一种基于DNS的零信任增强认证系统设计  被引量:1

Design of DNS based Zero Trust enhanced authentication system

在线阅读下载全文

作  者:邹立刚 张逸凡 张新跃[2] 袁建廷[3] Zou Ligang;Zhang Yifan;Zhang Xinyue;Yuan Jianting(Beijing Guoke Cloud Computing Technology Co.,Ltd.,Beijing 100190,China;China Internet Network Information Center,Beijing 100190,China;School of Information Science and Engineering,Xinjiang University,Unumqi 830046,China)

机构地区:[1]北京国科云计算技术有限公司,北京100190 [2]中国互联网络信息中心,北京100190 [3]新疆大学信息科学与工程学院,新疆乌鲁木齐830046

出  处:《网络安全与数据治理》2024年第7期21-25,共5页CYBER SECURITY AND DATA GOVERNANCE

基  金:科技部重点研发专项项目(2022YFB3103000)。

摘  要:针对当前大量HTTPS应用复用证书存在安全风险问题,借鉴了零信任模型中安全策略动态授权的思路,提出了一种基于现有互联网基础设施DNS来扩展增强认证功能的方案,通过在现有DNS权威服务器上额外配置增强的认证信息来对HTTPS访问请求进行动态认证,从而能实时验证当前HTTPS证书的安全状态。该方案通过可信易得的DNS基础设施解决了当前普遍存在的HTTPS证书复用带来的安全问题,是一种灵活高效并且可扩展的零信任安全增强认证架构。The article addresses the security risks associated with the widespread reuse of certificates in current HTTPS applications.Drawing on the idea of dynamic authorization of security policies in the Zero Trust model,it proposes a solution that enhances authentication capabilities by leveraging the existing Internet infrastructure,specifically DNS.This solution involves dynamically authenticating HTTPS access requests by adding enhanced authentication information to existing DNS authoritative servers.By doing so,it enables real-time validation of the security status of current HTTPS certificates.This approach effectively tackles the security issues arising from the common practice of certificate reuse in HTTPS,utilizing the trusted and readily available DNS infrastructure.It represents a flexible,efficient,and scalable Zero Trust security enhancement authentication framework.

关 键 词:HTTPS 证书 零信任安全模型 DNS DSN-CA 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象