全球紛紛投入研究雲端運算(Cloud Computing)的領域，無論是學術界還是科技大廠。雲端運算(Cloud Computing)是一個十分熱門的題材，有著十分迷人的特性，例如：降低硬體裝置成本、資源共享、省去佈置新規格裝置的時間。無論使用者使用何種網路存取裝置，包括個人電腦、手機、低價筆電等，都可以藉由網路連線各個雲端以請求雲端提供軟體服務或儲存空間，藉此獲得比以往伺服器架構更好的服務品質。雲端運算(Cloud Computing)將龐大的運算作業拆成千百個較小的作業，交給遠端多台伺服器同時運算。透過這項技術，網路服務提供者可以在數秒之內，處理數以千計甚至萬計的資訊，提供和「超級電腦」類似強大效能的服務。網路的傳輸，隨科技進步，越來越快速，十分利於雲端環境。雲端運算(Cloud Computing)的網路架構是一種大型異質網路的結合，例如手機使用的3G網路、無線網路和一般住家的實體網路，甚至是整個企業網路網絡，因此在鑑別(Authentication)上，需考慮到如何提供一個如此大型的網路架構，讓使用者和各伺服器端進行鑑別。本論文的方法除了提供使用者與雲端伺服器做鑑別外，並且讓使用者在毋須註冊的情況下，透過使用者、客雲端與主雲端三方雙向鑑別後，使用者可以使用客雲端的運算資源。在各家業者不斷提供越來越多雲端服務的環境下，使用者可以不用向多個雲端供應商註冊帳號，即可使用各家雲端運算資源，將更方便使用者使用雲端運算(Cloud Computing)。本論文利用以身份為基礎的公開金鑰系統來建立雙向鑑別機制，將使用者本身相關的資訊做為身份碼，免除了憑證的需求，也省去了雲端伺服端檢驗憑證的時間，提供更方便的鑑別機制，且能夠達到雙向鑑別、前後向安全性、機密性、訊息完整、不可否認等安全特性，並抵擋重送攻擊。

More and more companies and scholar begin to get involved in a new topic—Cloud Computing. It is a hot issue in recent year, because in Cloud Computing environment any device which connect to the Internet can get the same service quality. Cloud Computing will be split into a large computing operations hundreds of smaller operations to the remote multi-server operating simultaneously. Through this technology, Internet service providers can in seconds, processing thousands, millions of information, and to provide and "super computer" as a strong service performance. Cloud Computing is a combination of heterogeneous network。Therefore it is necessary to provide a authentication between user and servers in such a large network scale. In this thesis, we provide a mutual authentication scheme between user and servers. Further more, in our scheme user can use the computing resources in Foreign Cloud without registration after the authentication phase. It’s user friendly that user can use various cloud computing resources just using one account. In this way users have no need to register their account in multiple cloud. In this thesis we make a identity-based ID using the information which is related to users. Eliminating the damand for certificate, but also eliminating the time that servers verify the certificate of the user. The proposed scheme provides mutual authentication, backward and forward secrecy, confidentiality, integrity, non-repudiation, and resists replay attack.

第一章	緒論	1
1.1	研究動機與目的	1
1.2	安全需求	3
1.3	論文架構	4
第二章	相關研究	5
2.1	Hierarchical ID-Based Cryptography Schemes (HIDC)	5
2.1.1	Root PKG setup	6
2.1.2	Lower-level setup	6
2.1.3	Extraction	6
2.1.4	加密函數	7
2.1.5	解密函數	7
2.1.6	簽章	7
2.1.7	驗證簽章	8
2.2	回顧Li等人的方法	8
2.2.1	Li等人方法鑑別機制	9
2.2.2	Li等人方法之弱點分析	10
第三章	雲端運算上免憑證雙向鑑別的安全機制	11
3.1	方法流程	12
3.2	產生金鑰程序	12
3.2.1	Root PKG setup	13
3.2.2	Lower-level setup	13
3.2.3	Extraction	14
3.3	註冊程序	14
3.4	登入程序	15
3.5	雙向身份鑑別程序	16
第四章	安全分析與討論	19
4.1	安全和功能分析	19
4.1.1	免憑證(Certificate free)	19
4.1.2	免多重註冊(Muti-Register free)	19
4.1.3	雙向鑑別(Mutual Authentication)	19
4.1.4	會議金鑰協定(Session key exchange)	20
4.1.5	前後向安全(Forward and Backward secrecy)	21
4.1.6	機密性(Confidentiality)	21
4.1.7	完整性(Integrity)	21
4.1.8	不可否認(Non-repudiation)	21
4.1.9	重送攻擊(Replay attack)	22
4.2	安全功能比較	22
第五章	結論與未來研究方向	23
參考文獻	24
附錄：英文論文	25

圖目錄
圖一、階層式PKG	5
圖二、Li等人方法鑑別機制	10
圖三、雲端階層式架構圖	12
圖四、註冊程序	14
圖五、登入程序	15
圖六、雙向身份鑑別程序	18

表目錄
表 一、Li等人方法的符號表	9
表 二、方法符號表	13
表 三、安全功能比較表	22

[1]	Peter Mell and Tim Grance.(2011,Jan) “The NIST Definition of Cloud Computing,”NIST.[Online] Available:http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
[2]	S.Subashini and V. Kavitha, “A Survey on Security Issues in Service Delivery Models of Cloud Computing,” Journal of Network and Computer Applications, Volume 27, Issue 3, PP. 245-253, July 2010
[3]	Adi Shamir, “Identity-based Cryptosystems and Signature Schemes,”in Proceedings Advances in Cryptology ASLACRYPT'1984.Springer-Verlag, pp.47-53, 1985.
[4]	Hoon Wei Lim, Kenneth G. Paterson, “Identity-based Cryptography for Grid Security, ” in Proceeding of the First International Conference on e-Science and Grid Computing, pp394-404, 2005
[5]	WhitfieldDiffie and Martin Hellman, “New Direction in Cryptography,” IEEE Transactions on Information Theory, vol. IT-22,pp.644-654,1976.
[6]	Craig Gentry and Alice Silverberg, “Hierarchical ID-Based Cryptography,” in ProceedingsAdvances in CryptologyASIACRYPT'2002. Springer-Verlag , pp.548-566, 2002
[7]	D. Boneh and M. Franklin, “Identity-based Encryptionfrom the Weil Pairing, ” in ProceedingsAdvances in CryptologyCRYPTO'2001. Springer-Verlag LNCS 2139, 2001.
[8]	Liang Yan, Chunming Rong, and Gansen Zhao, “Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography,” in The proceeding of CloudCom, LNCS 5931, pp.167–177, 2009
[9]	Electronic reference formats recommended by Google. (2006, August 9). Search Engine Strategies Conference. Retrieved August 9, 2006, from the World Wide Web: http://www.google.com/press/podium/ses2006.html 
[10] 中田敦、小林雅一、石田愛、浦本直彥、高橋秀和、松尾貴史、岩上由高,雲端運算大解密, 1st Ed. Taiwan:PCuSER電腦人文化,2010