基于密钥交换的电子商务安全加密方案研究

Research on E-Commerce Security Encryption Scheme Based on Key Exchange

在分布式环境中,身份认证和密钥交换机制起着重要的作用.通常在认证中,客户端和服务器就相互交换的加密密钥达成一致.早期的密码存储在单个服务器中,如果入侵者通过一些恶意攻击获得该服务器的访问权,则存储在数据库中的所有密码都将受到威胁,导致电子商务应用程序的安全性受到威胁.为了提高认证机制的效率和性能,我们使用多个服务器来存储密码并参与密钥交换和认证过程,以确保即使单个服务器受到危害,整个系统的安全性也不会受到威胁,还为每个会话随机生成随机数值对应于两级安全机制,其中攻击者假装为合法用户并登录系统的范围完全受到限制.在这个模型中,密码以相同的散列值存储,并分散到多个服务器中.即使通过逆向工程,攻击者也很难确定密码,所以他不能拦截真正的密码表单段的哈希值.因此,我们可以使用密钥交换机制将此模型表示为基于安全和基于密码的身份验证方案.

In a distributed environment, identity authentication and key exchange mechanisms play an im- portant role. Usually in authentication, the client and server agree on the encryption keys exchanged with each other. Early passwords are stored in a single server. If an intruder gains access to the server through some mali- cious attack, all passwords stored in the database will be threatened, so the security of the e-commerce applica- tion is threatened. To improve the efficiency and performance of the authentication mechanism, multiple servers are used to store passwords and carry out the key exchange and authentication process to ensure that even if a sin- gle server is compromised, the security of the entire system is not compromised. Randomly generated random val- ues correspond to a two-level security mechanism in which the attacker pretends to be a legitimate user and the scope of login to the system is completely limited. In this model, passwords are stored with the same hash value and spread across multiple servers. Even by reverse engineering, it is difficult for an attacker to determine the password, so the hash of the real password form segmentcan＇t be intercepted. So, the key exchange mechanism can be usedto represent this model as a secure and password-based authentication scheme.