摘要
SOCKS V5协议可以在防火墙或者VPN服务器中使用。它提供了基于用户/保密字的认证方法,但认证过程中传送的用户名和保密字采用明文格式,因此这种协商不是安全的,容易被攻击者监听和利用。GSS-API是通用安全服务应用程序接口,为调用者提供一个通用模式下的安全服务。调用GSS-API能够保护通信的可靠性、完整性和机密性等安全服务。该文介绍GSS-API的基本元素,分析了GSS-API的操作过程,并阐述了基于GSS-API的SOCKS V5的认证机制,最后给出实现流程。
With the growing popularity of the Internet, network security is a real concern for most companies today. The Generic Security Service-Application Program Interface (GSS-API) provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. A typical GSS-API caller is called itself a communication protocol, calling on GSS- API in order to protect its communications with authentication, integrity, and confidentiality security services. This paper introduces the constructs of GSS-API, including credential, token,security context,mechanism type, naming and channel binding,and analyzes the operational flow. Finally a mechanism model of SOCKS V5's authentication is given based on GSS-API.
出处
《南京理工大学学报》
EI
CAS
CSCD
北大核心
2003年第6期686-690,共5页
Journal of Nanjing University of Science and Technology
