摘要
基于PKI的签名机制在保护SAML断言传递时存在增加SOAP消息长度、显著降低Web服务响应速度的问题。为此,提出了基于身份聚合签名的SAML路径验证(IBASPV)协议,该协议通过缩短SOAP消息中签名值和验证公钥的长度来减少SOAP消息的传输时间,提高服务响应速度。采用SVO逻辑形式化证明了IBASPV协议具有断言完整性、源不可伪造性、传递路径不可篡改和抗重放攻击的安全特性。然后,采用安全模块Rampart测试分析了密码运算时间和数据传输时间随网络数据传输速率的变化趋势,比较了基于IBASPV协议与基于PKI签名的服务认证调用协议的性能。
To resolve the problem of increasing the length of SOAP message and reducing the respond speed of Web service seriously during the PKI-based signature to protect the SAML assertion, the paper proposed the SAML path verification protocol based on identity aggregate signature(IBASPV), which improveds the respond speed of Web serv- ice by shortening the length of the signature and the public key to reduce the transport time of SOAP message. By using SVO logic,we proved that the IBASPV protocol can ensure the integrity of the SAML assertion and source unforge- ability, and can protect the transmission path which can not be tampered with, and can prevent anti-replay attacks. By measuring the cryptographical calculation time and transport time based on Rampart module, we analyzed the trend that these factors which cause response time increase with the network data transport speed. Finally,we compared the per- formance of Web service based IBASPV protocol with that based on PKI signature.
出处
《计算机科学》
CSCD
北大核心
2013年第3期192-196,共5页
Computer Science
基金
国家973重点基础研究发展计划(2011CB311801)资助
