计算机应用与软件Issue(10):315-319,5.DOI:10.3969/j.issn.1000-386x.2015.10.075
针对 ASP.net Forms 认证的异源重放攻击研究及应对
RESEARCH ON HETEROLOGOUS REPLAY ATTACK AIMING AT ASP.NET FORMS AUTHENTICATION AND ITS REACTION
摘要
Abstract
ASP.net websites with Forms authentication are subject to the menace from replay attacks.In this paper,we introduce the gen-eral realisation process of ASP.net Forms authentication,analyse the principle of Forms authentication,give a principle realisation means of the replay attacks and analyse the reason why the replay attacks can be success.Based on these,we propose a session recognition-based reac-tion scheme against heterologous replay attacks through introducing the concept of more scrupulous session.This scheme achieves the goal of thwarting the replay attacks by managing sessions rigorously and identifying client changes,and duly asking the clients to input their primitive authentication information,e.g.users’name and passwords,for identities authentication.Finally,the prototype realisation and theoretical analysis both prove that the proposed reaction scheme can thwart heterologous replay attacks effectively.关键词
ASP.net/Forms 认证/重放攻击/异源重放攻击Key words
ASP.net/Forms authentication/Replay attack/Hetorologous replay attack分类
信息技术与安全科学引用本文复制引用
孙伟,张永,王占..针对 ASP.net Forms 认证的异源重放攻击研究及应对[J].计算机应用与软件,2015,(10):315-319,5.基金项目
国家自然科学基金项目(61170169,61170168);辽宁省教育厅一般项目(L2012492)。 ()
