基于CPK的Web服务认证系统的研究
发布时间:2019-05-06 21:55
【摘要】:Web服务是自描述的、平台无关的,它使用开放式标准,允许不同的应用程序进行交互。Web服务作为一种新兴的信息技术,形成了一种新的基于互联网的信息系统通用框架,允许用户远程调用不同信息系统的资源。正是Web服务的这些特点,使Web服务得到了广泛的关注。随着Web服务的广泛应用,越来越多的威胁和缺陷被发现。攻击者能够检测到Web服务的漏洞,并利用这些漏洞侵入系统,窃取用户的敏感信息,侵犯用户的隐私权。 为了解决Web服务系统的安全认证问题,本文将组合公钥(CPK)算法引入到Web服务验证机制中,,在原CPK的基础上,增加一对辅助密钥矩阵,基本密钥矩阵不变。用基本密钥矩阵产生Web服务的密钥,用基本密钥矩阵和辅助密钥矩阵产生调用Web服务的用户密钥。此外,重新定义了由用户标识和标识的有效期组成的CPK标识,可以直接从标识中提取出有效期进行验证,使验证更方便。在SOAP头中添加两个自定义元素:用户的CPK标识和签名,并将改进的CPK应用到Web服务系统。理论分析表明,改进后的CPK密钥满足组合公钥体制的性质,与组合公钥有相同的性质,可以解决规模化认证的难题。同时,本算法可以抵抗组合公钥算法中存在的选择共谋攻击、随机共谋攻击和线性共谋攻击,安全性有所提高。 本文提出了一个单双矩阵混合的组合公钥算法并定义用户的CPK标识,将改进的CPK算法引入到Web服务认证系统中,实现了Web服务的安全认证。
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.09
[Abstract]:Web services are self-describing, platform-independent and use open standards to allow different applications to interact. As an emerging information technology, web services form a new general framework for Internet-based information systems. Allows users to remotely invoke resources from different information systems. Because of these characteristics of Web service, Web service has been paid more and more attention. With the wide application of Web services, more and more threats and defects have been discovered. An attacker can detect Web service vulnerabilities and exploit these vulnerabilities to break into the system, steal sensitive information of users, and violate the privacy of users. In order to solve the security authentication problem of Web service system, the combined public key (CPK) algorithm is introduced into the Web service authentication mechanism. On the basis of the original CPK, a pair of auxiliary key matrix is added, and the basic key matrix is unchanged. The basic key matrix is used to generate the key of the Web service, and the basic key matrix and the auxiliary key matrix are used to generate the user key calling the Web service. In addition, the CPK identification is redefined, which is composed of the user identification and the validity period of the identity. The validity period can be extracted directly from the identity for verification, which makes the verification more convenient. Two custom elements are added to the SOAP header: the user's CPK identification and signature, and the improved CPK is applied to the Web service system. The theoretical analysis shows that the improved CPK key satisfies the properties of the combined public key system and has the same properties as the combined public key, which can solve the problem of large-scale authentication. At the same time, the proposed algorithm can resist the selective collusion attack, random collusion attack and linear collusion attack which exist in the combinatorial public key algorithm, and the security is improved. In this paper, a single and dual matrix hybrid combined public key algorithm is proposed, and the user's CPK identification is defined. The improved CPK algorithm is introduced into the Web service authentication system, and the security authentication of Web service is realized.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.09
【参考文献】
相关期刊论文 前10条
1 邵春雨;苏锦海;魏有国;周晶晶;;一种双矩阵组合公钥算法[J];电子学报;2011年03期
2 徐莹;;面向电子商务Web服务的SOAP消息安全传输机制[J];中国管理信息化;2010年13期
3 孟伟;张t
本文编号:2470524
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2470524.html
