可信计算环境下的MACSec安全关联方案

为满足跨交换机间的媒体访问控制（MAC）层安全通信需求，提出一种改进的MACSec安全关联方案。该方案建立了新加入交换机与不相邻交换机之间的安全关联密钥（security association key，SAK），用于保护它们之间的MAC层数据通信。为了使得该方案进一步适合于可信计算环境，在该方案基础上提出了一种可信计算环境下的MACSec安全关联方案。该方案增加了对终端设备的平台认证，从而实现了终端设备的可信网络接入，有效增强了局域网络的安全性。最后，利用串空间模型（SSM）证明了这两个MACSec安全关联方案是安全的。

MACSec security association scheme for trusted computing environment

To meet the cross-switch security communication demand in media access control(MAC) layer, this paper proposed an improved MACSec security association scheme. It established a security association key(SAK) between a new added switch and each nonadjacent switch, protecting the data communication between them in MAC layer. In order to make the above scheme suitable for trusted computing environment, this paper further put forward a MACSec security association scheme for trusted computing environment based on the above scheme. It added the platform-authentication of a terminal, realizing the terminal''s trusted network accesd. As a result, it enhances the security of local area network effectively. Finally, this paper showed that the two schemes are secure in the strand space model(SSM).