2019/12/1 An Improved CPK Identity Authentication Scheme Based on Cloud Environment Author: Yanyan Song, Jun Qin Publisher: 2017 Asia-Pacific Engineering.

Slides:



Advertisements
Similar presentations
期末考试作文讲解 % 的同学赞成住校 30% 的学生反对住校 1. 有利于培养我们良好的学 习和生活习惯; 1. 学生住校不利于了解外 界信息; 2 可与老师及同学充分交流有 利于共同进步。 2. 和家人交流少。 在寄宿制高中,大部分学生住校,但仍有一部分学生选 择走读。你校就就此开展了一次问卷调查,主题为.
Advertisements

MMN Lab 未來教室與雲端化學習 Yueh-Min Huang Department of Engineering Science, National Cheng Kung University, Tainan, Taiwan
Web Role 的每台虚机运行有 IIS ,用于处理 Web 请求 Worker Role 用于运行后台进程 Cloud Service 是什么? 支持多层架构的应用容器 由多个 Windows 虚拟机集群构成 集群有两种类型: Web 和 Worker Cloud Service 做什么 进行应用的自动化部署.
云计算辅助教学风云录 黎加厚 上海师范大学教育技术系 2010年8月9日.
研究生大進擊 盧永豐
信息技术在教学中的应用 信息技术应用于教学的整体观、系统观 信息技术应用于教学的整体观、系统观 对信息技术整合的理解——教师的视角
DATE: 14/10/2009 陳威宇 格網技術組 雲端運算相關應用 (Based on Hadoop)
第四屆雲豹育成企業出題 Mobric specialize in “distributed object-oriented database model” and “large-scale parallel computing”. They chose to target the IoT market.
中四 升學講座 中五 2007年12月8日.
创新实验 课程说明 计算机学院 孙彤 计算机学院 张明.
附錄1 —— 《個人資料(私隱)條例》的釋義、原則及主要條文
-Artificial Neural Network- Hopfield Neural Network(HNN) 朝陽科技大學 資訊管理系 李麗華 教授.
Mode Selection and Resource Allocation for Deviceto- Device Communications in 5G Cellular Networks 林柏毅 羅傑文.
云实践引导产业升级 沈寓实 博士 教授 MBA 中国云体系产业创新战略联盟秘书长 微软云计算中国区总监 WinHEC 2015
Leftmost Longest Regular Expression Matching in Reconfigurable Logic
IEEE TRANSACTIONS ON MAGNETICS, VOL. 49, NO. 3, MARCH 2013
An Adaptive Cross-Layer Multi-Path Routing Protocol for Urban VANET
Rate and Distortion Optimization for Reversible Data Hiding Using Multiple Histogram Shifting Source: IEEE Transactions On Cybernetics, Vol. 47, No. 2,February.
Group multicast fanOut Procedure
指導教授:許子衡 教授 報告學生:翁偉傑 Qiangyuan Yu , Geert Heijenk
International Conference ITIE2010: Inspiration from Best Practices
Special English for Industrial Robot
軟體原型 (Software Prototyping)
BTS3911E 一体化站点解决方案 支持UL平滑演进,降低CAPEX 小站点,大容量,提升用户体验 高集成度 ,降低部署成本
沈 彤 英特尔中国区嵌入式产品事业部 市场经理 Jul, 26th 2011
The Empirical Study on the Correlation between Equity Incentive and Enterprise Performance for Listed Companies 上市公司股权激励与企业绩效相关性的实证研究 汇报人:白欣蓉 学 号:
作業系統 補充: 雲端運算.
从UNIX到Windows的 电信软件移植实践
第 1 章 ERP的演变.
Logistics 物流 昭安國際物流園區 總經理 曾玉勤.
Draft Amendment to STANDARD FOR Information Technology -Telecommunications and Information Exchange Between Systems - LAN/: R: Fast BSS.
Department of Computer Science & Information Engineering
China Standardization activities of ITS
製程能力分析 何正斌 教授 國立屏東科技大學工業管理學系.
SAP 架構及基本操作 SAP前端軟體安裝與登入 Logical View of the SAP System SAP登入 IDES
常见问题解答 II. App上重置并清空数据库之后,手机app找不到圣诞灯怎么办? I. 打开APP,发现并连接不了圣诞灯怎么办?
Outrigger Optimization for Super Tall Structures Under Multiple Constraints 多约束条件下超高结构伸臂系统优化.
資料庫系統導論.
2019/1/2 Experimental Analysis on Performance Anomaly for Download Data Transfer at IEEE n Wireless LAN 在IEEE n無線LAN上下載數據傳輸的性能異常的實驗分析 Author:
Formal Pivot to both Language and Intelligence in Science
中国农村沼气政策与发展战略 李景明 中国北京 农业部科技发展中心能源生态处处长 中国沼气学会秘书长.
IBM SWG Overall Introduction
联合创新中的技术许可与知识产权分配问题 Technology licensing and IP allocation in joint R&D collaboration 1.


沙勇忠 Sha Yongzhong 兰州大学图书馆 Library of Lanzhou University
高性能计算与天文技术联合实验室 智能与计算学部 天津大学
2019/4/8 A Load Balancing Mechanism for multiple SDN Controllers based on Load Informing Strategy Miultiple controller 的 load balancing 機制,使用一個叫 Load informing.
Safety science and engineering department
中国科学技术大学计算机系 陈香兰 2013Fall 第七讲 存储器管理 中国科学技术大学计算机系 陈香兰 2013Fall.
虚 拟 仪 器 virtual instrument
中美图书馆之间合作的过去、现在和未来 Sino-U. S
從 ER 到 Logical Schema ──兼談Schema Integration
期未報告:公眾無線網路的架構,比較 通訊所 鍾國麟 主要的內容還是S.Y.
An Efficient MSB Prediction-based Method for High-capacity Reversible Data Hiding in Encrypted Images 基于有效MSB预测的加密图像大容量可逆数据隐藏方法。 本文目的: 做到既有较高的藏量(1bpp),
Outline Overview of this paper Motivation and Initialization
BiCuts: A fast packet classification algorithm using bit-level cutting
Efficient Query Relaxation for Complex Relationship Search on Graph Data 李舒馨
SAP 架構及基本操作 SAP前端軟體安裝與登入 Logical View of the SAP System SAP登入 IDES
严肃游戏设计—— Lab-Adventure
Chapter 14 系統保護 (System Protection)
11 Overview Cloud Computing 2012 NTHU. CS Che-Rung Lee
SAP 架構及前端軟體安裝 Logical View of the SAP System SAP Frontend 7.1安裝 SAP登入
MGT 213 System Management Server的昨天,今天和明天
Introduction to Computer Security and Cryptography
质量管理体系与工具 工程管理学
Requirements for SPN Information Modeling
DDoS A note given in BCC class on May 15, 2013 Kun-Mao Chao (趙坤茂)
Computer Security and Cryptography
When using opening and closing presentation slides, use the masterbrand logo at the correct size and in the right position. This slide meets both needs.
Presentation transcript:

2019/12/1 An Improved CPK Identity Authentication Scheme Based on Cloud Environment Author: Yanyan Song, Jun Qin Publisher: 2017 Asia-Pacific Engineering and Technology Conference (APETC 2017) Presenter: 柯懷貿 Date: 2019/05/15 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C. 1 CSIE CIAL Lab

Introduction With the rapid development of network technology, terminals of cloud computing are widely distributed. As a result, services provided by cloud computing will be attacked by hackers and other uncertain factors easily. In order to provide corresponding services, cloud service providers must establish a perfect identity authentication mechanism. Making a contrastive analysis on different authentication modes, domestic scholars reach a consensus that CPK authentication mode possesses advantages other authentication modes do not have. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Identity-Based Authentication Public Key Infrastructure (PKI) needs trusted third-party CA to store public key, and it may take a lot of time to fine out specific user’s certificate when sending message. Identity-based authentication does not need CA because public key is generated by user’s unique ID. Therefore, everyone can generate other’s public key through his own ID instead of requirement for CA, even it is offline. In CPK, keys are generated by hashing unique ID and mapping to Public Seed Matrix and Secret Seed Matrix. The former one is open and the latter is hold by Key Management Center (KMC). 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

CPK Combined Public Key (CPK) identity authentication algorithm was proposed by the Chinese scholar Nan, Xiang-Hao in 1999. CPK is to produce a huge number of public and private key pairs through “combination” for small-scale matrix, to realize the purpose of large-scale key management and to reduce the computation and communication overhead greatly. The fundamental theory of CPK key combination is key compound theorem of elliptic curve cryptography (ECC). 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Key Combination with ECC Multiple pairs of public keys and private keys are selected from the public and private key matrix, and new pairs of public keys and private keys can be gained through point add operation for these public keys and private keys. As above, Ri and ri (i=1~m) will form a new public key R and a new private key r. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Key Matrix We construct two matrix including Public Seed Key Matrix (PSK) and Secret Seed Key Matrix (SSK) . Assume key matrix is m*h, so PSK and SSK are expressed as : Relation between PSK and SSK is : There are m possibilities when an element is taken out from one column. Therefore, a m*h matrix can generate m^h pairs of public keys and private keys. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Role Based Access Control The purpose of access control is to prevent unauthorized access and unauthorized operation for information resources and to maintain data integrity and confidentiality. When roles are set in the RBAC model, different requirements of different users for the service should be considered, and the user roles should be set according to their tasks in the system. The same user can switch between different roles, and the system can also add, modify and delete role groups. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Purposed Access Control Model The access control model based on cloud environment is composed of five functional modules, as following picture. The access control scheme has integrated RBAC model with CPK authentication method, which has restrained user privilege to access recourses under cloud computing environment more meticulously. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Integration of CPK and Access Control Model It is feasible to transfer CPK identity authentication scheme into cloud computing environment, and Cloud CPK (CCPK) will be given. The role based access control mode is adopted in cloud computing. Keys of corresponding levels will be assigned to users according to the user roles indicated by user identification, making it possible for users to access the cloud computing resources within their privilege. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Ring Signature Algorithm Ring signature is a simplified group signature. Every user in the ring is at the same level and every user can sign on behalf of the whole group. The verifier is concerned about the group that signs rather than the specific user in the group that signs. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Experimental Environment and Process Java language is adopted as the programming language of simulation program, and CloudSim cloud simulation open source library is introduced. Hardware configurations of the computer used in the simulation experiment are as follows: Intel Core i5-3850 is adopted as CPU; the internal storage is 8GB; the capacity of hard disk is 500GB; the operating system is Windows 7 ultimate edition 64Bit Service Pack 1; Eclipse is applied as the development software; the experimental simulation can be started by importing the CloudSim pack into the Eclipse item. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Experimental Environment and Process At first, user A is set as sending end and user B is treated as receiving end. The mode of bidirectional authentication is adopted, and the identity authentication process under cloud computing is almost completed. CCPK has an obvious advantage in centralized production and distribution of keys. Meanwhile, ring signature and role based access control model are introduced to enhance the safety performance of cloud computing. The CCPK identity authentication scheme has not only saved service cost but also improved authentication efficiency. 在多維幾何空間中,我們可以用矩形表示規則。 這意味著規則的每個字段代表不同維度的覆蓋區域。 良好的數據包分類算法必須同時具有更快的速度和更少的存儲要求。 National Cheng Kung University CSIE Computer & Internet Architecture Lab