CAJ | 학술논문

OpenStack是一个开源的云平台管理项目,旨在提供可靠的云部署方案和良好的可扩展性,但在重复失败登录、密码强度、密钥和数字证书管理等方面存在安全性问题.本文采用USB Key存储用户的密钥及数字证书,保证了双因子认证.采用基于角色的访问控制进行业务鉴权,同时设置反向认证令牌,实现用户和业务系统间的双向认证.利用PKI在Keystone进行密钥和数字证书颁发以及对数字证书的验证,增强认证的安全性.实现了OpenStack身份认证安全性的改进.方案已在校园网云存储平台上应用,为OpenStack安全性改进提供了参考.
OpenStack시일개개원적운평태관리항목,지재제공가고적운부서방안화량호적가확전성,단재중복실패등록、밀마강도、밀약화수자증서관리등방면존재안전성문제.본문채용USB Key존저용호적밀약급수자증서,보증료쌍인자인증.채용기우각색적방문공제진행업무감권,동시설치반향인증령패,실현용호화업무계통간적쌍향인증.이용PKI재Keystone진행밀약화수자증서반발이급대수자증서적험증,증강인증적안전성.실현료OpenStack신빈인증안전성적개진.방안이재교완망운존저평태상응용,위OpenStack안전성개진제공료삼고.
OpenStack is an open source cloud platform management program,designed to provide reliable cloud deploy-ment and good scalability, but there are some security problems about repeat failed login, password strength, key and digital certificate management and so on. The paper uses the USB Key to store the user's key and digital certificate, which can guarantee the double factor authentication. The business authentication is based on the role of access control, while the reverse authentication token is set up to realize two-way authentication between users and business systems. Use the PKI in the Keystone to be responsible for the key and certificates and verification of digital certificates,which enhances the security of authentication. The improvement of the security of OpenStack identity authentication is realized. Finally, the security of the improved scheme is analyzed. The scheme has been applied to the campus network cloud storage platform,and it provides a reference for the improvement of OpenStack security.