共查询到20条相似文献,搜索用时 46 毫秒
1.
2.
3.
4.
5.
6.
一种基于CAS的校园网统一平台单点登录方法 总被引:1,自引:0,他引:1
针对当前校园网用户在进行不同应用请求时,需要多次登录验证操作带来用户体验下降,数据安全性不能保障等问题,引入CAS协议,提出一种基于CAS协议的单点登录解决方案。分析了CAS的特点及其在校园网单点登录方案中的应用优势及不足,并结合校园网实际对CAS协议进行了改进,同时还详细介绍了该改进方案的设计流程和实现方案。 相似文献
7.
8.
一个基于Web服务的单点登录系统 总被引:11,自引:1,他引:11
单点登录(SingleSign-On)是为解决传统认证机制所存在的问题而提出的一种技术。文章介绍了MicrosoftPassport工程和自由联盟计划,在此基础上提出了一种基于WebService的单点登录模型并以实现。最后讨论了该系统的用户权限管理、性能以及安全等问题。 相似文献
9.
随着企业信息化建设的发展,企业信息应用系统的种类、数量越来越多,建立统一的身份认证管理机制,用户只需向身份认证中心提供一次身份信息,便可安全、平滑地访问不同应用系统,即实现单点登录,成为企业信息化建设的重要内容。根据当前企业信息应用系统已具有大量历史遗留帐号的实际情况,本文给出了一种基于票据的单点登录协议,对传统的基于票据的单点登录协议必须依赖全局统一用户身份标识的局限性进行改进,通过该协议能够简单、安全地实现对具有大量历史遗留帐号的应用系统的单点登录集成。 相似文献
10.
基于SAML实现Web服务的单点登录 总被引:6,自引:0,他引:6
安全声明标记语言SAML描述认证和授权所需的安全信息,其互操作性为不同系统间提供了共享机制.本文介绍了SAML声明、协议和绑定,提出了基于SAML的Web服务单点登录模型,并用WS-Security规范保证SAML自身的安全. 相似文献
11.
John Charles Gyorffy Andrew F. Tappenden James Miller 《International Journal of Information Security》2011,10(6):321-336
Given that phishing is an ever-increasing problem, a better authentication system is required. We propose a system that uses
a graphical password deployed from a Trojan and virus-resistant embedded device. The graphical password utilizes a personal
image to construct an image hash, which is provided as input into a cryptosystem that returns a password. The graphical password
requires the user to select a small number of points on the image. The embedded device will then stretch these points into
a long alphanumeric password. With one graphical password, the user can generate many passwords from their unique embedded
device. The image hash algorithm employed by the device is demonstrated to produce random and unique 256-bit message digests
and was found to be responsive to subtle changes in the underlying image. Furthermore, the device was found to generate passwords
with entropy significantly larger than that of users passwords currently employed today. 相似文献
12.
Kerberos是目前广泛被采用的成熟的认证协议,跨域认证是Kerberos在网络中的应用,实现远距离网络认证功能.传统的Kerberos基于对称密钥加密技术,为了使网络认证更加安全有效,在Kerberos认证过程中采用公钥加密.对kerberos集成公钥跨域认证进行深入研究,并对集成公钥后的Kerberos跨域过程进行模拟环境测试和性能分析. 相似文献
13.
目前,IP网络面临着安全问题需要解决,IPSec(IPSecurity)是一个适合于IP层安全性问题的标准解决方案,但IPSec不适合进行大规模部署和有效管理。针对该问题,给出了一个应用于IPSec的PAI鉴别模型,该模型包含策略管理、鉴别服务和IKE扩展等部分。最后给出了该模型关键部分的实现方法。 相似文献
14.
文章介绍分布式网络中的Kerberos安全认证体系。着重分析了Kerberos安全认证体系的局限性。针对Kerberos存在的缺陷,采用一种改进的RSA加密算法Yaksha算法,并应用于网络安全防护系统,取得了较好的效果。 相似文献
15.
Internet上不同的安全域间要实现信息资源的安全访问首先需要认证.目前常用的认证协议是Kerberos协议,但在网络环境下,该协议无法对真实的客户端进行认证.因此,给出了新的域间身份认证协议以及相应的"现时"产生方案,并利用改进的Spi演算对所设计的认证协议进行了分析,证明了该协议的安全性,能够有效地解决网间的信息安全传输. 相似文献
16.
Alejandro Pérez-Méndez Fernando Pereñíguez-García Rafael Marín-López Gabriel López-Millán 《Computer Communications》2013
Nowadays, network operators and educational and research communities are extending the access to their Internet application services to external end users by deploying, with other domains, the so-called identity federations. In these federations, end users use the identity and authentication credentials registered in their home organizations for accessing resources managed by a remote service provider. However, current identity federation solutions focus mainly on assisting network access and web services, while a significant number of services are left aside (e.g., SSH, FTP, Jabber, etc.). Taking advantage of the widespread adoption of Kerberos by current application services, this paper presents a solution to provide federated access to any kind of application service by using existing Authentication, Authorization and Accounting (AAA) infrastructures. The solution bootstraps a security association, in the service provider which enables the acquisition of a Kerberos credential to access the service. To link the end user authentication with the AAA infrastructure and the bootstrapping of the security association the solution uses the so-called Protocol for Carrying Authentication for Network Access (PANA). 相似文献
17.
There is a potential server bottleneck problem when the Kerberos model is applied in large-scale networks because the model uses centralized management. To enlarge its application scope, researchers must consider how to build a trust relation among those Kerberos servers located on different isolated domains, but have not provided a way to prevent the potential bottleneck that can occur with Kerberos servers. With the development of across-domain authentication techniques, the local server bottleneck problem has not been alleviated; in fact, it has become more serious.Adopting the rigorous binary tree code algorithm, we present an authentication model based on Kerberos. Compared with similar models, our model has several advantages. First, it overcomes the potential server bottleneck problem and can balance the load automatically. Second, it can process across-domain authentication and enlarge the authentication boundary. Finally, its authentication path is short, with no more than two Kerberos servers being involved when authenticating a user. 相似文献
18.
针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题,引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进。在随机预言机模型下证明了新协议的强安全性,分析了改进后Kerberos单点登录协议的优势。引入的密钥协商协议仅需3次点乘运算和2次哈希运算,计算开销较低。采用隐式认证方式,避免了原Kerberos中第三方对信息的无举证窃听,有效克服了中间人攻击。 相似文献
19.
基于混合体制的Kerberos身份认证协议的研究 总被引:2,自引:0,他引:2
对Kerberos身份认证协议方案进行了详细的分析,针对Kerberos协议本身存在的局限性,从系统安全性和实际执行性能角度出发,提出了一种混合加密体制的Kerberos改进协议。并且解决了Kerberos认证协议可能存在窃听通信双方会话的问题,从而防止内部攻击。 相似文献
20.
针对电力监控系统中的安全问题,介绍了基于Kerberos的用户认证和数据加密传输的设计与实现.系统以模块化方式加载了裁减后的Kerberos,有效地防止了非授权用户窃取电网数据或利用电网控制功能破坏电网正常运作,并保证了安全性和实时性的平衡. 相似文献