摘要
openstack作为开源云平台的行业标准,其身份认证机制采用的是keystone组件提供的基于用户名/口令的单因素认证方式,不适用于对安全等级需求较高的应用场景。因此,设计出一种基于数字证书的身份认证协议,该协议包括云用户身份标识协议和云用户身份鉴别协议,来满足高安全性应用场景的安全需求。通过对keystone组件进行扩展实现了基于数字证书的身份认证系统,该系统综合运用了密码认证服务器、UKey、加密、完善的密钥管理等技术。经分析,该系统能够有效抵抗多种网络攻击,提高了云用户在登录云平台时的安全性。
As the industry standard for open source cloud platforms,openstack uses the single-factor authentication method based on username and password that provides by keystone components to identity authentication mechanism,while it is not suitable for application scenarios with high security level requirements.A digital certificate-based identity authentication protocol which had cloud user identification protocol and authentication protocol was designed to meet the requirements.With expending the keystone component to achieve a digital certificate-based identity authentication system,a combination of authentication server,UKey technology,encryption technology and well-established key management and so on was used.According to the research,the system can effectively resist multiple cyber-attacks and improve the security of cloud users when they log in to the cloud platform.
作者
朱智强
林韧昊
胡翠云
ZHU Zhiqiang;LIN Renhao;HU Cuiyun(Institute of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China;Zhengzhou Xinda Institute of Advanced Technology,Zhengzhou 450001,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第2期188-196,共9页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2016YFB0501900)~~
关键词
云计算
数字证书
身份认证系统
身份认证协议
cloud computing
digital certificate
authentication system
authentication protocol
