Research On Security Technology Of Civil Aviation Ticket System Based On OpenStack

In recent years,with the rapid development of my country’s civil aviation industry and economic level,the number of people who choose to travel by plane is also increasing rapidly,and the doubled flow of people makes the ticket system face huge challenges.Due to the problems of high cost,poor scalability,and poor data sharing,the ticket system of the traditional data center architecture has been unable to meet the growing needs of the industry.Therefore,it is a general trend to deploy it to the cloud platform,and the security of the cloud platform depends on its carrying capacity.The stable operation of the ticket system is closely related,so it is of great significance for the security research of cloud platform.The Open Stack cloud platform has an absolute advantage in the market with its mature architecture,stable experience,simple operation and open source features.The Keystone component is the core to ensure its security and is mainly responsible for the authorization and certification of the cloud platform.Most of the components of the ticket system only provide a simple security authentication framework and process,and there are still security loopholes.In view of the security problems in the civil aviation ticket system based on Open Stack,this thesis improves and improves the basic authentication framework of Open Stack.The summary is as follows:Firstly,the system architecture of the civil aviation ticket system is analyzed,and the token used in the UUID authentication process in the authentication framework is modified based on encryption technology,and the corresponding authentication protocol is designed to realize the mutual identification between the user and the resource server.The session key is negotiated and authenticated in the network to provide encryption for subsequent communication data,so that even if the illegal intrusion user obtains the Token,the specific resource or service cannot be used.Secondly,the extended and perfect Barbican function is used to complete the key control of the Keystone framework.At the same time,it uses open source projects to optimize its key storage plug-in,and uses elliptic curve-based encryption algorithm to improve its encryption plug-in,so as to enhance the stability of the security system and provide key security management support for the scheme proposed in this thesis.Finally,combined with the structural attributes and management requirements of the civil aviation ticket system,a Linux platform is used to build an Open Stack experimental test platform,and the function verification of the above methods is completed,and compared with the original components.The results show that the improved authentication module has higher security,can perform interactive verification between the user and the resource server,and negotiate the session key to ensure the reliability of subsequent data transmission.