云环境下基于混合密码体系的跨域控制方案

针对当前云环境下用户跨域控制方案不能满足不同密码体系之间的相互跨域访问的需求，借鉴PKI（public key infrastructure）认证体系的思想构造了一种基于混合密码体系的跨域控制方案。该方案以PKI认证体系为不同密码体系安全域的管理框架，以CA（certificate authority）为不同安全域用户的公共跨域认证中心，对不同安全域的用户进行认证，并根据验证结果为其分配公共跨域身份和身份控制标签。它不仅实现了对不同密码体系之间的相互访问，并且根据签发的身份控制标签完成用户的实时控制，一旦发现恶意用户便撤销用户公共跨域身份，并对恶意用户的实名身份进行标注。分析结果表明，新方案在满足正确性、不可伪造性、高安全性的同时可以抵抗重放攻击、替换攻击和中间人攻击，并且降低了计算开销。

Cross-domain control scheme based on hybrid cryptosystem in cloud environment

In view of the fact that the current cross-domain user control scheme in cloud environment couldn''t meet the needs of cross-domain access between different cryptosystems, this paper constructed a cross-domain control scheme based on hybrid cryptosystem by referring to the authentication idea of PKI certificate system. The scheme used PKI authentication system as the management framework of security domains in different cryptosystems, and used CA(certificate authority) as the public cross-domain authentication center for users in different security domains. It authenticated users in different security domains, and allocated public cross-domain identity and identity control labels according to the authentication results. It not only achieved mutual access between different cryptographic systems, but also completed the real-time user control according to the identity control label issued. Once a malicious user was found, it revoked the public cross-domain identity of the user and annotates the real-name identity of the malicious user. The analysis results show that the new scheme satisfies the requirements of correctness, unforgeability, high security and can resist replay attack, replacement attack and man-in-the-middle attack, and reduces the computational overhead.