Researches On Authentication And Authorization In The Distributed Environment

As applications in the distributed network have been increasing in the recent past, the need for authentication and access control has become very important. Several authentication methods access control models have been proposed. This dissertation makes researches on authentication and access control in the distributed environment. Main achievements in this paper are summarized as follows:Firstly, an fingerprint-based authentication protocol is proposed which is based on fingerprint recognition in combination with public key cryptography and is the base of an fingerprint authentication system designed. The protocol is secure against stolen-verifier(the attacker can use the fingerprint information that he stole from the server to masquerade as a legitimate user in the authentication protocol.) and replay attacks and ensures the privacy and authenticity of users' fingerprints information. The innovation of the protocol is that the fingerprint is regarded as plain data and needs to be protected and the protocol is the combination between fingerprint recognition and cryptography. In the paper, we improve CHAP protocol by substituting password in the protocol with fingerprint after analyzing the security of CHAP. In addition, an improved secure lock is designed by using the Chinese Remainder Theorem, which is used for key management of the confidential cell broadcast. The secure lock scheme achieves both forward and backward secrecy and can provide lower computation overhead and network communication overhead.Based on the analysis and research of single sign-on solutions and models, the notion of roaming authentication and authentication trust list is proposed. A general idea is given to solve sigle sign-on in the distributed environment. Also, we present a single sign-on model in the distributed environmrnt and give users' single sign-on flow in detail.The notion of user entity and user hierarchy is proposed after review of RBAC96 for the first time. Then we proposed Hierarchical-User RBAC(HURBAC) model which we improve RBAC96 Modl by making users hierarchical to simplify the user-role assignment. Also the formal definition of the HURBAC model is presented in the paper.Based on HURBAC, AHURBAC(Administrative Hierarchical-User RBAC), a administrative hierarchical-user-based access control model is proposed. It is burdensome for administrators to assign roles for tens of thousands users. The AHURBAC model presented in the paper provide lower administration overhead by making users and administrators hierarchical. In the AHURBAC model, We make users and administrators hierarchical. A formal definition of AHURBAC is presented and redefine can_assign,can_revoke,can_assignpå’Œcan_revokep.