Trust-Distributed-Based Authentication Mechanism Using Hierarchical Identity-Based Cryptography

The relationship among cloud service providers is becoming more and more complex, while these service providers are integrated on a public large-scale cloud computing platform. Cooperative relation and competitive relation coexist. Although a unified authentication is necessary for integrating, providers aren’t able to totally trust in a unique central authority. Single sign-on architecture could be confronted with the problems (such as security bottleneck, mandatory dependencies, key escrow, etc.) brought by the central authority. In order to solve these problems, an authentication mechanism based on trust dispersion theory using hierarchical identity-based cryptography is proposed in this paper. The secret value of central authority will be shared by service providers, as a result, not only the unified authentication is achieved, but also providers’ ability of self control is guaranteed. The central authority hands its core work of generating private keys to the corporation among main participants in the first level. Fake public key idea and sliding window can increase the difficulty of adversarial attacking. Cross domain authentication and key exchanging method are also supported. Comparing analysis shows that our scheme has superiority on not relying on central authority, without certificates maintenance, not having key escrow, cross-domain authentication, monitoring mechanism and so on.