirements.A digital certificate-based identity authentication protocol which had cloud user identification protocol and authentication protocol was designed to meet the requirements.With expending the keystone component to achieve a digital certificate-based identity authentication system,a combination of authentication server,UKey technology,encryption technology and well-established key management and so on was used.According to the research,the system can effectively resist multiple cyber-attacks and improve the security of cloud users when they log in to the cloud platform.

Key words: cloud computing, digital certificate, authentication system, authentication protocol

中图分类号: 

No Suggested Reading articles found!