期刊文献+

基于证书的有线局域网安全关联方案改进与分析 被引量:3

Improvement and analysis of certificate-based wired local area network security association scheme
下载PDF
导出
摘要 在基于三元对等鉴别(TePA)的有线局域网(LAN)媒体访问控制安全(TLSec)中,基于证书的LAN安全关联方案在交换密钥建立过程中存在通信浪费和不适用于可信计算环境的问题。为了解决这两个问题,首先提出了一种改进的基于证书的LAN安全关联方案。该方案简化了新加入交换机与各个不相邻交换机之间的交换密钥建立过程,从而提高了交换密钥建立过程的通信性能。然后,在该方案基础上提出了一种可信计算环境下的基于证书的LAN安全关联方案。该方案在基于证书的鉴别过程中增加了对新加入终端设备的平台认证,从而实现了新加入终端设备的可信网络接入,能有效防止新加入终端设备将蠕虫、病毒和恶意软件带入LAN。最后,利用串空间模型(SSM)证明了这两个方案是安全的。此外,通过定性和定量的对比分析可知,这两个方案要优于相关文献所提出的方案。 In the Tri-element Peer Authentication(TePA)-based wired Local Area Network(LAN)media access control Security(TLSec),the certificate-based wired LAN security association scheme has communication waste in the exchange key establishment processes and is not suitable for trusted computing environment.To solve these two problems,firstly,an improved certificate-based wired LAN security association scheme was proposed.In this scheme,the exchange key establishment process between the newly added switch and each nonadjacent switch was simplified,thus improving the communication performance of the exchange key establishment processes.Then,a certificate-based wired LAN security association scheme for trusted computing environment was proposed based on the above scheme.In this scheme,the platform authentication of the newly added terminal devices was added in the process of certificate-based authentication,so as to realize the trusted network access of the newly added terminal devices,and effectively prevent the newly added terminal devices from bringing worms,viruses and malicious softwares into the wired LAN.Finally,the two schemes were proved secure by using the Strand Space Model(SSM).In addition,through qualitative and quantitative comparative analysis,the two schemes are better than those proposed in related literatures.
作者 肖跃雷 邓小凡 XIAO Yuelei;DENG Xiaofan(School of Modern Posts,Xi’an University of Posts and Telecommunications,Xi’an Shaanxi 710061,China;Shaanxi Information Engineering Research Institute,Xi’an Shaanxi 710075,China;School of Computer Science and Technology,Xi’an University of Posts and Telecommunications,Xi’an Shaanxi 710121,China.)
出处 《计算机应用》 CSCD 北大核心 2021年第7期1970-1976,共7页 journal of Computer Applications
基金 国家自然科学基金资助项目(61741216,61402367)。
关键词 有线局域网 可信计算 平台认证 串空间模型 安全关联 wired Local Area Network(LAN) trusted computing platform authentication Strand Space Model(SSM) security association
  • 相关文献

参考文献6

二级参考文献19

  • 1沈继锋,刘同明.一种交换式网络内的ARP欺骗的解决方案[J].现代计算机,2006,12(1):39-41. 被引量:5
  • 2林洪波.关注网络中的数据链路层攻击[J].计算机时代,2006(4):36-37. 被引量:2
  • 3黄振海,郭宏,王育民等.GB15629.11-2003《信息技术系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范》.北京,中国标准出版社,2003.
  • 4赖晓龙,曹军,铁满霞等.GB15629.11-2003/XG1-2006《信息技术系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范第1号修改单》,北京:中国标准出版社,2006年.
  • 5Cremers C. On the Protocol Composition Logic PCL. http: //arxiv.org/abs/0709.1080v4, 2007.
  • 6Mitchell J C, Shmatikov V, and Stern U. Finite-state analysis of ssl 3.0. Proceedings of the Seventh USENIX Security Symposium, San Antonio, 1998: 201-216.
  • 7Datta A, Derek A, and Mitchell J C, et al.. A derivation system for security protocols and its logical formalization. Proceedings of 16th IEEE Computer Security Foundations Workshop, Asilomar, 2003: 109-125.
  • 8Datta A, Derek A, and Mitchell J C, et al.. A derivation system and compositional logic for security protocols. Journal of Computer Security, 2005, 13(3): 423-482.
  • 9Derek A. Formal analysis of security protocols: Protocol composition logic. [Ph.D. dissertation], Computer Science Department, Stanford University, December 2006.
  • 10Durgin N, Mitchell J C, and Pavlovic D. A compositional logic for proving security properties of protocols. Journal of Computer Security, 2003, 11(4): 677-721.

共引文献20

同被引文献27

引证文献3

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部