The Research And Implementation Of User Authentication Mechanisms In Database

Database authentication is the process by which the database server establishes the identity of the client, and by extension determines whether the client application (or the user who runs the client application) is permitted to connect with the user name that was requested It is the combination of authentication technology and database technology .With the development of the third-party authentication product and cryptosystems ,database authentication has a great advancement both in theory and practice .But current database products are purchased from foreign countries ,our country's information security is unreliable without grasping the key security technologies .It is significant to develop a national database with our own technologies.The goal of this paper is to provide a secure , practical and efficient user authentication mechanism which is based on the deeply research on the open source DBMS software PostgreSQL and other related technologies.Specially, this paper focuses on the following authentication mechanisms:1) Operating system authentication .This mechanism controls logging access by the security features of network user .implementing integration with access control mechanisms of Windows NT 4.0 or Windows 2000.This technology allows user to access database without inputting user id and password and provides more security functions by utilizing the security technologies of operating system.2) A new one time password authentication scheme .The original password authentication is vulnerable to guess attack and server personating attack .To overcome the vulnerability of this scheme ,this paper designs a simple and efficient password authentication schema .The enhanced schema can improve the system's ability to defend all kinds of the attacks without using any cryptosystems.3) User authentication based on keystroke features .Database security is meaningless if the password is stolen .Current approach for authentication based on biometrics must be supported with special hardware device with high expense. This paper proposes a new approach based on keystroke features as a strong authentication choice.Additionally, this paper also introduces the framework of common national DBMS user authentication with the technologies mentioned above, and provides part of its implementation.