| As the enterprise business demand increases,traditional software systems are becoming more and more bloated,with attendant higher and higher system maintenance costs.The emergence of Microservices architecture,is a good solution to the issues of traditional systems,such as the long development cycle,difficult maintenance.However,because the Microservices-based software system is composed of many fine-grained services,the complex inter-system communication will likely introduce more security risks.In fact,the users' concern of the potential safety hazard affects their selection and use of the Microservices architecture.Therefore,designing a Microservices-based architecture with high efficiency and security will help to popularize the Microservices-based architecture during the development of enterprise business systems,and ultimately facilitate the maintenance,upgrade and re-development of software systems.In the complex communications environment of Microservices-based architecture,how to protect the security of data transmission is one of the focuses of the design of Microservices-based system.In recent years,a variety of hybrid encryption methods have been proposed in the field of data security.Such a hybrid encryption method combines the advantages of both symmetric encryption algorithms and asymmetric encryption algorithms.However,the security of these methods is usually low because a single hybrid encryption algorithm cannot defend against man-in-the-middle attacks during communication.On the other hand,existing data encryption schemes have some drawbacks in terms of security.Aiming at the characteristics of Microservices-based architecture,this paper proposes a data transmission scheme based on hybrid encryption.The scheme provides a security verification of the transmission key in the hybrid encryption algorithm by constructing an asymmetric encryption micro service to ensure the correctness of the communication data.In order to effectively improve the security and execution efficiency of service authentication and authorization in the Microservices-based architecture system,this paper presents a lightweight authentication mechanism,which mainly involves three kinds of access control scenarios in the Microservices-based architecture system: authentication between users and services,authentication between services,and authentication between users and third-party applications.First,a security strategy based on random number and salt encryption is proposed for the calling scene of users and services.Then,a unified authentication mechanism for single sign-on is proposed for the communication scenarios between services.Finally,for the scenarios of authentication between users and third-party applications,an authentication method based on OAuth technology is proposed.The above authentication mechanisms in various access control scenarios ensure the communication security between different services of the Microservices-based system through the correct authentication and accurate authorization between the services.Finally,this paper presents a Microservices-based architecture system to verify the effectiveness of the proposed methods,and makes a comparisons with the essential hybrid encryption scheme.The experimental results show that the proposed methods can guarantee high security and high communication efficiency for the Microservices-based architecture. |
PDF Full Text Request