聚焦2016可信云大会:运营商“云网融合”战略渐明

今年6月,可信云相关标准已被国际电信联盟ITU采纳,这标志着可信云服务标准获得更广泛的国际关注和认可. 9月1日上午,由中国信息通信研究院和中国通信标准化协会主办、数据中心联盟承办的“2016可信云大会”吸引了数以千计的参会者.工信部总工程师张峰在大会致辞时表示,目前,国内云计算的信任体系已初步建立,可信云认证体系进入3.0阶段,覆盖超过10种以上的云服务,累计通过认证的云服务数量已超过140个.可信云认证完善了评测、认证、持续监测、年检、不合格退出、云保险等全流程方案.     

云计算中动态可信平台模块的实现

针对目前在云计算环境中用户虚拟计算环境不可信的问题,利用可信平台模块虚拟化技术,在云服务器端为用户构造一个虚拟可信平台模块,然后以虚拟可信平台模块为基石,为用户在云服务器端构造了一个虚拟的可信计算环境,从而使现有的云计算用户中虚拟计算环境的可信情况获得了有效保障。通过与现有的可信平台模块虚拟化方案作对比发现,所提方案不仅周全地考虑了在云计算中虚拟机效率损耗的相关问题,而且相较显著提高了它的安全性和执行效率,更加适合被应用于用户虚拟计算环境。     

基于云计算平台的鉴权分析

国内云计算平台以系统内部认证和授权作为主要的鉴权方式。在研究国外开源的云平台项目的鉴权方式基础上,分析了云计算平台的认证管理和授权服务过程,实现了鉴权模块的集成,云计算平台在调用服务时通过鉴权模块的统一认证和授权,可以达到权限和资源的有效管理。试验结果表明,此模块的集成可以应用到云计算平台中。     

可信云服务认证体系

全球公共云服务市场增长较快,但市场规模仍较小。各国将公共云服务认证作为培育市场、规范市场的有力手段。我国根据国内云服务市场的发展情况,借鉴国外云服务评估认证的方法,提出了面向市场的可信云服务认证。本文从可信云服务认证的目的、对象、评估方法和评估机制等方面对可信云服务认证进行了介绍,并提出进一步发展认证的设想。     

云服务可信性量化模型研究

针对目前云计算平台有可能被恶意利用及云服务提供商不被信任的问题,迫切地需要建立一个客观、有效的方法来评估云服务是否可信.已有的研究缺乏完善的云计算可信性测评框架和质量模型.基于典型的云服务应用,研究云平台可信性的指标体系,通过对可信性质量属性建模,建立云服务可信性量化评估模型,从而指导云服务可信性评估方法的建立.最后,给出了模型分析和应用模式,验证了所提出的模型的有效性.     

获可信云安全认证网宿一站式云服务再添利器

在9月1日的“2016可信云大会”上,工信部公布了新一批通过可信云认证的服务名单,国内CDN龙头企业网宿科技再度上榜:其云主机获得首批可信云安全认证,视频云解决方案更是荣获2015～2016年度可信云服务大奖.作为国内最大的CDN企业,网宿科技早前已经通过了云主机、云分发及对象存储三项认证,此次可信云大会全新推出可信云安全认证,网宿的云主机又顺利拿到了认证,可以说,给网宿的云服务再添了一枚“利器”.     

云计算安全风险分析和服务

围绕云计算安全需求,分析云计算平台、数据等方面现有的安全风险,以及可信访问控制、数据安全、虚拟化安全、云资源访问控制等云计算安全关键技术,在此基础上提出云安全基础服务、云安全应用服务等云计算安全服务解决思路,为当前云计算安全发展提供参考。     

基于ECC的3PAKE跨云认证方案

云用户与公有云之间的双向认证是云计算中用户访问公有云的重要前提。Juang等人和谢琪等人分别提出的方案都存在效率或安全上的问题,而ECC有CPU利用率高,加密时间较短和密钥长度短的优点,因此本协议是在此基础上提出的运用椭圆曲线算法实现的3PAKE跨云认证,是一个更高效而且更安全的方案。     

浪潮云服务获首批可信云服务认证

7月16日,可信云服务大会在京召开。会议公布了首批通过可信云认证的云服务名单,浪潮云服务榜上有名。     

云服务认证浅析

介绍了云计算背景下云服务的应用情况以及企业对实施云服务解决方案的担忧,并由此引出了云服务认证的概念;总结了云服务认证的优势以及遵循认证标准所带来的挑战;提出了一些进行云服务认证的监测和评估方法。     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

UCAP:a PCL secure user authentication protocol in cloud computing

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.     

云计算时代的开放安全服务体系分析

针对移动互联网时代日益发展带来的安全性问题,在既要满足服务的多样性,又要满足服务安全性的双重使命下,如何构建移动互联网云计算时代开放安全的云服务,文中提出了一种开放的安全服务体系。同时,基于开发安全服务体系的各种技术特征,设计并构建了一个云服务平台架构,可以提供能力开放应用云、企业安全私有应用云和认证鉴权公共应用云。     

基于云计算的物联网安全问题研究

介绍了云计算和物联网的概念,分析二者融合的必要性以及结合的基本平台,提出了基于云计算的物联网体系结构。研究了基于云计算物联网三层体系结构所面临的安全威胁,针对安全威胁给出一种基于云计算的物联网安全体系结构,并且给出一种基于云计算的物联网应用层云用户认证的认证方案,即引用数据库技术中对于模式的划分规则和权限分配方法,可以对基于云计算的物联网用户进行严格认证,保证数据的安全。     

An efficient authentication system of smart device using multi factors in mobile cloud service architecture

Mobile cloud computing environments have overcome the performance limitation of mobile devices and provide use environments not restricted by places. However, user information protection mechanisms are required because of both the security vulnerability of mobile devices and the security vulnerability of cloud computing. In this paper, a multifactor mobile device authentication system is proposed to provide safety, efficiency, and user convenience for mobile device use in cloud service architectures. This system improves security by reinforcing the user authentication required before using cloud computing services. Furthermore, to reinforce user convenience, the system proposed increases the strength of authentication keys by establishing multiple factors for authentication. For efficient entries in mobile device use environments, this system combines mobile device identification number entries, basic ID/password type authentication methods, and the authentication of diverse user bio‐information. This system also enhances authentication efficiency by processing the authentication factors of a user's authentication attempt in a lump instead of one by one in the cloud computing service environment. These authentication factors can be continuously added, and this authentication system provides authentication efficiency even when authentication factors are added. The main contribution is to improve high security level by through authentication of mobile devices with multifactors simultaneously and to use the mobile cloud service architecture for its efficient processing with respect to execution time of it. Copyright © 2013 John Wiley & Sons, Ltd.     

Provable data possession scheme with authentication

To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.     

ID-Based User Authentication Scheme for Cloud Computing

In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.'s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.     

移动计算网络环境中的认证与小额支付协议

本文在分析现有移动用户认证协议与因特网认证协议基础上,针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行小额电子支付的协议,该协议的新颖之处在于把小额支付方案融入认证协议当中,使移动用户可以利用笔记本电脑或掌上电脑进行付费的网面浏览、购买低价位信息商品以及进行移动电子商务,同时也为移动用户漫游时的记费提供了依据.协议不仅在公共参数的存储空间需求和用户端计算负荷上是适当的,而且可以保护用户不被错误收费,同时提供服务网络防止用户抵赖的合法证据.该协议基于一个全局的公钥基础设施,适用于未来的基于第三代移动通信系统的网络计算环境.     

基于智能卡和密码保护的WSN远程用户安全认证方案

针对无线传感器网络（WSN）用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。