摘要
针对云计算环境下传统单点登录模式采用SSL连接时存在的证书更新不及时、证书更新需要第三方CA参与等问题,在云身份认证服务器和云服务供应商之间引入TPM,采用DAA身份认证方式设计了一种可信DAA连接(T-D-SSL)来实现跨平台的可信身份认证、安全信道建立及证书更新操作。在此基础上,结合SAML2.0和ID-FF1.2,设计并实现了云计算环境下基于可信DAA连接的单点登录模型,在保证安全的同时减少了TPM带来的性能损耗。仿真实验结果表明,该模型能够安全高效的实现云计算环境下的跨域单点登录。
Traditional single sign-on(SSO) models adopt SSL connections in the cloud computing environments, while there exist several problems such as certificates cannot be updated in time, certificate updating needs a third party CA, etc.. To solve above problems, TPM was introduced between cloud identity providers and cloud service providers, and a trusted DAA connection(T-D-SSL) was designed by adopting the DAA authentication method to implementation cross platform trusted authentication, secure channel establishment, and certificate updating operation. Combining with T-D-SSL, SAML2.0, and ID-FF1.2, a new SSO model of the cloud computing environments was proposed, which could make sure the system security and reduce the performance lose due to the introduction of TPM. The simulation experiment results indicate T-D-SSL model can realize cross domain SSO safely and efficiently in the cloud computing environments.
出处
《系统仿真学报》
CAS
CSCD
北大核心
2016年第4期890-897,906,共9页
Journal of System Simulation
基金
国家科技支撑计划(2013BAK07B04)
国家自然科学基金(61170254)
河北省自然科学基金(F2014201152)
关键词
可信计算
单点登录
直接匿名验证
身份认证
trusted computing
single sign-on
direct anonymous attestation
authentication
