用户调用Web服务时需要双向认证.为此,提出一种抗重放攻击的Web服务认证协议.基于时间戳/消息ID缓存的抗重放攻击方法,利用简单对象访问协议的请求/响应消息和WS-Security规范设计双向认证协议,使用Axis2的Module机制加以实现.实验结果表明,该协议能避免单纯采用时间戳所带来的时钟同步问题,具有较好的抗重放攻击能力.%In order to satisfy the need of two-way authentication in Web service, this paper proposes an anti-replay protocol based on caching of timestamp/message ID. The paper designes a two-way authentication protocol based on Simple Object Access Protocol(SOAP) request/response message and WS-Security specification. It implementes the authentication protocol by Module mechanism of Axis2. Experimental results show that, this protocol can effectively avoid the problem of clock synchronization when only use timestamp, and good anti-replay attack capacity.
展开▼
