| Database security is an important part of computer information security system,in which the identity authentication is the first portal of database security,which can effectively prevent the intrusion of illegal users and ensure the security of data,and its research is of great practical significance.The existing identity authentication model of the database,especially the cross multi-database identity authentication model,has many security risks such as password stolen,replay attack,one-way authentication,single point of failure and so on in the process of identity authentication.Therefore,in this paper,studies were launched on the above problems,mainly including:(1)Through analyzing the security of traditional single-database identity authentication mechanism,an integrated mutual authentication model of database is proposed.In a traditional single-database authentication process,there are security problems such as easy to steal the password,one-way authentication,difficult to determine the random time of inquiry and security risks of data transmission.Therefore,in our new authentication model,the identity authentication center AC,the ticket authorization center TGC and the verification ticket center VTC are integrated into the connection pooling part of the database server,a set of authentication key and data session key are established from the application to the database server in the process of identity authentication,where the authentication key uses the asymmetric key and the ticket authentication mode to make the identity information not easy to be stolen;The data session key is used to encrypt the transmission data with the combination mode of the asymmetric key and the symmetric key.At the same time,a random number g is introduced as a packet identifier to prevent replay attacks.(2)A Single Sign On identity authentication model is proposed for cross database access in multi-database environment.In the traditional multi-database system,the identity authentication process of the cross database access generally uses the centralized global authentication mode,and there are problems such as eavesdropping and replay attacks,the problems of single point of failure and single point overload.In the Single Sign On identity authentication model for multi-databases,the concept of the database federated domain is introduced,a single sign on engine is added to each database server in the federated domain.When a user logs in its own database,the single sign on engine distributes the tokens to a database with a high trust value in the federated domain,the database that receives the token authenticate the user and feeds back the results.The single sign on engine introduces the ASS authentication support node mechanism to establish the logged user information buffer pool to make the process safer and faster.(3)Some example analysis and simulation experiments of single-database identity authentication model and multi-database identity authentication model are carried out.First,in this paper,the security analysis and experimental validation of the new database integrated mutual authentication model are carried out,the experiment result shows that the improved model can effectively prevent the security problems such as password theft and data transmission in the traditional identity authentication model,and realize mutual authentication between the application system and the database server.Then,in the paper,the security analysis and experimental validation of the new multi-database single sign-on authentication model are carried out,the experiment result shows that the improved single sign on authentication model of multi-database has better security and can solve the single point of failure and single point overload problem,and realize mutual authentication between the server and the server. |
PDF Full Text Request