802.1 x协议分析及其应用

本文对802.1x协议体系结构、流程及其工作原理作了分析,然后介绍了基于该协议的各种传统应用,在此基础上对协议的应用作了进一步扩展,将其引入到网关系统的访问控制中,并概要分析了几种网关模式的应用场景,最后把它同其它认证方式作了分析和比较.     

国内外员工帮助计划（EAP）的研究综述

员工帮助计划（employee assistance program,简称EAP）是组织提供的,旨在帮助员工解决可能影响其工作表现和健康问题的多种策略的整合．在文献研究的基础上,本文主要从员工帮助计划的概念、内容及操作模式、应用与发展等方面归纳了当前研究的进展,同时指出了研究存在的问题与研究的方向．     

Hybrids perfluorosulfonic acid ionomer and silicon oxide membrane for application in ion-exchange polymer-metal composite actuators

This paper reports a new technique to fabricate an ion-exchange polymer-metal composite (IPMC) actuator. This technique is based on a hybrid organic-inorganic composite membrane. In the fabrication course, silica oxide particles, prepared from hydrolysis of tetraethyl orthosilicate in situ with sol-gel reaction, co-crystallize with perfluorosulfonate acid (PFSA) ionomer. Attenuated total reflectance fourier transform infrared spectroscopy (ATR-FTIR) analyses demonstrate that a highly water-saving hybrid mem...     

基于802.11i的EAP-TLS认证机制的安全分析

为了有效解决无线网安全认证的问题,分析了无线网的新一代安全标准IEEES02.11i的RSNA建立过程.通过对关键步骤EAP-TLS实体认证机制的研究,指出EAP-TLS认证协议在使用过程中由于配置不当而导致的安全漏洞,以及数据帧没有加密可能受到的DoS攻击,并从降低攻击的发生和协议的改进方面提出了基于隧道的认证新方案.     

Correlation of direct piezoelectric effect on EAPap under ambient factors

Direct piezoelectricity of electro-active papers(EAPap)is analysed in this paper. The test setups for direct effect are designed and determined. Different ambient factors impacting the piezoelectricity of EAPap, such as temperature, humidity, and strain rate, are applied and analyzed. Strong piezoelectricity of EAPap is found on the basis of the test results and in comparison with polyvinylidene fluoride(PVDF)and lead zirconate titanate(PZT)-5H. The maximum piezoelectric constant is achieved to be 504 pC/N. The reason of strong piezoelectricity of EAPap is discussed in this paper. The potential of EAPap as a biomimetic actuator and sensor is also investigated.     

Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards.     

基于EAP/RADIUS的WLAN认证和密钥分配协议

研究了无线局域网的认证机制,描述了EAP/RADIUS协议在IEEE802.1x标准中的消息封装格式,针对基于端口访问控制协议的缺陷,提出一种新的应用于WLAN的认证和密钥分配方案,并设计详细协议流程.该协议基于EAP/RADIUS认证框架,使用服务令牌将认证和授权结合起来,授权校验的同时进行密钥分配,完善了WLAN的访问控制机制.     

SPIN在无线网络安全认证协议建模中的应用

为确保无线网络安全认证,应用模型检查工具SPIN对EAP-TLS认证协议进行建模,根据SPIN给出攻击轨迹,指出EAP-TLS可能存在双向认证失败的安全隐患,从抵抗攻击和协议改进提出了基于隧道的认证方法。使用SPIN PROMELA语言对通信各方建模,用线性时态逻辑LTL表示安全属性,提出了将SPIN应用于认证协议的验证方法。     

基于密钥服务器的IEEE 802.11i密钥更新方案

随着WLAN的广泛应用,无线安全越来越受到人们关注,密钥管理作为安全系统的实现基础亟待解决。针对IEEE802.11i标准为产生新的对等密钥PTK,STA与AP之间需要重新进行四步握手协议而加重STA开销的问题,提出一种基于密钥服务器的密钥更新方案(KSRS)。该方案对802.11i的密钥层次结构进行修改,增加了密钥更新层,可达到集中密钥更新的目的;结合STA的漫游特性,借鉴集中式密钥管理思想,引入可信实体KS来分发并更新密钥,可提供灵活的密钥管理操作。经性能分析,该方案的开销较小,能更加适应STA的移动性。     

异构融合网络认证机制研究

移动通信和无线局域网的快速发展使两者的融合成为热点。描述了融合网络的场景和耦合方案,对现有融合网的认证机制缺点进行了分析,提出把传输层安全协议TLS引入到融合网认证中,并对该认证机制对融合网络安全的增强进行了详细描述和分析。最后搭建了融合网络的试验平台,测量了新的认证机制在执行时延、吞吐量以及能量耗费方面的性能。结果表明,新认证机制在大大增强了融合网络安全性的同时提高了网络的性能和效率。