基于分离机制网络的可信域内快速认证协议  被引量：1

作　　者：郑丽娟[1,2] 韩臻[1] 

机构地区：[1]北京交通大学计算机与信息技术学院,北京100044 [2]石家庄铁道大学信息科学与技术学院,石家庄050043

出　　处：《计算机研究与发展》2012年第5期939-948,共10页Journal of Computer Research and Development

基　　金：国家"九七三"重点基础研究发展计划基金项目(2007CB307101);国家自然科学基金项目(K09A300150);长江学者和创新团队发展计划基金项目(IRT0707);北京市教育委员会学科建设与研究生培养基金项目(BMKY2011B06);河北省自然科学基金项目(F2009000927);河北省教育厅资助科研项目(Z2011160)

摘　　要：分离机制网络明确地分离了主机身份与位置信息,将互联网体系划分为接入网与核心网两大类,很好地解决了互联网的扩展性和移动性等问题.基于分离机制网络,结合可信计算技术,提出一种终端域内切换时的快速认证方案,在对终端用户身份进行认证的同时,对终端平台进行身份认证和完整性校验.在本方案中,终端进行域内切换时不需要本域的认证中心再次参与,仅由接入交换路由器通过Token即可完成认证.认证过程可以保持用户身份和平台信息的匿名性,减轻了认证中心的负担.与其他方案相比,本方案在认证开销、认证延迟以及安全性等方面均有明显优势.安全性分析结果表明本方案是安全高效的.Spilt mechanism network cleanly separates the host location from its identity information and it is designed to divide the whole Internet into two parts, the core network and the access network. It can solve the extension and mobility of the Internet. In split mechanism network, when the terminal handoffs in intra-domain, the rapidity and security of the authentication process must be guaranteed. In this paper, combined with trusted computing, an authentication scheme for intradomain fast authentication based on the split mechanism network is proposed. The proposed scheme can realize the terminal platform authentication and terminal platform integrity verification as well as the user identity authentication. In the proposed scheme, the access switch router uses the token to authenticate the mobile terminal without communicating with the authentication center when the handover occurs in intra-domain. Through comparison with other intra-domain fast authentication schemes from the authentication costs, authentication latency and security, it demonstrates that the proposed scheme is more secure and more effective. It provides identity anonymity and platform anonymity, resists man-in-the-middle attack, anti-replay attack, and ensures key negotiation fairness and one-time pad. Also, the scheme reduces the burden of the authentication centers and it has great advantages over the current schemes.

关 键 词：分离机制 可信计算 域内快速认证 切换 身份证明密钥 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]