| With the rapid increase of various management information systems, users areauthorized to access more application resources. In this case, users need to rememberidentity information such as usernames and passwords in various application systems.The passwords are easy to be lost or forgotten. It causes trouble for user to accesssystem and burdens the system administrator with much time and effort to manageand maintain user information of various systems. The existing independent identityauthentication of various application service systems cannot adapt the new develop-ment trend. Consequently, it is of great importance to create a uniform, independent,efficient, safe and reliable identity authentication system. The original way of multi-ple authentications can be substituted. Users can rapidly access various authorizedresources with one time identity authentication. Central authentication for user iden-tity is realized.Considering practical application of digital campus, a uniform identity authen-tication system is studied. By comparing and analysis of typical uniform identity au-thentication techniques, this work focuses on researching Central AuthenticationService (CAS) model. Meanwhile, the security mechanism of identity authenticationinformation is designed for solving security problem in CAS model and uniformidentity authentication platform in digital campus is set up. The main contributions ofthesis are presented as follows.Firstly, the thesis has researched and analyzed the existing uniform identity au-thentication techniques. The CAS based uniform identity authentication model iscreated.Secondly, security mechanism of CAS protocol is analyzed concretely. For theexisting security problem, the security mechanism of identity authentication infor-mation is proposed to improve CAS protocol. The algorithm does hash operation onuser passwords, which ensures security of user information storage and preventspassword from being stealed and tampered in transmission. Random number and timestamp is introduced to resist dictionary attack and replay attack. The symmetric en-cryption algorithm is used to improve the speed of data encryption. Meanwhile,asymmetric encryption algorithm is used to realize three-party identity authenticationof client, authentication server and application server, and prevent maninthemiddleattack and impersonation attack. The security and availability of CAS based uniformidentity authentication system are strengthened.Thirdly, by comparing the security and performance with others, the security andavailability of the securtiy mechanim are verified.Finally, a CAS based uniform identity authentication system in digital campus isconcretely designed and implemented. Uniform identity authentication and authori- zation is realized in application system in fields of educational administration, scien-tific research, mail and freshman welcome. |
PDF Full Text Request