China Information Processing Center Director Hunenghei: "Three-step" strategy to solve cloud security problems

China Information Processing Center Director Hunenghei

CSDN: This is the fourth session of the cloud computing, the past year at home and abroad in the field of cloud computing what are the major progress and changes?

Hunenghei: Over the past few years, has been concerned about the development trend of cloud computing, especially in the last year, I deeply realized that cloud computing is a major change in information technology, briefly from three aspects to talk about feelings.

The idea of cloud computing is deeply rooted. Cloud computing has become a new generation of information technology competition in the world, in the "2012 report on the work of the Chinese government" pointed out that the "cloud computing pilot demonstration work faster", the development of cloud computing expressed a clear affirmation; In addition, the national provinces, municipalities and autonomous regions to develop local cloud computing development plans, such as Beijing "Xiangyun", Shenzhen "Kun Cloud", Hangzhou "West Lake Cloud", Wuxi "Cloud Valley", Guangzhou "Sky Cloud" and so on, industry combined with the needs of various industries of the characteristics of the corresponding industry clouds, such as education cloud, medical cloud, financial cloud, traffic clouds and so on. Looking at the above changes, it is not difficult to find that the concept of cloud computing has been deeply rooted.

The theory and technology of cloud computing are widely concerned. Cloud computing "to compute as the core, application-oriented" characteristics of the obvious, and its corresponding division of labor is increasingly clear, has now formed "The Basic theory of cloud computing in universities and scientific research institutions to undertake tackling the problem, the architectural application level is the enterprise-led" pattern. In recent years, the National Nature Fund (NFS), China National Natural Fund and the "Twelve-Five" National Science and Technology Program and other research on the basic theory of cloud computing have been strongly supported. Industry in the Microsoft, Google, IBM, Amazon and so on to increase the development of the architecture of the application layer, which provides a solid technical support for the continued prosperity and development of cloud computing.

Industry chain Integration Day reveals cloud computing charm. To "Facebook 1 billion dollar mergers and acquisitions Instagram" case, 2010 Instagram to hundreds of thousands of, rented Amazon cloud computing platform, just two years team 13 people write a new era of entrepreneurship story, this case interpretation of the cloud platform to achieve "light" business! In many industries of information integration, as well as the rise of industry clouds, cloud computing is the "behind the scenes hero" role.

CSDN: The theme of this conference is cloud computing landing, what do you think is the main problem facing cloud landing now? What should be done?

Hunenghei: What I understand about "cloud computing landing" is that cloud computing can really serve the real needs of users, not just verbal. I think the bottleneck problem of "cloud landing" is cloud security. Take the cloud rendering platform as an example to illustrate. For the emerging animation industry companies, animation design is its core competitiveness, and then to achieve 3D rendering will require a large number of computing resources, if the animation company set up their own server cluster, no doubt this non-core business occupies a large amount of investment in the company, not conducive to the rapid withdrawal of funds, The appearance of the third cloud rendering platform is expected to provide mutual benefit and win-get solution for anime rendering, but the problem is to give the animation design scheme to cloud rendering platform, how to ensure the security of the company's core intellectual property. This involves both technical and non technical aspects.

Overall, cloud security consists of three levels of problems.

Cloud Computing Trust Management level: Trust mechanism risk, that is, the legal protection system is imperfect, lack of impartial third party management constraints;

Data storage level: Cloud data storage security, that is, user data confidentiality, integrity and access authentication can be guaranteed;

Network Platform service level: Trusted cloud computing and virtual cloud Platform security, namely computational credibility, virtual machine security, cloud network protection.

How to solve cloud security issues? I think we can take the three-step strategy:

The first step is to establish the trust mechanism and standardize the management process. Solve the cloud computing security problem, technology is the means, management is the fundamental, cloud security relies on "Three technology, seven management"; enhance the fairness of the third party management, set up a perfect cloud computing platform security level diagnosis and evaluation framework, regularly publish the security performance of each cloud computing platform.

The second step is to strengthen cloud security research and experience cloud security. Cloud security technology development can be said to be the eternal topic in the field of cloud computing, the attack and the security relation is "the Magic One Foot, the road is high", the security has the relativity, lets the user experience the cloud security, like establishes the cloud security platform, in the world scope public reward attack, enhances the user to the cloud security confidence and so on.

The third step is to develop rich cloud products and enjoy cloud services. Cloud computing in various industries is behind the scenes, the lack of direct contact with the user in the terminal, and embodies the "cloud" characteristics of the product less. should strengthen the product research and development, let the user to have the "cloud" without "cloud" experience gap.

CSDN: Please describe your experience in the field of cloud computing. What are the main tasks?

Hunenghei: Since 2009, our team has been concerned about cloud computing security needs, the development of cloud security research, led by the team around the cloud computing environment Remote data integrity and authentication technology do the following:

(1) In the cloud computing environment, users will store their own pictures, documents and so on for a long time to the cloud server, delete these files locally. To protect the integrity of user data in the cloud, it is necessary to design a remote data integrity verification protocol that enables users to authenticate data anytime, anywhere. Existing protocols do not meet the needs of users in Dynamic Data updating, public authentication and user privacy protection. We have designed a new data integrity verification protocol with the same state RSA authentication identity in number theory, which fully supports data dynamic updating and public authentication, and protects user's privacy from infringement. The work paper has been published in the IEEE Transactions on Knowledge and Data UB Journal.

(2) in wireless networks, traditional security mechanisms are based on computational assumptions, and these assumptions may be ineffective. The scary thing is that these hash functions are already widely used in computers and communication services around the world, so the cracking against them will be disastrous. It would be very important to eliminate the encryption tool's reliance on computational assumptions. In response to this flaw, we have raised the question-can we build a security system without a computational hypothesis in a wireless network? We give a positive answer to this question, and start to build from the wireless channel feature based on the inadvertent transmission protocol. The efficiency and security of the constructed inadvertent transfer Protocol are analyzed. Based on the proposed inadvertent transmission protocol, the method of private communication and password authentication for privacy protection are further constructed. The team's work is published at the top conference in the INFOCOM2011 Computer communications field.

(3) A new identity authentication scheme is proposed for the defects and vulnerabilities of the existing Remote identity authentication scheme. The authentication scheme combines the use of smart cards, passwords, and electronic bills to provide two-way identity authentication for both users and servers, as well as to solve the problem of restricting the number of user visits through the issuance of electronic bills. For example, for digital media access, each ticket restricts access to a movie, and the bill expires with a new purchase. The proposed scheme is applicable to cloud computing environment, E-commerce Domain, digital rights management system and so on.

As a research worker, committed to training the country desperately needed talent, in the cloud computing security direction, has trained 2 graduates, Master 3. At present, the new demand for cloud computing security, the integration of our team has been published in Tkde, Infocom and other international first-class periodical Conference of 15 articles, concise research direction.

This year and for some time to come will be done in the following areas: (1) The research of the access control model of proxy encryption in cloud environment; (2) The information retrieval model of ciphertext domain is oriented to cloud storage security, (3) based on the cloud data coloring mechanism of ciphertext domain; (4) Research on the security level diagnosis and evaluation framework for cloud computing platform.

CSDN: What is the current status of your domain in cloud computing research and application? Where is the focus of competition?

Hunenghei: Whether in academia or industry, cloud computing has set off a boom, but the development and application of cloud computing still need to think deeply and implement, need further excavation and show.

Cloud experience and cloud security are the focus of future competition. The so-called cloud experience is based on cloud computing products to provide users with a unique experience, at present, many traditional products on the market name add a "cloud" to turn the body into cloud products, so that users confused. We should strengthen the research and development of products so that users can realize that there is no "cloud" experience gap. In addition, how to implement the landing cloud? Security is the bottleneck of cloud computing, seriously restricting the spread and popularization of cloud computing products, cloud security should not only be written on the label, cloud security should be done in the product.

CSDN: What are you most concerned about this year's cloud computing conference? What are the expectations?

Hunenghei: This conference I am mainly concerned about the future development of cloud computing policy-oriented, cloud security, the latest research progress, can reflect the "cloud" characteristics of the product three aspects.