UCAP:云计算中一种PCL安全的用户认证协议  被引量：1

作　　者：李学峰[1,2] 张俊伟 马建峰[2] LI Xuefeng;ZHANG Junwei;MA Jianfeng(Education Information Technology and Resource Construction Center,Qinghai Radio&Television University,Xining 810008,China;School of Computer Science&Technology,Xidian University,Xi’an 710071,China)

机构地区：[1]青海广播电视大学教育信息技术与资源建设中心,青海西宁810008 [2]西安电子科技大学计算机学院,陕西西安710071

出　　处：《通信学报》2018年第8期94-105,共12页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61472310;No.61372075);国家高技术研究发展计划("863计划")基金资助项目(No.2015AA016007);青海社会科学规划课题基金资助项目(No.16034)~~

摘　　要：云计算利用网络使IT服务变得弹性可变,如果用户需要登录到云端来使用服务与应用,系统需要确保使用者的身份合法,才能为其服务。为此,提出一种面向云计算协议组合逻辑(PCL,protocol composition logic)安全的用户认证协议(UCAP)。UCAP引入了可信第三方,使用基于对称加密密钥的认证方法,确保参与认证双方的相互认证,实现协议会话的认证性和密钥机密性。协议主要分成2个阶段:初始认证阶段,由可信第三方生成根会话密钥后,认证双方相互认证;重认证阶段,不需要可信第三方的参与,认证双方快速生成子会话密钥并实现相互认证。在协议组合逻辑模型下给出所提协议的形式化描述并利用顺序组合证明方法分析了所提协议的安全属性。同其他相关协议比较及实验分析表明,UCAP在不影响安全性的前提下,提高了用户认证的通信与计算效率,不但在重认证阶段不依赖可信第三方,而且整个过程不依赖可信第三方同步时钟。As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic(PCL)secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.

关 键 词：云计算 用户认证 协议组合逻辑 机密性 相互认证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]