本文已被:浏览 536次 下载 1250次
Received:August 06, 2022 Revised:September 07, 2022
Received:August 06, 2022 Revised:September 07, 2022
中文摘要: 为了解决网络应用身份认证问题, OAuth2.0协议在实际生产环境中得到了非常广泛的应用. 但很多系统在设计时不合理使用OAuth2.0标准、产生很多安全漏洞. 分析了近年来关于OAuth2.0协议出现的安全问题, 包括中间人攻击, 授权劫持漏洞和CSRF漏洞, 针对这些安全问题提出了一种基于口令的Schnorr数字签名和OAuth2.0的强身份认证方案. 最后对该方案进行安全性分析, 结果表明该方案具有良好的安全性且易于使用.
中文关键词: OAuth2.0协议 数字签名 Schnorr签名
Abstract:In order to solve the identity authentication problem of network applications, the OAuth2.0 protocol has been widely used in the actual production environment. However, many systems use the OAuth2.0 standard unreasonably in their design, which results in many security flaws. This study analyzes the security problems of OAuth2.0 protocol in recent years, including the man-in-the-middle attack, authorization hijacking vulnerability, and CSRF vulnerability, and the study proposes a password-based Schnorr digital signature and OAuth2.0 strong identity authentication scheme for solving these security problems. Finally, the security of the scheme is analyzed. The results show that the scheme has excellent security and is easy to use.
keywords: OAuth2.0 digital signature Schnorr signature
文章编号: 中图分类号: 文献标志码:
基金项目:江西省教育厅科技项目(GJJ200626, GJJ210625)
引用文本:
郝恬,左黎明,陈艺琳.基于口令签名和OAuth2.0协议的强身份认证方案.计算机系统应用,2023,32(4):347-353
HAO Tian,ZUO Li-Ming,CHEN Yi-Lin.Strong Identity Authentication Scheme Based on Password Signature and OAuth2.0 Protocol.COMPUTER SYSTEMS APPLICATIONS,2023,32(4):347-353
郝恬,左黎明,陈艺琳.基于口令签名和OAuth2.0协议的强身份认证方案.计算机系统应用,2023,32(4):347-353
HAO Tian,ZUO Li-Ming,CHEN Yi-Lin.Strong Identity Authentication Scheme Based on Password Signature and OAuth2.0 Protocol.COMPUTER SYSTEMS APPLICATIONS,2023,32(4):347-353
