基于票据的名字解析系统切换认证机制  

作　　者：谢金涛 王玲芳 李杨[2] XIE Jintao;WANG Lingfang;LI Yang(University of Chinese Academy of Sciences,Beijing 100049,China;National Network New Media Engineering Research Center,Institute of Acoustics,Chinese Academy of Sciences,Beijing 100190,China)

机构地区：[1]中国科学院大学,北京100049 [2]中国科学院声学研究所国家网络新媒体工程技术研究中心,北京100190

出　　处：《电子设计工程》2022年第5期6-11,共6页Electronic Design Engineering

基　　金：中国科学院战略性科技先导专项课题(XDC02070100)。

摘　　要：名字解析系统作为信息中心网络的重要组成部分,负责建立、维护和发布信息名字和地址之间的映射关系,提供名字解析服务。移动节点在使用名字解析系统服务时,存在代理之间切换认证的场景。针对该场景简单性、高效性和安全性的要求,结合无线网络中的切换认证机制,提出一种基于票据的名字解析系统切换认证机制。移动节点利用认证服务器预签名的票据进行接入认证,之后使用原代理分发的票据进行切换认证。认证过程减少移动节点计算量大的操作和认证双方交互次数。移动节点分别通过四次通信和二次通信完成接入认证和切换认证。分析表明该机制不仅具有多种安全特性如隐私保护、双向认证、前向和后向安全性、抵抗重放攻击和伪造攻击,而且计算代价减少48%,通信开销降低至少25%。Name resolution system is a key part of Information-Centric Networking,whose role is to establish,maintain and publish the mapping relationship between information’s name and address,and provide name resolution services. When a mobile node uses the service of name resolution system,there are handover authentications between the mobile node and proxies. With the requirements of simplicity,efficiency and security,a handover authentication scheme based on ticket for name resolution system is proposed,combined with handover authentication schemes in the wireless network. The mobile node completes login authentication with the ticket pre-signed by the authentication server,and handover authentication with the ticket distributed by the home proxy. This scheme reduces computationally intensive operations of the mobile node and the number of interactions between the authentication parties.Login authentication and handover authentication are completed through four communications and two communications respectively. The analysis showed that the scheme not only had security features such as privacy protection,mutual authentication,forward and backward security,resistance to replay attacks and forgery attack,but also reduced the computational cost by 34.8% and the communication overhead by at least 25%.

关 键 词：名字解析系统 信息中心网络 切换认证 安全性 认证效率 

分 类 号：TN918.9[电子电信—通信与信息系统]