摘要
设计并实现了一种基于证书的身份验证架构Trust Auth,作为一种操作系统服务。该架构为所有应用程序强制执行证书验证措施,即使当CA系统失效时,也能加强现有应用程序的健壮性。Trust Auth系统能够简便地部署认证系统,并对CA系统起到增强作用,还能够保护所有TLS的系统流量,并且支持几乎所有操作系统。在Linux上设计和实现Trust Auth的原型,开发了加强证书验证的身份验证服务。通过评估发现,它的开销几乎可忽略,且能够与大部分应用程序兼容。我们开发了加强应用证书验证的六种认证服务,以验证Trust Auth的实用性。
A certificate-based authentication framework Trust Auth is designed and implemented as an operating system service. This architecture enforces certificate validation measures for all applications. The robustness of existing applications can also be enhanced even when the CA system fails. The Trust Auth system can easily deploy authentication systems, and plays an important role in enhancing the CA system, as well as in protecting all TLS system traffics and supporting almost all operating systems. Evaluation indicates that the Trut Auth almost negligible for its overhead and compatible with most applications. Six authentication services that can strengthen the application of certificate validation are developed, thus to verify the practicability of Trust Auth.
出处
《通信技术》
2017年第7期1517-1524,共8页
Communications Technology
关键词
证书
身份验证
架构
增强
certificate
identity verification
architecture
enhance
