摘要
提出了一个对等云存储系统中基于身份密码的准入控制机制,包括4个协议,分别为不同实际场景中的用户安全高效地分配身份标识,并有效地抵抗Sybil攻击。在基本协议中,云服务器使用回叫的方式认证用户,再为合法用户基于其IP地址分配随机的身份标识并产生对应的公私钥对。扩展协议1使云服务器能够将工作代理给多个可信节点。另外两个协议针对使用网络地址转换的用户,对上述协议进行扩充,基于用户的IP地址和端口号来为其分配身份,并在分发私钥时加入密码难题,无需进行复杂的身份证书管理,具有高安全性;协议维持合理的计算时间,可限制恶意用户获取身份的速率,具备良好的可扩展性。
Based on Identity-Based Cryptography,an admission control mechanism for P2 Pcloud storage system,namely IAPC,is proposed.IAPC contains four protocols which are used to securely and efficiently assign identities to users and resist Sybil attack in different practical scenarios.In the basic protocol,cloud servers authenticate users using callback method,and then assign random identities to legitimate users based on their IP addresses and generate corresponding key pairs for them.Extended protocol 1enables cloud servers to delegate work to multiple reputable peers.The other two protocols are extended versions of the above protocols for Network Address Translation users.The identities are assigned to users based on their IP addresses and port numbers.The cryptographic puzzles are added into the process of private key distribution.IAPC does not need complex identity certificate management and has high security.It maintains reasonable computation time,limits the rate at which malicious users can gain identities and has good scalability.
出处
《中国科技论文》
CAS
北大核心
2015年第2期150-158,共9页
China Sciencepaper
基金
国家自然科学基金资助项目(61303117
61440016)
武汉科技大学青年科技骨干培育计划项目(2013xz012
2014xz019)
湖北省自然科学基金资助项目(2014CFB247)
关键词
对等云存储系统
准入控制
SYBIL攻击
身份密码
密码难题
peer-to-peer cloud storage system
admission control
Sybil attack
identity-based cryptography
cryptographic puzzle
