A security authentication scheme based on Cookie technology for the characteristics of SSL VPN gateway is proposed.The data can not be forged and tampered by attackers as Cookie in the scheme used encryption technology.In addition,the scheme uses a data structure based on Hash and linked lists,as well as secure Cookie protocol,which not only hides information of the internal site,but also achieves the authentication and authorization of user information.Meanwhile,a role-based access control model is proposed,which meets the requirements of SSL VPN access control with the principle of duty separation and least privilege.The scheme is a good extension for authentication and effectively enhances the security of SSL VPN gateway.The experimental test results show that the security authentication scheme is feasible and reliable.%针对安全套接层协议的虚拟专用网络SSL VPN网关的特点,提出一种基于Cookie技术的可靠认证方案,该方案中Cookie采用加密技术,攻击者无法伪造和篡改数据;此外,方案采用基于Hash和链表的数据结构,结合安全Cookie协议,不仅对内部站点的信息进行隐藏,还实现了对用户信息的认证和授权.同时,提出基于角色的访问控制模型,通过职责分离和最小特权的原则来满足SSL VPN访问控制的要求.该方案对于身份认证来说是一种很好的扩充,可以有效加强SSL VPN网关的安全性.实验测试验证了该安全认证方案的可行性和可靠性.
展开▼
