Cloud computing is an emerging application model that integrates traditional computing resources into a larger, faster cloud service center. Cloud computing is based on virtualization technology, network as the carrier, providing infrastructure (IaaS), platform (PaaS), Software (SaaS) and other services, the integration of large-scale scalable computing, storage, data, applications and other distributed computing resources to work together in the Super computing model. The application of cloud computing can expand and shrink, so that users can acquire the resources suitable for their own needs, and improve the computational efficiency while saving the user's calculation cost greatly.
In a cloud computing environment, user perceptions can change radically: from "buy a product" to "buy a service", because they are not directly facing the complex hardware and software, but the ultimate service. Users do not need to have visible, touch the hardware facilities, also do not need to pay equipment for the computer room power supply, air-conditioning refrigeration, maintenance and other costs, and do not have to wait for a long supply cycle, project implementation, such as lengthy time, only to the funds to the cloud computing service provider, you can immediately get the required services.
Although cloud computing has drastically reduced the cost of users ' own application, the computing model based on virtualization and remote network makes its security questionable. Privacy protection is one of the focuses of many users, especially business users, who are unwilling to let the government know about their business practices or to let their opponents know about any business secrets. The same is true for ordinary users, where private photos and messages are on the cloud, and they are most concerned about leaking information. At the same time, the remote identity authentication mechanism is relatively fragile and cannot guarantee the security of user identity. From the point of view of the current cloud computing, the following issues restrict the spread and development of cloud computing:
1 Data privacy issues. How to ensure that the data privacy of the cloud service provider is not used illegally, not only need the technical improvement, but also need to improve the law.
2 data security. Some data is the business secret of the Enterprise, the security of data is related to the survival and development of the enterprise, the security Problem of cloud computing data can not solve the application of cloud computing in enterprise.
3 User use habits. How to change the user's usage habits, make the user adapt to the network software and hardware application is a long and arduous challenge.
4 Network transmission problem. Cloud computing services rely on the network, low speed and unstable network environment will make cloud application performance is not high, the popularity of cloud computing relies on the development of network technology.
A careful analysis of the security problems faced by cloud computing is not much different from the traditional security issues, but it has changed a lot from security solutions and service patterns. Here take the private cloud of enterprise construction as an example to illustrate the second with the gradual spread of cloud computing applications, some large group enterprises begin to apply the private cloud initially, integrate IT resources, focus on providing all kinds of service of the enterprise, allocate, manage and compute resource sharing to the staff, and reduce the operation and management of the traditional single machine. Strengthen the control over the staff. In order to solve the security problems such as user access and data storage of cloud platform, digital certificate is used to realize the strong identity authentication and encrypt the private data of its users (see Figure 1).
Figure 1 Cloud Platform Security logic structure
Most of the private cloud is now based on virtualized architecture design, virtual infrastructure is the traditional user PC side of the local computing, application and storage all stripped to the data center, through the server cluster, the independent virtual machine for all operations and processing, the client only do the rendering of the results and computing information input. This architecture solves the problem of the unsafe and difficult management of data local computing and storage in the traditional mode of PC-client. Under the virtual application architecture, the user's resources can be extended flexibly, and according to the need to adopt different operating systems and personalized data, at the same time, in the Access link using Cloud Access gateway to respond to user access requests, the use of digital certificates to achieve user identity strong authentication, user login virtualization Remote Desktop must show digital certificate, To enter the virtual environment. In the background of the cloud environment, specialized security devices provide encryption services, through the cloud Platform management system to encrypt the encryption key scheduling and management, the need to encrypt the business or personal data encryption, and through the personal user's digital certificate to encrypt the encryption key to ensure that the encrypted data only the encryption can open, Ensure the privacy and security of multiple user data.
Cloud computing environment for identity authentication and data security is more important, through the digital certificate asymmetric encryption characteristics can effectively solve the above problems, from the implementation of the principle and the traditional certificate application is not much different.