The Design of Cross-domain and Single Sign-on System Model and Study on Scheme with Password Synchronization
|School||Lanzhou University of Technology|
|Course||Computer Software and Theory|
|Keywords||RSA algorithm Mixed password transmission protocol Password Synchronization Single sign-on Cross-domain authentication|
Cross-domain single sign-on with Kerberos and SAML ( Security Assertion Markup Language , Security Assertion Markup Language ) technology continues to evolve , the technology has become a hot research field of information security . Several cross-domain single sign-on technology in the process of cross-domain authentication , there is lack of the safety performance of the system model , or not effectively solve password synchronization problem , resulting in inefficient SSO (Single Sign-On, Single Sign-On ) high , password use inconvenience exist passwords leaked forgery attacks , and other issues , these are questions that urgently need to be addressed . For CA's eTrustSSO , Novell company Securelogin SSO system product and Liberty Authentication and the Net Passport technical theory in security , scalability and password synchronization functions to achieve the shortcomings of existing , proposed a secure single sign-on system password synchronization programs. The program uses the optimal asymmetric encryption padding (OAEP) algorithm modified plaintext after RSA encryption algorithm to generate digital certificates ; based on the use of the actual situation of the SSO model improved hybrid password Transfer Protocol (HCTP) password synchronization function ; through password synchronized verify the program to overcome the shortcomings of the RSA algorithm is vulnerable to a chosen ciphertext attack (CCA) , to improve the security of the SSO system to solve a password synchronization difficult problems . Application of the existing cross-domain single sign-on system to better support password synchronization , a secure cross-domain single sign-on system model and password synchronization solution . The new model combines the advantage based on Kerberos and SAML authentication system , able to support password synchronization applications to achieve strict logical structure , and can resist the collapse of a single point of network bottlenecks ; solve cross-domain single sign-on system the password synchronization problem , the optimal asymmetric encryption padding algorithm to modify the plaintext password using the Diffie-Hellman key exchange algorithm to generate the master key , and after RSA encryption algorithm to generate a digital certificate , and finally the use of improved hybrid password transmission protocol achieve single sign-on password synchronization functions .