基于CPK的Web服務(wù)認(rèn)證系統(tǒng)的研究
發(fā)布時(shí)間:2019-05-06 21:55
【摘要】:Web服務(wù)是自描述的、平臺(tái)無(wú)關(guān)的,它使用開(kāi)放式標(biāo)準(zhǔn),允許不同的應(yīng)用程序進(jìn)行交互。Web服務(wù)作為一種新興的信息技術(shù),形成了一種新的基于互聯(lián)網(wǎng)的信息系統(tǒng)通用框架,允許用戶遠(yuǎn)程調(diào)用不同信息系統(tǒng)的資源。正是Web服務(wù)的這些特點(diǎn),使Web服務(wù)得到了廣泛的關(guān)注。隨著Web服務(wù)的廣泛應(yīng)用,越來(lái)越多的威脅和缺陷被發(fā)現(xiàn)。攻擊者能夠檢測(cè)到Web服務(wù)的漏洞,并利用這些漏洞侵入系統(tǒng),竊取用戶的敏感信息,侵犯用戶的隱私權(quán)。 為了解決Web服務(wù)系統(tǒng)的安全認(rèn)證問(wèn)題,本文將組合公鑰(CPK)算法引入到Web服務(wù)驗(yàn)證機(jī)制中,,在原CPK的基礎(chǔ)上,增加一對(duì)輔助密鑰矩陣,基本密鑰矩陣不變。用基本密鑰矩陣產(chǎn)生Web服務(wù)的密鑰,用基本密鑰矩陣和輔助密鑰矩陣產(chǎn)生調(diào)用Web服務(wù)的用戶密鑰。此外,重新定義了由用戶標(biāo)識(shí)和標(biāo)識(shí)的有效期組成的CPK標(biāo)識(shí),可以直接從標(biāo)識(shí)中提取出有效期進(jìn)行驗(yàn)證,使驗(yàn)證更方便。在SOAP頭中添加兩個(gè)自定義元素:用戶的CPK標(biāo)識(shí)和簽名,并將改進(jìn)的CPK應(yīng)用到Web服務(wù)系統(tǒng)。理論分析表明,改進(jìn)后的CPK密鑰滿足組合公鑰體制的性質(zhì),與組合公鑰有相同的性質(zhì),可以解決規(guī)模化認(rèn)證的難題。同時(shí),本算法可以抵抗組合公鑰算法中存在的選擇共謀攻擊、隨機(jī)共謀攻擊和線性共謀攻擊,安全性有所提高。 本文提出了一個(gè)單雙矩陣混合的組合公鑰算法并定義用戶的CPK標(biāo)識(shí),將改進(jìn)的CPK算法引入到Web服務(wù)認(rèn)證系統(tǒng)中,實(shí)現(xiàn)了Web服務(wù)的安全認(rèn)證。
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.09
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.09
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 邵春雨;蘇錦海;魏有國(guó);周晶晶;;一種雙矩陣組合公鑰算法[J];電子學(xué)報(bào);2011年03期
2 徐瑩;;面向電子商務(wù)Web服務(wù)的SOAP消息安全傳輸機(jī)制[J];中國(guó)管理信息化;2010年13期
3 孟偉;張t
本文編號(hào):2470524
本文鏈接:http://www.lk138.cn/guanlilunwen/ydhl/2470524.html
最近更新
教材專著
