网络安全与数据治理2024,Vol.43Issue(7):21-25,5.DOI:10.19358/j.issn.2097-1788.2024.07.004
一种基于DNS的零信任增强认证系统设计
Design of DNS based Zero Trust enhanced authentication system
摘要
Abstract
The article addresses the security risks associated with the widespread reuse of certificates in current HTTPS applica-tions.Drawing on the idea of dynamic authorization of security policies in the Zero Trust model,it proposes a solution that en-hances authentication capabilities by leveraging the existing Internet infrastructure,specifically DNS.This solution involves dy-namically authenticating HTTPS access requests by adding enhanced authentication information to existing DNS authoritative serv-ers.By doing so,it enables real-time validation of the security status of current HTTPS certificates.This approach effectively tackles the security issues arising from the common practice of certificate reuse in HTTPS,utilizing the trusted and readily availa-ble DNS infrastructure.It represents a flexible,efficient,and scalable Zero Trust security enhancement authentication framework.关键词
HTTPS/证书/零信任安全模型/DNS/DSN-CAKey words
HTTPS/certificate/Zero Trust Security Model/DNS/DNS-CA分类
信息技术与安全科学引用本文复制引用
邹立刚,张逸凡,张新跃,袁建廷..一种基于DNS的零信任增强认证系统设计[J].网络安全与数据治理,2024,43(7):21-25,5.基金项目
科技部重点研发专项项目(2022YFB3103000) (2022YFB3103000)
