【作者】 田美红；

【导师】 陈根才；

【作者基本信息】 浙江大学 ， 计算机软件与理论， 2004， 硕士

【摘要】 数据库用户认证是数据库服务器通过一些手段判断是否允许客户端以它所要求的用户名进行联接的过程。它是认证技术和数据库技术的紧密结合。随着各种第三方认证产品和加密技术的出现，数据库用户认证在理论和实践上都有了长足的进步。但现有的数据库产品大都是国外的产品，安全技术的不可见性使国家的信息安全受到极大威胁。因此，开发具有自主知识产权的国产数据库具有重要的意义。 本文的研究目标是在深入研究开放源代码软件PostgreSQL数据库管理系统认证机制的基础上提出一种安全，实用，有效的国产通用数据库系统的用户认证机制。本文主要研究以下几种认证机制： 1) 操作系统认证机制。该机制通过使用网络用户的安全特性控制登录访问，实现与WindowsNT4.0或Windows 2000的登录安全集成。该技术允许用户不需要输入用户名和密码即可迅速登陆进入数据库系统，并可利用操作系统的安全技术提供更多的安全功能。 2) 新的一次性口令认证机制。针对PostgreSQL原有认证机制具有易遭受口令猜测攻击和服务器端假冒攻击的缺陷，本文设计了一种简单而有效的口令认证机制。该认证机制不需要使用任何加密系统，就能有效加强对各种攻击手段的防范能力。 3) 基于击键特征的用户认证机制。针对一旦口令失窃，数据库安全就无从谈起。而现有的各种生物认证技术又需要特殊的硬件支持，价格昂贵。因此本文提出一种基于击键特征的用户认证机制作为强认证的一种选择。 此外，本文还介绍了采用以上技术设计的通用国产数据库系统用户认证的框架，并介绍了部分实现。更多还原

【Abstract】 Database authentication is the process by which the database server establishes the identity of the client, and by extension determines whether the client application (or the user who runs the client application) is permitted to connect with the user name that was requested It is the combination of authentication technology and database technology .With the development of the third-party authentication product and cryptosystems ,database authentication has a great advancement both in theory and practice .But current database products are purchased from foreign countries ,our country’s information security is unreliable without grasping the key security technologies .It is significant to develop a national database with our own technologies.The goal of this paper is to provide a secure , practical and efficient user authentication mechanism which is based on the deeply research on the open source DBMS software PostgreSQL and other related technologies.Specially, this paper focuses on the following authentication mechanisms:1) Operating system authentication .This mechanism controls logging access by the security features of network user .implementing integration with access control mechanisms of Windows NT 4.0 or Windows 2000.This technology allows user to access database without inputting user id and password and provides more security functions by utilizing the security technologies of operating system.2) A new one time password authentication scheme .The original password authentication is vulnerable to guess attack and server personating attack .To overcome the vulnerability of this scheme ,this paper designs a simple and efficient password authentication schema .The enhanced schema can improve the system’s ability to defend all kinds of the attacks without using any cryptosystems.3) User authentication based on keystroke features .Database security is meaningless if the password is stolen .Current approach for authentication based on biometrics must be supported with special hardware device with high expense. This paper proposes a new approach based on keystroke features as a strong authentication choice.Additionally, this paper also introduces the framework of common national DBMS user authentication with the technologies mentioned above, and provides part of its implementation.更多还原