信息安全系统中用户身份认证技术的研究
|
摘要
随着全球信息化进程的不断加速,国内外信息产业领域对信息安全的关注与日俱增,尤其在信息网络化如此普及的年代,网络安全与信息产业息息相关。基于网络环境中的信息安全系统,身份认证成为了网络安全中的一个重要研究课题。
身份认证技术是计算机及网络系统确认操作者身份的过程,主要是解决验证网络通讯双方真实身份的问题,为了在通信双方之间建立相互信任可靠的关系。在信息安全中,身份认证技术占有极其重要的地位,是信息安全系统的第一个关卡。由此,身份认证是最基本的安全服务,其他安全服务都要依赖于它。身份认证系统的特殊地位,使得其早已成为黑客的众矢之的。
本文所研究的双因素身份认证技术基于C/S+B/S复合架构,避免了用户名/密码方式的单一的静态口令匹配,继承了动态口令的认证模式,提出其时间同步与否带来的弊端,同时拓展了认证渠道,增加了物理认证匹配因素,从而极大保证了信息化企业内部的高级管理人员对本企业应用系统的管理权限认证的安全性,多因素身份认证技术有效地增强了信息安全。
依据动态口令机制实现身份认证,使用户可以用随机的口令进行登录,能够彻底解决现存的信息安全系统中身份识别与认证方面的问题,以确保各类资源的安全。动态口令身份认证系统属于信息安全领域中的身份识别软件,是基于密钥和时间双(?)因素的身份认证系统。该系统动态口令的有效使用期限和有效使用次数可以进行严格的控制,这就很好的解决了静态口令机制固有的口令容易被截获和攻击的弱点,为用户提供了一种安全性较高的身份认证机制。
本文将按照如下顺序进行论述:第一章介绍身份认证技术的发展及现状分析;第二章是网络安全技术的发展与现状;第三章主要是身份认证密码学基础;第四章是介绍认证协议和认证机制;第五章主要介绍了多因素身份认证系统的设计;第六章介绍了产生随机序列的算法分析;第七章主要是介绍信息安全系统中构建的身份认证系统的设计与实现;
Along with the global information advancement unceasing acceleration, the domestic and foreign information industries domain grows day by day to the information security attention, especially in the information network so popular age, the network security and the information industries is closely linked. Based on the network environment in information security system, the status authenticated into in a network security important research topic.
The status authentication technology is the computer and the network system confirmed the operator status the process, mainly solves the confirmation network communication both sides real status problem, in order to establishes between correspondence both sides mutually trusts the reliable relations. In the information security, the status authentication technology holds the extremely important status, is the information security system first checkpoint. From this, the status authentication is the most basic safe service, other securities serve all must rely on it. The status authentication system special status, enables it already to become hacker's numerous arrows.
This article studies the double factor status authentication technology based on C/S and the B/S compound overhead construction, has avoided the user/password way sole static password match, has inherited the dynamic password authentication pattern, rejects malpractice which meantime
synchronization or not brings, simultaneously developed has authenticated the channel, increased the physical authentication match factor, thus enormously had guaranteed the information enterprise interior high-level administrative personnel to this enterprise application system management jurisdiction authentication security, the multi- factors status authentication technology effectively strengthened the information security.
Rests on the dynamic password mechanism realization status authentication, enables the user to be allowed to use the stochastic password to carry on registers, can in the thorough settlement extant information security system the status recognition and the authentication aspect question, guarantees each kind of resources the security. The dynamic password status authentication system belongs to in the information security domain status recognition software, is based on the key and the time dual factor status authentication system. This system dynamic password effective life and the effective use number of times may carry on the strict control, this very good solution static state password mechanism inherent password easily has been intercepted and attack weakness, has provided one kind of secure higher status authentication mechanism for the user.
This article will defer to the following order to carry on the elaboration: First chapter introduction status authentication technology development and present situation analysis; Second chapter is the network security technology development and the present situation; Third chapter mainly is the status authentication cryptology foundation; Fourth chapter is introduces the authentication agreement and the authentication mechanism; Fifth chapter mainly introduced the multi- factors status authentication system design; Sixth chapter introduced has the random sequence algorithmic analysis; Seventh chapter mainly is introduced in the information security system constructs status authentication system design and realization.
身份认证技术是计算机及网络系统确认操作者身份的过程,主要是解决验证网络通讯双方真实身份的问题,为了在通信双方之间建立相互信任可靠的关系。在信息安全中,身份认证技术占有极其重要的地位,是信息安全系统的第一个关卡。由此,身份认证是最基本的安全服务,其他安全服务都要依赖于它。身份认证系统的特殊地位,使得其早已成为黑客的众矢之的。
本文所研究的双因素身份认证技术基于C/S+B/S复合架构,避免了用户名/密码方式的单一的静态口令匹配,继承了动态口令的认证模式,提出其时间同步与否带来的弊端,同时拓展了认证渠道,增加了物理认证匹配因素,从而极大保证了信息化企业内部的高级管理人员对本企业应用系统的管理权限认证的安全性,多因素身份认证技术有效地增强了信息安全。
依据动态口令机制实现身份认证,使用户可以用随机的口令进行登录,能够彻底解决现存的信息安全系统中身份识别与认证方面的问题,以确保各类资源的安全。动态口令身份认证系统属于信息安全领域中的身份识别软件,是基于密钥和时间双(?)因素的身份认证系统。该系统动态口令的有效使用期限和有效使用次数可以进行严格的控制,这就很好的解决了静态口令机制固有的口令容易被截获和攻击的弱点,为用户提供了一种安全性较高的身份认证机制。
本文将按照如下顺序进行论述:第一章介绍身份认证技术的发展及现状分析;第二章是网络安全技术的发展与现状;第三章主要是身份认证密码学基础;第四章是介绍认证协议和认证机制;第五章主要介绍了多因素身份认证系统的设计;第六章介绍了产生随机序列的算法分析;第七章主要是介绍信息安全系统中构建的身份认证系统的设计与实现;
Along with the global information advancement unceasing acceleration, the domestic and foreign information industries domain grows day by day to the information security attention, especially in the information network so popular age, the network security and the information industries is closely linked. Based on the network environment in information security system, the status authenticated into in a network security important research topic.
The status authentication technology is the computer and the network system confirmed the operator status the process, mainly solves the confirmation network communication both sides real status problem, in order to establishes between correspondence both sides mutually trusts the reliable relations. In the information security, the status authentication technology holds the extremely important status, is the information security system first checkpoint. From this, the status authentication is the most basic safe service, other securities serve all must rely on it. The status authentication system special status, enables it already to become hacker's numerous arrows.
This article studies the double factor status authentication technology based on C/S and the B/S compound overhead construction, has avoided the user/password way sole static password match, has inherited the dynamic password authentication pattern, rejects malpractice which meantime
synchronization or not brings, simultaneously developed has authenticated the channel, increased the physical authentication match factor, thus enormously had guaranteed the information enterprise interior high-level administrative personnel to this enterprise application system management jurisdiction authentication security, the multi- factors status authentication technology effectively strengthened the information security.
Rests on the dynamic password mechanism realization status authentication, enables the user to be allowed to use the stochastic password to carry on registers, can in the thorough settlement extant information security system the status recognition and the authentication aspect question, guarantees each kind of resources the security. The dynamic password status authentication system belongs to in the information security domain status recognition software, is based on the key and the time dual factor status authentication system. This system dynamic password effective life and the effective use number of times may carry on the strict control, this very good solution static state password mechanism inherent password easily has been intercepted and attack weakness, has provided one kind of secure higher status authentication mechanism for the user.
This article will defer to the following order to carry on the elaboration: First chapter introduction status authentication technology development and present situation analysis; Second chapter is the network security technology development and the present situation; Third chapter mainly is the status authentication cryptology foundation; Fourth chapter is introduces the authentication agreement and the authentication mechanism; Fifth chapter mainly introduced the multi- factors status authentication system design; Sixth chapter introduced has the random sequence algorithmic analysis; Seventh chapter mainly is introduced in the information security system constructs status authentication system design and realization.
引文
[1] William Stallings.密码编码学与网络安全.原理与实践.电子工业出版社,2001
[2] 李中献.网络安全关键技术的研究与实现.北京:北京邮电大学,1999
[3] 陆明.网络环境下身份认证协议的研究.清华大学,1998
[4] 黄元飞,陈麟,唐三平.信息安全与加密解密核心技术.浦东电子出版社,2001
[5] 袁津生,吴砚农.计算机网络安全基础.人民邮电出版社,2002
[6] Merike Kaeo.网络安全性设计.潇湘工作室译.人民邮电出版社,2000
[7] 刘卫宁.基于Internet应用的客户认证协议的研究.重庆大学,1999
[8] 田建波.认证协议的分析设计.西安电子科技大学,1998
[9] 吴旭华.Windows NT驱动程序设计基础.www.china-pub.com,2001
[10] 李海泉,李健.计算机系统安全技术。人民邮电出版社,2001
[11] 高祥.网络安全概说.www.pridechina,org,2001
[12] 周永銮.身份认证理论及其发展,www.china-pub.com,2001
[13] Bruce Schneiere.网络信息安全真相.吴世忠译.机械工业出版社,2001
[14] 计算机世界日报.防火墙安全技术.www.rising.com.cn,2002
[15] 关振胜.公钥基础设施PKI与认证机构CA。电子工业出版社,2002
[16] 蔡皖东.计算机网络技术.西安电子科技大学出版社,1998
[17] 向玲.动态口令系统的设计和实现.中国科学技术大学,2001
[18] Peter Norton,Mike Stockman.网络安全指南.人民邮电出版社,2000
[19] 赖溪讼,韩亮.计算机密码学及其应用.国防工业出版社,2001
[20] Mandy Andress.计算机安全原理.机械工业出版社,2002
[21] Schneier.网络信息安全的真相.械工业出版社,2000
[2] 李中献.网络安全关键技术的研究与实现.北京:北京邮电大学,1999
[3] 陆明.网络环境下身份认证协议的研究.清华大学,1998
[4] 黄元飞,陈麟,唐三平.信息安全与加密解密核心技术.浦东电子出版社,2001
[5] 袁津生,吴砚农.计算机网络安全基础.人民邮电出版社,2002
[6] Merike Kaeo.网络安全性设计.潇湘工作室译.人民邮电出版社,2000
[7] 刘卫宁.基于Internet应用的客户认证协议的研究.重庆大学,1999
[8] 田建波.认证协议的分析设计.西安电子科技大学,1998
[9] 吴旭华.Windows NT驱动程序设计基础.www.china-pub.com,2001
[10] 李海泉,李健.计算机系统安全技术。人民邮电出版社,2001
[11] 高祥.网络安全概说.www.pridechina,org,2001
[12] 周永銮.身份认证理论及其发展,www.china-pub.com,2001
[13] Bruce Schneiere.网络信息安全真相.吴世忠译.机械工业出版社,2001
[14] 计算机世界日报.防火墙安全技术.www.rising.com.cn,2002
[15] 关振胜.公钥基础设施PKI与认证机构CA。电子工业出版社,2002
[16] 蔡皖东.计算机网络技术.西安电子科技大学出版社,1998
[17] 向玲.动态口令系统的设计和实现.中国科学技术大学,2001
[18] Peter Norton,Mike Stockman.网络安全指南.人民邮电出版社,2000
[19] 赖溪讼,韩亮.计算机密码学及其应用.国防工业出版社,2001
[20] Mandy Andress.计算机安全原理.机械工业出版社,2002
[21] Schneier.网络信息安全的真相.械工业出版社,2000