基于多因素认证的微社区O2O平台安全增强机制的研究与实现

发布时间：2018-12-14 01:34

【摘要】：近日李克强总理在2015年政府报告工作报告中提出了“互联网+”行动计划,“互联网+”引起了广泛的关注,O2O模式作为“互联网+”的主要代表,更是进入了蓬勃发展的时期,国内涌现了大量O2O平台。作为互联网中最流行的商业模式,O2O成功将日常生活消费同互联网联系起来。社区O2O解决了物流最后一公里问题,成为蕴含巨大潜力的新模式。在快速发展的同时,它也面临着越来越多的问题,包括流量转换问题,资源整合问题以及安全问题等,特别是在安全性方面给用户以及平台带来了巨大的经济损失,解决电子商务O2O平台的安全性问题迫在眉睫。国内O2O平台普遍采用基于口令的身份认证协议,其在通信过程中仅使用简单加密甚至不加密,用户信息在通信过程中易被偷听或者篡改;另一方面,由于常见O2O平台框架的健壮性问题,用户口令等隐私极易被拖库后用于撞库攻击。O2O面临的问题主要还有身份凭证安全,交易中用户信息及个人账户等信息的暴露等。针对以上问题,本文对如何保证信息不被截取,抵抗常见攻击尤其是撞库攻击进行研究。针对O2O安全性问题,本文通过对常见攻击的研究,对系统平台进行了相关的安全增强。从认证协议入手,本文对业务流的各个环节进行分析,从整体技术框架角度对微社区体系进行安全性加固,增加安全增强模块。本文首先介绍了O2O平台常见的安全问题、目前O2O平台采用的用户认证协议的相关知识和一些密码学以及撞库相关的攻击理论和技术背景。随后介绍了微社区O2O平台的总体设计,接着对其技术架构,功能架构进行具体详细的设计说明,然后对安全增强模块做了详细的阐述,介绍了主要的安全风险以及针对其设计的增强体系方案,并设计了基于微社区环境下的身份认证协议,最后通过测试验证本文实现功能的有效性。
[Abstract]:Recently, Premier Li Keqiang put forward the "Internet" action plan in his report on the work of the government in 2015. The "Internet" has aroused widespread concern, and the O2O model is the main representative of the "Internet". It has entered a period of vigorous development, and a large number of O 2 O platforms have emerged in China. As the most popular business model on the Internet, O 2 O has successfully linked daily life consumption to the Internet. Community O-2O solves the last kilometer problem of logistics and becomes a new model with great potential. At the same time, it also faces more and more problems, including traffic conversion, resource integration and security issues, especially in the security aspects of the users and the platform brought huge economic losses. It is urgent to solve the security problem of e-commerce O 2O platform. The identity authentication protocol based on password is widely used in the domestic O2O platform. It only uses simple encryption or even no encryption in the communication process, and the user information is easily eavesdropped or tampered with in the communication process. On the other hand, due to the robustness of the common O2O platform framework, user passwords and other privacy can easily be towed back to the library to attack. The exposure of user information and personal accounts in transactions. In view of the above problems, this paper studies how to ensure that the information is not intercepted and how to resist the common attacks, especially the attacks against the storehouse. Aiming at the problem of O _ 2O security, this paper improves the security of the system platform through the research of common attacks. Starting with the authentication protocol, this paper analyzes all aspects of the business flow, strengthens the micro-community system from the perspective of the overall technical framework, and increases the security enhancement module. This paper first introduces the common security problems of O2O platform, the relevant knowledge of user authentication protocol used in O2O platform at present, some cryptography and attack theory and technical background related to the collision library. Then introduced the overall design of the micro-community O2O platform, followed by a detailed description of its technical architecture, functional framework, and then made a detailed description of the security enhancement module. This paper introduces the main security risks and the design of the enhanced system, and designs the identity authentication protocol based on the micro-community environment. Finally, the effectiveness of the implementation function is verified by testing.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP309

【相似文献】