摘要: 针对现有单点登录(SSO)系统难以有效支持口令同步的问题,设计一个安全性和扩展性更好的SSO系统模型,利用最优非对称加密填充算法修改明文,采用RSA加密算法产生数字证书,在此基础上改进混合密码传输协议,以更好地实现SSO系统中服务器、客户端代理服务器及认证机构三者之间的传输应用。通过对口令同步的实现,验证该方案相比原协议即时性更强、口令密钥安全性更高,能有效抵抗选择密文攻击。
关键词:
单点登录系统,
口令同步,
混合密码传输协议,
最优非对称加密填充算法,
RSA算法
Abstract: In order to make the current Single Sign-on(SSO) schemes effectively support the application of password synchronization, this paper designs a secure model with better expansionary. It uses Optimal Asymmetric Encryption Padding(OAEP) encryption algorithm to modify the plaintext and creates a digital certificate through RSA encryption algorithm. Hybrid Cryptograph Transfer Protocol(HCTP) is improved to make it better realize the transmission applications among the server, the client proxy server and the Certificate Authority(CA) institutions of transfer in SSO system. The realization of password synchronization test verifies the stronger instantaneity and the higher security in the password key compared with HCTP, which can effectively resist chosen-ciphertext attack.
Key words:
Single Sign-on(SSO) system,
password synchronization,
Hybrid Cryptograph Transfer Protocol(HCTP),
Optimal Asymmetric Encryption Padding(OAEP) algorithm,
RSA algorithm
中图分类号:
张秋余, 蔡志鹏, 袁占亭. 一种安全的单点登录系统口令同步方案[J]. 计算机工程, 2011, 37(17): 122-123,142.
ZHANG Qiu-Tu, CA Zhi-Feng, YUAN Tie-Ting. Secure Password Synchronization Scheme for Single Sign-on System[J]. Computer Engineering, 2011, 37(17): 122-123,142.