Research Of The Authentication Technology Based On Role-Based Access Control

With the rapid development of computer technology, Informationlization and networklization have become tendencies of today's economic and society's development of the word, the development and utilization of the In-depth information resources, the information from all walks of life and the network-based business have all been more and more attentional by enterprises. As the information technology and networking bring great benefits to the enterprises, they also bring more ricks to them.Therefore the importantence to enterprises is not only the degree of information technology and networks, but also the security of network and sharing of information.The paper first analyzes the technology of the recent computer network security and simply describes several network safety techniques which are commonly used at present. And then the paper mainly researches for the authentication technology in the network security by combining the need of network safety and that of the distributed document management system in the enterprises.At present most of the authentication mechanisms are embedded into the application system, Although to some extent this method has played a certain role in the protection of application system, due to the application system focused on the realization of function, authentication exists only as the existence of a module to the application system. Applications user information is stored in the application server in the distributed database in most application systems. An enterprise has many application systems, and there are few affiliation between the various application systems, different application systems have different groups of visitors, therefore, the user's information is scattered in various application systems. The biggest disadvantage of this approach is that the user's information is dispersive. In order to ensure the consistency of information the administrators have to maintain information in many applications. This increased the difficulty of the maintenance of information, at the same time it is not conducive to the management of information, and it is inconsistent with the information-sharing need of enterprises. Secondly, when the users are logging in the different application systems they need to repeatedly input the information, and that will increase the possibility of making mistakes and the chances of illegal destruction have increased too, thereby it will reduce the security. And every application has its own authentication module increased the the workload of the application system, and this is not in conformity with the principles of software engineering.So this paper brings an uniform identity authentication system which is combined role-based access control with unified authentication. The system is responsible for all users' authentication, no matter which application system the user wants to log on, certification will be finished by the uniform identity authentication system. All user information will be stored in the database and that will be facilitate to plan and manage. That achieved enterprises' need for the high degree of centralization of information and information-sharing. Second, the users only need to log on the uniform identity authentication system once, it will obtain corresponding authority through the authentication, and then it will be able to access all the applications which have registered in the uniform identity authentication system, and to access the resources which have been authorized. All the application systems can turn over the authentication to the authentication system and that reduce the workload of the application system development. At the same time, the whole system will be more easy to maintain and manage, and it will be more safe.In this paper, the idea of uniform identity authentication which is based on uniform identity authentication and role-based access control is to provide a certification standards and an user management interface, all users can access to any applications by it. By enacting a centralized authentication technical specifications the system can achieve unified storage and unified management to the user information and applications, thereby improve the degree of the information sharing, make the system easier to manage and enhance the system security, and make uniform authentication come true. In this paper, two problems have been solved, the concentration of user information storage and management, and the unified authentication and authorization to the user information.In regard to data encryption, the password of the user is encrypted directly in most system. The ciphertext of the password is stored in the database of the server after user registered. When the user is requesting access to the application system, the user's ID and the ciphertext of the password are send to the server by the client. The server search out the ciphertext under the user ID in the database, and then compare the two ciphertexts, if they are identical then the authentication is success. Replay attacks and dictionary attacks are incidental in this method, hackers can log on the server by the ciphertext which have been intercepted by them, or after the hackers intercepted the ciphertext which is encrypted by MD5 they will compare it to the entries in the "password dictionary", these entries ware are operated by MD5 too. The password which is too short and common is easy to captured.For these reasons, this paper gives an improved MD5 algorithm---add a random number to the process of the uniform identity authentication and this random number is send out by the server to the client when a user requested the authentication system to let him log in. The password of the user is encrypted by the client through MD5, and then merge the random number with the fixed-length string into a new one. And then the client do MD5 calculation for one time on this new string. After this, send the ciphertext which was got by doing two times' MD5 calculations to the authentication server. The Sever find the ciphertext which has MD5 once in the database by the user ID, then the ciphertext will be combined with the copy of the random number and do the MD5 calculation again. Finally the server will compare these two ciphertexts. So the ciphertext from the client to the server is different in each entry, it will against replay attacks and dictionary attacks in a large extent, make the system safer.This paper designed the database about the information of the user, the management of the role and the distribution of power according to the need of the enterprise for the software. In this database the information of user is highly concentrated and shared, the relationship between the users, user groups and roles is very definite, it is easy to find out which user group a user belongs to, and what's the grade of role he has.At the end of this paper, it achieves a unified authentication system in the distributed file automatic management system by Java. The system forms a maturity and practically frame on the basis of LDAP, Web Services, SOAP and XML, and it works well.In a word, the purposes of uniform identity authentication is to achieve the sharing of the user information, to facilitate the management and maintain the information of the users, facilitate monitor and maintain the whole system by the administrator, so as to achieve the purpose of improving the security. Network security is a complex problem and it need cooperation. Authentication can protect the network security in some extent. Achieving the true sense of the network security, we need to do a lot of work on the hardware, the software and the understanding of policy. And we still have a long way to go to achieve this.