作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (13): 146-148. doi: 10.3969/j.issn.1000-3428.2010.13.051

• 安全技术 • 上一篇    下一篇

基于认证协议的Web单点登录优化设计

张小红1,2,樊中奎2   

  1. (1. 北京邮电大学网络与交换技术国家重点实验室信息安全中心,北京 100876; 2. 江西理工大学信息工程学院,赣州 341000)
  • 出版日期:2010-07-05 发布日期:2010-07-05
  • 作者简介:张小红(1966-),女,教授、博士,主研方向:保密通信,混沌同步;樊中奎,硕士研究生
  • 基金资助:
    高等学校博士学科点专项科研基金资助项目(200700 13005);中国博士后基金资助项目(20070410045);江西省教育厅科技基金资助项目(GJJ09230)

Optimized Design of Web Single Sign-On Based on Authentication Protocol

ZHANG Xiao-hong1,2, FAN Zhong-kui2   

  1. (1. Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876; 2. School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou 341000)
  • Online:2010-07-05 Published:2010-07-05

摘要: 针对Kerberos认证协议Web环境中进行单点登录存在的安全隐患,基于Schnorr协议的挑战/响应方式,结合Secure Cookies、HttpSession解决Web环境下HTTP协议的无状态性及服务器间的安全会话。实验结果表明,该方案性能稳健,响应速度快,防攻击力强,具有良好的实用价值和应用前景。

关键词: Kerberos协议, Schnorr协议, 单点登录, 身份认证, 优化设计

Abstract: This paper proposes a novel scheme aiming at security treatments based on Kerberos protocol with Single Sign-On(SOS) in Web environment. In order to avoid authentication server being attacked, a challenge/response mode with Schnorr protocol is adopted. Secure cookies and HTTP session are selected to solve HTTP protocol non-state, and to keep secure sessions between Web servers. Experimental test shows that this project has solid performance, fast response speed, strong resistibility, and possesses better application value and foreground.

Key words: Kerberos protocol, Schnorr protocol, Single Sign-On(SSO), identity authentication, optimized design

中图分类号: