Đang tải... (xem toàn văn)
The security of cloud computing datacenters is an important issue. In recent years, some schemes of encryption and authentication based on hierarchical identity-based key management systems have been developed. However, these schemes did not consider the case when PKG (Private Key Generator) went down. In this paper, we proposed an identity-based key management scheme for configurable hierarchical cloud computing environment. The proposed scheme requires fewer computations on encryption, and authentication, and it also provides efficient key reconstruction in case of PKG failures. As a result, the scheme proposed in this paper can reduce the key reconstructing cost efficiently on cloud computing data center.
Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing Environment Jyun-Yao Huang Department of Computer Science and Engineering National Chung Hsing University Taichung, Taiwan allen501pc@gmail.com I-En Liao Department of Computer Science and Engineering National Chung Hsing University Taichung, Taiwan ieliao@nchu.edu.tw Chen-Kang Chiang Department of Computer Science and Engineering National Chung Hsing University Taichung, Taiwan s99056051@cs.nchu.edu.tw Abstract—The security of cloud computing datacenters is an important issue. In recent years, some schemes of encryption and authentication based on hierarchical identity-based key management systems have been developed. However, these schemes did not consider the case when PKG (Private Key Generator) went down. In this paper, we proposed an identity- based key management scheme for configurable hierarchical cloud computing environment. The proposed scheme requires fewer computations on encryption, and authentication, and it also provides efficient key reconstruction in case of PKG failures. As a result, the scheme proposed in this paper can reduce the key reconstructing cost efficiently on cloud computing data center. Keywords- Cloud Computing, Identity-Based Authentication, Identity-Based Encryption I. I NTRODUCTION The new term “cloud computing” appeared from Google’s CEO Eric Schmidt in 2006 [1]. This new idea has since become the most important technique in network services. Nowadays cloud computing services are everywhere, e.g., Google Gmail, Google document, Microsoft Hotmail, Amazon EC2, and Facebook. These services have been the most important for our world. Cloud computing is a large-scale distributed computing paradigm [2]. According to NIST’s (National Institute of Standards and Technology) definition for cloud computing:“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” [3][4]. Usually, cloud providers have their own cloud infrastructures or corresponding applications to provide services for their customers. There are three typical service models for cloud computing: 1) Infrastructure as a Service (IaaS), which provides cloud computing infrastructures for customers. 2) Platform as a Service (PaaS), which provides both IaaS and platform components such as operating systems or needed libraries. 3) Software as a Service (SaaS), which provides applications on the cloud computing platform. However, NIST [3-4] also defines the deployment model for cloud computing: 4) Public cloud, which allows users’ access to the cloud via web browser interface. 5) Private cloud, which is set up by the action using internal communication. 6) Hybrid cloud, which is a private cloud linked to one or more external cloud services, centrally managed, provisioned as a single unit, and circumscribed by a secure network. 7) Community cloud, which shares infrastructure resource between server organizations via secret community channels. Security is one major issue of cloud computing. A public cloud computing datacenter may consist tens of or hundreds of containers, and each container may contains thousands of servers. How to enhance the security of these computing nodes is a significant issue. For encrypting transmissions in cloud computing, the general technique is based on TLS/SSL protocols. However, these schemes are not efficient for encryption and authentication [5]. In another aspect, how to broadcast the public keys and compute private keys of each cloud computing node is another significant issue because of the bottleneck of the basic TLS/SSL scheme. In recent years, the major methods are inspired by Hierarchical ID-based encryption (HIDE), which is based on admissible pairing [5-8]. In recent years, some researches proposed identity- based hierarchical key deployment model for encryption and authentication in cloud computing. However, these methods did not consider the case when PKG (Private Key Generator) may be failed. When one PKG failed, its child nodes need to be reconnected to another PKG. The newly assigned PKG needs to regenerate private keys for all the descendants of the failed PKG in order to keep them working. This method will incur lots of overhead in case of PKG failure. In this paper, we propose a robust and low-cost identity-based encryption in a hierarchical key distribution model by taking into consideration of the failures of PKGs. The remainder of this paper is structured as follows: Section II discusses the related work on security in cloud 2011 IEEE 17th International Conference on Parallel and Distributed Systems 1521-9097/11 $26.00 © 2011 IEEE DOI 10.1109/ICPADS.2011.56 883 computing, especially the identity-based authentication technique. Section III describes our method for key deployment, encryption, authentication and key reconstruction. Section IV provides analysis of performance and security. And section V gives conclusions. II. RELATED WORK In 1996, Netscape proposed Transport Layer Security (TLS) [9][10], for which the common name is “Secure Sockets Layer (SSL).” TLS offers many different options for key agreement, encryption and network authentication. The web server is configured with an X.509 certificate including the domain name. The certificate is issued from a trust certification authority (CA). The server sends its certificate to the browser client during TLS communications. If the domain name is checked successfully by CA, the client can continue to load the page. Note that the browser remains anonymous within its TLS configuration. As consequence of inverting TLS, most web applications can implement security of data transmission. Although TLS is used with client authentication, the client certificate does not transport any authorization and authentication information. The SAML (Security Assertion Markup Language) [11] is bound to the public key contained in this certificate by including this key in a Holder-of-Key assertion. Web service providers can use SAML to achieve single sign-on across different websites. After cloud computing becomes a new term, there are many significant issues. One of cloud computing issues is about security. Cloud Security Alliance (CSA) [12] recommended cloud service providers use some open standards such as SAML, SSL, etc to achieve authentication and federation. S. Ramgovind et al. [13] discussed the management of security in cloud computing. They described the security requirements for three deployment models and three cloud service models. For IaaS and PaaS, identification and authentication are listed as mandatory for the three deployment models. Proper authentication guarantees data integrity while transferring among cloud computing nodes. Boneh and Franklin [14] proposed a security model of Identity-Based Encryption and gave a construction using bilinear maps. For bilinear map, they considered a large prime p and E is the elliptic curve. There are two groups, a group over curve E/F p2 with a large order q, denoted by G q and Ӵ q be subgroup of * q F , which order is also q. They said a modified Weil pairing ê: G q ͪG q ĺ Ӵ q is admissible, if it has three properties: 1) Bilinear: For all P, QෛG q and a, bෛZ, ê(aP, bQ)= ê(bP, aQ)=ê(P, Q) ab . And it can be restated as for all P, Q, RෛG q , ê(P+R, Q)=ê(P, Q) ê(R, Q) and ê(P, Q+R)= ê(P, Q) ê(P, R). 2) Non-degenerate: ê(P, P)ෛF q * , is an element of order q, and in fact a generator of q 3) Computable: Given P, QෛG q , there is an effective method to compute ê(P, Q). They proposed the identity-based encryption based on the admissible pairing, and the security of that scheme is enhanced by Computational Diffie-Hellman assumption (CDH) and Weil Diffie-Hellman (WDH) assumption. The CDH assumption is stated as the following definition: Given g, g x , g y א G 1 for unknown random x, y א Z p כ , it is hard to compute g xy , where p is a large prime, where G 1 is a bilinear group. And WDH assumption is stated as the following definition: Given P, aP, bP, cP א G 1 for unknown random a, b, c א Z p כ , it is hard to compute r= ê(P, P) abc , where G 1 is a bilinear group. However, Boneh and Franklin method is not efficient for large network. Jeremy Horwitz, et al. [6] introduced a hierarchical concept for a 2-level HIDE. Then, Gentry and Silverberg [7] proposed the practical scheme for this concept. Even though SSL is a general security scheme, it has lower efficiency than pairing scheme. In recent years, Hongwei Li et al. [5] proposed an identity-based hierarchical model for cloud computing (IBHMCC). In their scheme, the cloud computing environment is composed of a hierarchical structure of nodes and authentication is done using Weil pairing. According to their analysis, SSL scheme is lower than their proposed pairing-based scheme. However, this scheme cannot defend against replay attacks when attackers repeatly transmit authentication messages to server. Liang Yan et al. [8] adopted federated identity management together with hierarchical identity-based cryptography (HIBC). In their scheme, two parties encrypted data and verified each other using shared secret session key without secret key exchange. However, the methods proposed by Hongwei Li et al. [5] and Liang Yan et al. [8] did not consider the key regeneration problem when any of the lower level PKG went down. In this paper, we propose a robust and low-cost identity-based encryption in a hierarchical key distribution model by taking into consideration of the failures of PKGs. This method will be described in section 3. III. PROPOSED METHOD The proposed method is inspired by “Identity-Based Encryption from the Weil Pairing” [14]. In this paper, we proposed identity-based encryption in a hierarchical key deployment model for effective key reconstruction. Consider the connections of cloud computing servers and clients as shown in Figure 1. Suppose that a data center is organized in hierarchical structure. It contains a Root PKG in level 0, PKGs for containers in level 1, PKGs for racks in level 2, and physical server nodes in level 3. Any physical server in level 3 has several VMs (Virtual Machine), which are labeled as level 4. These components are connected by high speed network or bus. 884 Note that each PKG has a unique ID in the whole data center, named ID 0 in level 0, ID 10 and ID 11 in level 1, and similarly for level 2, 3 and 4. However, there is one user account server, which can send the public/private keys of users to those who need new servers. Note that these all PKGs are safe which can’t generate fake public/private keys. Figure 1 . System architecture A. PKG Setup The key deployment of this model requires two major steps: Root PKG Setup and Lower level PKG setup. Root PKG Setup: The Root (Level 0) acts as follows: 1) Generate an additive group G 1 which is the group of points of an elliptic curve over F q , and multiplicity group G 2 which is a subgroup of F q . These groups have a large prime order q. Choose an appropriate admissible pairing ê: G 1 ×G 1 ĺG 2 2) Chose an arbitrary generator PෛG 1 3) Choose cryptography hash functions, H 1 : {0,1} * ĺG 1 , H 2 : G 2 ĺ{0,1} n for some nෛN. 4) Then the Root PKG selects random number ĮෛZ q * , and sets Q 0 =ĮP, P 0 = H 1 (id 0 ), S 0 =ĮP 0 . Note that S 0 is the Root PKG’s master key. Then, the Root PKG sends system parameters < G 1 , G 2 , ê, Q 0 , P, P 0 , H 1 , H 2 > to its child PKG nodes, where P is a public key. Lower PKG Setup: Assume the lower node is L in the level t+1 and its parent PKG is in level t. Then the parent PKG does: 1) Compute L’s public key, P L = H 1 (id L ). 2) Select two secret points ȡ L ’ , ȡ L ෛZ q * , which are only known by L and its parent nodes. 3) Set the private key of L: S L = ȡ L ’S 0 +ȡ L P L . 4) Set the public Q-value: Q L = ȡ L P. 5) Output < G 1 , G 2 , ê, Q 0 , P, S 0 , H 1 , H 2 > to its child nodes. After these five steps, the lower level nodes get their private key and secret point. The public key and Q-value are also public. Similarly, each node in the lower levels of the cloud environment also follows these four steps to generate the public keys, secret points and private keys B. Identity-Based Encryption and Decryption Identity-Based Encryption is based on the PKG setup module. For encryption between two server nodes n 1 and n 2 , if n 1 wants to send message m to n 2 : 1) Get public key P n2 2) Select a random number rෛZ q * . 3) Output the ciphertext C=<rP, rP n2 , H 2 (g r ) m), where g= ê(Q 0 , ȡ L ’ P 0 ) is pre-computed. For decryption in n 2 , after receiving C=<P’, P 2 ’, m’>: 1) Compute , where S n2 =ȡ n2 ’S 0 +ȡ n2 P n2 is a private key of n 2 Get the message m = H 2 (d) m’ C. Identity-Based Signature For the signature, if node n s wants to sign message m: 1) Compute P m =H 1 (id n2 ||m). 2) Select a number t =H 3 (T c ), where T c is current time and H 3 is a hash function which maps real number into Z p . 3) Select a random number r ns ෛZ q * . 4) Compute ȝ= r ns S ns +tȡ ns P m . 5) Output the signature <ȝ, tȡ n2 P m , r ns Q n2 , r ns ȡ ns ’P 0 >. For verification, when the other node n r gets the signature s’= <ȝ’, P s ’, Q s ’, R s ’>, the sender public key P n2 and the last signature if it exists from the same sender: s”=<ȝ”, P s ”, Q s ”, R s ”>, it can verify the signature and just test the following steps: 1) If P s ’P s ”, go to Step 2. Otherwise, refuse the request from the sender. 2) If ),( ˆ ),( ˆ ),( ˆ =),( ˆ '' 0 ' ssss PQeRQePPeȝPe ,where P s is public key of the sender. Then, the signature is validate. D. User Request for Authentication Keys For IaaS and PaaS, if there’s one user U who needs some new VMs from the cloud service provider in the data center, U must get the public/private key generated from the server. Then, U takes the following steps for getting the public/private key to use VMs (see Figure 1.): 1) U sends the user login (UL) message including account and password to login the user account server via SSL. 2) The user account server checks the account and password, then sends account granted (AG) message to U via SSL if the account and password are correct. 3) After receiving AG, U sends request for authentication keys (RAK) for some new VMs to the user account server. 4) The account server sends RAK to physical servers for new VMs via SSL. ),( ˆ )+ 㶅 ,( ˆ = ),( ˆ ),'( ˆ = 22 202 ' 22 22 nn nnnn rPPȡe PȡSȡrPe PQe SPe d 885 5) The physical servers create new VMs and generate new public/private keys for VMs via lower level PKG key generation step. Then, the physical servers notify the new VMs’ address to the account server. 6) The new created VMs also generate new public/private keys for VMs via lower level PKG key generation step. Then, the VMs return message including these authentication keys of VMs for user (AKV) and VMs addresses to the user account server via SSL. 7) After the account server verifies the addresses of VMs, the user account server decrypts the AKV messages. Then, it sends AKVs to U via SSL. 8) U can communicate with new VMs via AKVs using identity-based encryption and identity-based signature. E. Key Reconstruction when PKG Went Down In the hierarchical identity-based cryptography schemes proposed by Hongwei Li et al. [5] and Liang Yan et al. [8], once an upper level PKG went down, the keys generated for all lower level nodes need to be reconstructed. This may result in unexpected unreliability of cloud services. To alleviate this problem, the private key generated for the lower level node in the step 3 of Lower PKG Procedure is designed to depend on the immediate parent node. Therefore, if a PKG failed, only its immediate child nodes will be affected. The procedure for key reconstruction in case of a PKG, say B failure is as follows: 1) Restructure phase: The datacenter selects a PKG, say C at the same level as the failed PKG B. Assign the PKG C as the parent PKG of the child nodes of B. 2) Reconstruct public/private key phase: Use the procedure for Lower PKG Setup to reconstruct the public/private keys of the child nodes of B using C as the new parent PKG. IV. S ECURITY AND P ERFORMANCE A NALYSIS A. Performance Analysis Before expressing our performance analysis, there are notations for computation cost: 1) C BM : the cost for computing bilinear map ê. 2) C cmp : the cost for comparing two content texts. 3) C h : the cost for hash function. 4) C xor : the cost for XOR We discuss the performance analysis of the proposed scheme compared to IBHMCC [5] from three aspects: For performance analysis assume that node n t in level t wants to encrypt message m and send the encrypted message to node n t+k in level t+k. In IBHMCC scheme, n t must do ê computation one time for encryption and n t+k must do t+k times for descryption. In our proposed method, it only performs ê operations one time and 2 times in encryption and decryption, resppectively. In IBHMCC scheme, n t must do one time of hash computation for signature and n t+k must do t+k times of ê operations for verification. In our proposed method, it only performs 2 times of hash operations for signature and 4 times of ê operations for verification. The comparisons for computation costs are shown in Table 1 and Table 2. As to the key reconstruction problem in case of a PKG failure, the proposed scheme only reconstructs the public/private keys of the immediate child nodes of the failed PKG instead of reconstructing the public/private keys of all descendant nodes. Assume there are k child nodes under the failed node and each node also has n child nodes in the subtree as root as the failed node. Assume that this subtree has l levels. When a PKG failure occurs in IBHMCC scheme, there are k×n l-1 nodes that need to reconstruct private keys and public keys. But in the proposed scheme, there are just k nodes need to reconstruct private keys and public keys. The comparison for reconstruction costs is shown in Table 3. Table 1. Cost comparison for encryption/decryption Scheme Computations Encryption Decryption IBHMCC 1C BM + 1C h + 1Cxor (t+k) C BM + 1C h + 1Cxor Proposed 1C BM + 1C h + 1C xor 2C BM + 1C h + 1C xor Table 2. Cost comparison for signature/verification Scheme Computations Signature Verification IBHMCC 1C h (t+k)C BM + 1C cmp Proposed 2C h 4C BM + 1C cmp Table 3. Number of reconstruction nodes Scheme Reconstructed nodes IBHMCC k×n l-1 Proposed k Table 4. Cost comparison for communications Scheme Communications (in parameters) Encryption Signature IBHMCC t+k+2 t+k+2 Proposed 3 4 For communication cost, in encryption the proposed scheme only sends 3 parameters to the receiver, while IBHMCC must send t+k+2 parameters. In the signature, the proposed scheme only sends 4 parameters while IBHMCC needs more. Therefore, our scheme has fewer communication costs as shown in Table 4. B. Security Analysis In this subjection, we discuss the security aspects of our proposed scheme in terms of man-in-the middle attack, replay attack: 1) Assume an attacker in a cloud server intercepts a message from a PKG, because the attacker do not know the private key of the receiver, he can not decrypt the message due to complex computations imposed by the Weil Diffie-Hellman assumption. 2) For replay attack, when an adversary catched the signature s’ and ciphtertext m’ sent by the sender S e to the 886 receiver R c . He can camouflage the sender and resend the ciphertext m’ and signature s’ to perform replay attacks to the receiver R c . The replayer attacks will be detected by the receiver because we add a timestamp t in the signature scheme. The receiver R c needs only to check the current signature with the last signature. If they are equal, R c rejects the request. V. C ONCLUSIONS In this paper we propose an efficient identity-based key management for configurable hierarchical cloud computing environment. The proposed scheme has better performance and fewer communication cost compared to other hierarchical identity-based cryptography schemes such as IBHMCC. Another feature of our scheme is the faster key reconstruction in case of a PKG failure than IBHMCC. ACKNOWLEDGMENT This research was partially supported by National Science Council, Taiwan, under contract no. NSC100- 2221-E-005-070. R EFERENCES [1] D. Bogatin. (2006, Auguest), “Google ceo’s new paradigm: cloud computing and advertising go hand-in-hand,” ZDNet. [Online]. Available: http://blogs.zdnet.com/micromarkets/?p=369 [2] I. Foster, Y. Zhao, I. Raicu, and S. Lu, “Cloud computing and grid computing 360-degree compared,” in Grid Computing Environments Workshop, 2008. GCE ’08, Nov. 2008, pp. 1 –10. [3] P. M. T. Grance. (2009), “The nist definition of cloud computing (15 ed.),” NIST. [Online]. Available: http://csrc.nist.gov/- groups/SNS/cloud-computing [4] P. M. T. Granc, “The NIST Definition of Cloud Computing (Draft),” National Institute of Standards and Technology (NIST) Std. [Online]. Available: http://csrc.nist.gov/publications/drafts/- 800-145/Draft-SP-800-145_cloud-definition.pdf [5] H. Li, Y. Dai, L. Tian, and H. Yang, “Identity-based authentication for cloud computing,” in Proceedings of the 1st International Conference on Cloud Computing, ser. CloudCom ’09. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 157–166. [6] J. Horwitz and B. Lynn, “Toward hierarchical identity-based encryption,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, ser. EUROCRYPT ’02. London, UK, UK: Springer-Verlag, 2002, pp. 466–481. [7] C. Gentry and A. Silverberg, “Hierarchical id-based cryptography,” in Advances in Cryptology—ASIACRYPT 2002, ser. Lecture Notes in Computer Science, Y. Zheng, Ed. Springer Berlin / Heidelberg, 2002, vol. 2501, pp. 149–155. [8] L. Yan, C. Rong, and G. Zhao, “Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography,” in Proceedings of the 1st International Conference on Cloud Computing, ser. CloudCom ’09. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 167–177. [9] “The Transport Layer Security (TLS) Protocol,” Internet Engineering Task Force (IETF) Std., Aug. 2008. [Online]. Available: http://datatracker.ietf.org/doc/rfc5246/ [10] B. P. Bruegge, D. Huhnlein, and J. Schwenk. “Tls-federation-a secure and relying-party-friendly approach for federated identity management” [Online]. Available: http://www.etu-klubi.fi/vrk/- fineid/files.nsf/files/D46A1A54A5392E0EC22573E90046506B/- file/TLS F ederation f inal.pdf [11] (2009, October) Security assertion markup language (saml) v2.0. Organization for the Advancement of Structured Information Standards (OASIS). [Online]. Available: http://docs.oasis- open.org/security/saml/v2.0/saml-2.0-os.zip [12] (2009, December) Security guidance for critical areas of focus in cloud computing v2.1. Cloud Security Alliance. [Online]. Available: https://cloudsecurityalliance.org/csaguide.pdf [13] S. Ramgovind, M. Eloff, and E. Smith, “The management of security in cloud computing,” in Information Security for South Africa (ISSA), 2010, Aug. 2010, pp. 1 –7. [14] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” SIAM J. Comput., vol. 32, pp. 586–615, March 2003. 887 . propose an efficient identity-based key management for configurable hierarchical cloud computing environment. The proposed scheme has better performance. Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing Environment Jyun-Yao Huang Department