Abstract:
In order to satisfy the need of two-way authentication in Web service, this paper proposes an anti-replay protocol based on caching of timestamp/message ID. The paper designes a two-way authentication protocol based on Simple Object Access Protocol(SOAP) request/response message and WS-Security specification. It implementes the authentication protocol by Module mechanism of Axis2. Experimental results show that, this protocol can effectively avoid the problem of clock synchronization when only use timestamp, and good anti-replay attack capacity.
Key words:
Web service authentication,
caching of timestamp/message ID,
two-way authentication protocol,
anti-replay attack,
Axis2 Module mechanism
摘要: 用户调用Web服务时需要双向认证。为此,提出一种抗重放攻击的Web服务认证协议。基于时间戳/消息ID缓存的抗重放攻击方法,利用简单对象访问协议的请求/响应消息和WS-Security规范设计双向认证协议,使用Axis2的Module机制加以实现。实验结果表明,该协议能避免单纯采用时间戳所带来的时钟同步问题,具有较好的抗重放攻击能力。
关键词:
Web服务认证,
时间戳/消息ID缓存,
双向认证协议,
抗重放攻击,
Axis2 Module机制
CLC Number:
HAN Chong-Yan, ZHANG Gong-Qi, ZHANG Bin, YANG Yan. Web Service Authentication Protocol of Anti-replay Attack[J]. Computer Engineering, 2011, 37(21): 91-93.
韩崇砚, 张红旗, 张斌, 杨艳. 一种抗重放攻击的Web服务认证协议[J]. 计算机工程, 2011, 37(21): 91-93.