计算机科学 ›› 2015, Vol. 42 ›› Issue (4): 106-110.doi: 10.11896/j.issn.1002-137X.2015.04.020
王冠众,张 斌,费晓飞,熊厚仁
WANG Guan-zhong, ZHANG Bin, FEI Xiao-fei and XIONG Hou-ren
摘要: 可转换代理签密算法具有保护用户隐私、抗重放攻击、抗抵赖性等优势,基于该算法提出一种SAML跨域单点登录协议(SSPCPS)。通过用户与异构域服务器直接交互认证,简化了跨域单点登录认证过程。用户身份票据由双方公钥结合用户随机选取的参数而生成,以密文形式传输,攻击者即使窃取该令牌也无法调用服务。用户利用代理签名密钥对摘要进行签密,在减少计算量的同时也可保证用户隐私安全。SSPCPS协议基于DH算法协商会话密钥,简化了会话密钥分发过程并降低了管理成本。使用CK安全模型证明了本协议的安全性并进行了性能分析,结果表明协议具有前向保密性、消息完整性等特点,同时在生成票据计算量和计算时间方面优于SSPPS协议、Juang方案、Kerberos机制等。
[1] Armando A,Carbone R,Compagna L,et al.An authentication flaw in browser-based single sign-on protocols:Impact and remediations[J].Computers & Security,2012,3:41-58 [2] Lutz D J,Stiller B.Combining identity federation with payment:the SAML-based payment protocol[C]∥2010 IEEE/IFIP Network Operations and Management Symposium(NOMS).2010:495-502 [3] 唐利娟.SAML及SSO研究与企业化SSO框架设计[D].济南:山东大学,2011 [4] 陈天玉.基于Web Service的单点登录认证模型的研究与实现[D].长沙:湖南大学,2010 [5] 何倩,王芳,柴华昕,等.Web服务认证技术综述[J].桂林电子科技大学学报,2013,33(3):246-252 [6] 邱罡,张崇,周利华.基于可信计算的Web单点登录方案[J].计算机科学,2010,37(9):121-123 [7] 尹星.基于SAML的单点登录模型及安全的研究与实现[D].镇江:江苏大学,2005 [8] 王曦,张斌.基于代理签名的SAML单点登录协议[J].计算机工程,2012,38(16):130-133 [9] 王亚弟,束妮娜,韩继红,等.密码协议形式化分析[M].北京:机械工业出版社,2007:169-180 [10] 谢琪,吴吉义,等.云计算中基于可转换代理签密的可证安全的认证协议[J].中国科学,2012,42(3):303-313 [11] 孙华,郑雪峰.一种可证安全的有效无证书签密方案[J].计算机科学,2013,40(11):112-116 [12] Nicolosi A,Krohn M,Dodis Y,et al.Proactive two-party signatures for user authentication[C]∥Proceedings of the Network and Distributed System Security Symposium.San Diego,2003 [13] Chen L,Chen Z,Smart N P.Identity-based key agreement protocols from pairings[J].Int J Inf Sec,2007,6:213-241 [14] Canetti R,Krawczyk H.Analysis of key-exchange protocols and their use for building secure channels[C]∥Advances in Cryptogy(EUROCYPT’01).London:Springer-Verlag,2001:453-474 [15] Bellare M,Canetti R,Krawczyk H.A modular approach to the design and analysis of authentication and key-exchange protocols[J].30th STOC.1998:419-428 [16] Mitchell C J,Ward M,Wilson P.Key control in key agree- ment protocols[J].Electronics Letters,1998,34:980-981 [17] Guhe C G.An identity-based key-exchange protocol[C]∥Proceedings of the Eurocrypt 89.Belgium,1990:29-37 [18] Juang W S,Chiu J Y,Chang H Y.A secure and efficient delegation-based authentication scheme in public clouds[C]∥The 1st Cross-Straits Conference On Information Security.Hangzhou,2011:96-102 [19] Clom,Michael.Pairing Calculation on super singular GenusCurves[C]∥Proceedings of the 13th International Conference on Selected Areas in Cryptography(SAC’06).2006 |
No related articles found! |
|