基于CPK的Web服務認證系統(tǒng)的研究
發(fā)布時間:2019-05-06 21:55
【摘要】:Web服務是自描述的、平臺無關的,它使用開放式標準,允許不同的應用程序進行交互。Web服務作為一種新興的信息技術,形成了一種新的基于互聯(lián)網(wǎng)的信息系統(tǒng)通用框架,允許用戶遠程調用不同信息系統(tǒng)的資源。正是Web服務的這些特點,使Web服務得到了廣泛的關注。隨著Web服務的廣泛應用,越來越多的威脅和缺陷被發(fā)現(xiàn)。攻擊者能夠檢測到Web服務的漏洞,并利用這些漏洞侵入系統(tǒng),竊取用戶的敏感信息,侵犯用戶的隱私權。 為了解決Web服務系統(tǒng)的安全認證問題,本文將組合公鑰(CPK)算法引入到Web服務驗證機制中,,在原CPK的基礎上,增加一對輔助密鑰矩陣,基本密鑰矩陣不變。用基本密鑰矩陣產生Web服務的密鑰,用基本密鑰矩陣和輔助密鑰矩陣產生調用Web服務的用戶密鑰。此外,重新定義了由用戶標識和標識的有效期組成的CPK標識,可以直接從標識中提取出有效期進行驗證,使驗證更方便。在SOAP頭中添加兩個自定義元素:用戶的CPK標識和簽名,并將改進的CPK應用到Web服務系統(tǒng)。理論分析表明,改進后的CPK密鑰滿足組合公鑰體制的性質,與組合公鑰有相同的性質,可以解決規(guī);J證的難題。同時,本算法可以抵抗組合公鑰算法中存在的選擇共謀攻擊、隨機共謀攻擊和線性共謀攻擊,安全性有所提高。 本文提出了一個單雙矩陣混合的組合公鑰算法并定義用戶的CPK標識,將改進的CPK算法引入到Web服務認證系統(tǒng)中,實現(xiàn)了Web服務的安全認證。
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【學位授予單位】:天津大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.09
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【學位授予單位】:天津大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.09
【參考文獻】
相關期刊論文 前10條
1 邵春雨;蘇錦海;魏有國;周晶晶;;一種雙矩陣組合公鑰算法[J];電子學報;2011年03期
2 徐瑩;;面向電子商務Web服務的SOAP消息安全傳輸機制[J];中國管理信息化;2010年13期
3 孟偉;張t
本文編號:2470524
本文鏈接:http://www.lk138.cn/guanlilunwen/ydhl/2470524.html
最近更新
教材專著
