摘要
随着信息技术飞速发展,API在各种应用和服务中的重要性日益凸显,然而传统API KEY在应用中存在诸多安全风险。为此,提出一种基于SM9的API KEY强安全应用方案。首先,使用SM9对数据进行签名和验证;其次,引入可信第三方管理用户公私钥对,并结合随机状态码提高API KEY的安全性和可靠性;最后,与百度开放平台和FOFA网络空间测绘平台的API KEY应用安全性进行比较。实验表明,基于SM9的API KEY强安全应用方案具有数据完整性、来源可靠性、抗泄露攻击、抗重放攻击、抗CSRF攻击和抗暴力破解攻击等优点。
With the rapid development of information technology,the importance of APIs in various applications and services is becoming increasingly prominent.However,traditional API keys have many security risks in applications.Therefore,a strong security application scheme for API KEY based on SM9 is proposed.Firstly,use SM9 to sign and verify the data;Then introduce a trusted third-party to manage user public and private key pairs,and combine them with random status codes to improve the security and reliability of API KEY;Finally,compare the security of API KEY applications with Baidu Open Platform and FOFA Network Space Surveying Platform.The experiment shows that the API KEY strong security application scheme based on SM9 has advantages such as data integrity,source reliability,resistance to leakage attacks,resistance to replay attacks,resistance to CSRF attacks,and resistance to brute force attacks.
作者
刘晨宁
左黎明
周婷
LIU Chenning;ZUO Liming;ZHOU Ting(School of Science,East China Jiaotong University,Nanchang 330013,China)
出处
《软件导刊》
2024年第10期146-151,共6页
Software Guide
基金
江西省教育厅科技项目(GJJ200626,GJJ210625)。
关键词
API
KEY
SM9
强安全
可信第三方
公私钥对
API KEY
SM9
strong security
trusted third party
public and private key pairs
