| With the rapid development of science technology and the wide use of Internet, the single application system can no longer meet the diversity needs of the government and enterprise customers. Therefore, a variety of systems and websites that have independent identity authentication module but contact each other have sprung up to the users’life. This not only brings convenience for users, but also brings potential burden. It also requires users to enter the user name and password several times to log on the various systems or websites for different services each day. It is easy to make users get bored and reduce usability. In order to avoid mixing, most users directly use the same or similar username/password pair, but this will bring serious security risks. For example, it can’t weaken the phishing attacks. In order to provide a better user experience and higher security, adopting a "once certification, visit entire network, feel free to visit" would be an ideal solution. So this paper combines single sign-on (SSO) with efficient and transparent one-time authentication protocol to design and implement a new SSO model, named OTA-SSO. The following several aspects have mainly been done:(1) Research and study the principle of single sign-on. Summarize the advantages and disadvantages of the existing SSO models and products. In order to solve the problems existing in research of models, further research and put forward an OTA-SSO model.(2)Research and study the principle of dynamic password. Find the problems existing in the traditional dynamic password such as time synchronization. It is a challenge for combing dynamic password with SSO. Therefore this paper adopts OTA. In order to meet the demand of SSO, this paper improves OTA. The results of testing and analysis show that OTA meet the needs of once time password, the design of algorithm is reasonable, increasing the difficulty of speculating key.(3) OTA-SSO model adopts agent-broker pattern. Ticket is based on Cookie. In addition, the dynamic version AES is adopted. OTA-SSO achieves mutual authentication and secure communication between various parts. This paper deploys OTA-SSO model. The results of testing show that OTA-SSO model meets the basic requirements of SSO. It can integrate applications that cross different domains. This paper carries out security testing and analysis.(4) This paper takes the fixed part of each session key as the encryption keys of AES, realizing the dynamic AES. The characteristics of OTA ensure that both sides don’t need to complete the share of symmetric key through communication. Dynamic AES is completely transparent to users, without user interaction through the specific way. At the same time, it can effectively resist the attacks on the safety of tickets and avoid the frequently time synchronization between client and server, reducing power consumption. |
PDF Full Text Request