| 基于预共享密钥的LAN安全关联方案改进与分析 |
| |
| 引用本文: | 肖跃雷,武君胜,朱志祥.基于预共享密钥的LAN安全关联方案改进与分析[J].计算机应用,2018,38(11):3246-3251. |
| |
| 作者姓名: | 肖跃雷 武君胜 朱志祥 |
| |
| 作者单位: | 1. 西北工业大学 计算机学院, 西安 710072;2. 陕西省信息化工程研究院, 西安 710075;3. 西安邮电大学 物联网与两化融合研究院, 西安 710061 |
| |
| 基金项目: | 国家自然科学基金资助项目(61741216,61402367);陕西省科技统筹创新工程计划项目(2016KTTSGY01-03);陕西省教育厅专项科学研究项目(17JK0704);西安邮电大学"西邮新星"团队支持计划项目。 |
| |
| 摘 要: | 针对基于预共享密钥的有线局域网(LAN)安全关联方案中交换密钥建立过程的通信浪费问题,提出了一种改进的LAN安全关联方案。该方案通过对基于预共享密钥的鉴别及单播密钥协商过程的改进,生成了新加入交换机和认证服务器之间的成对主密钥,并用于新加入交换机与各个不相邻交换机之间的交换密钥协商过程。然后,在该方案基础上提出了一种可信计算环境下的LAN安全关联方案。该方案在改进的基于预共享密钥的鉴别及单播密钥协商过程中进一步增加对终端设备的平台认证,从而实现终端设备的可信网络接入,有效增强了LAN的安全性。最后,利用串空间模型(SSM)证明了这两个LAN安全关联方案是安全的。性能对比分析结果表明,该方案有效减少了交换密钥建立过程的消息交互数和计算量。
|
| 关 键 词: | 有线局域网 可信计算 平台认证 串空间模型 安全关联 |
| 收稿时间: | 2018-05-02 |
| 修稿时间: | 2018-06-15 |
Improvement and analysis of LAN security association scheme based on pre-shared key |
| |
| XIAO Yuelei,WU Junsheng,ZHU Zhixiang.Improvement and analysis of LAN security association scheme based on pre-shared key[J].journal of Computer Applications,2018,38(11):3246-3251. |
| |
| Authors: | XIAO Yuelei WU Junsheng ZHU Zhixiang |
| |
| Affiliation: | 1. College of Computer Science, Northwestern Polytechnical University, Xi'an Shaanxi 710072, China;2. Shaanxi Provincial Information Engineering Research Institute, Xi'an Shaanxi 710075, China;3. Institute of IOT and IT-based industrialization, Xi'an University of Posts & Telecommunications, Xi'an Shaanxi 710061, China |
| |
| Abstract: | For the communication waste of the exchange key establishment process in Local Area Network (LAN) security association scheme based on pre-shared key, an improved LAN security association scheme was proposed. A pairwise key between a new added switch and the authentication server was generated by improving the authentication and unicast key agreement process based on pre-shared key, and was used to the exchange key agreement processes between the new added switch and other nonadjacent switches. Then, on basis of the above improved scheme, a LAN security association scheme in trusted computing environment was put forward. In the improved authentication and unicast key negotiation process based on pre-shared key, the platform authentication of the terminal device was further increased, thereby realizing the trusted network access of the terminal device, and effectively enhancing the security of the LAN. Finally, the two LAN security association schemes were proved secure in the Strand Space Model (SSM). The results of performance comparison analysis show that the improved scheme reduces the number of exchanged messages and computation complexity of the exchange key agreement processes. |
| |
| Keywords: | Local Area Network (LAN) trusted computing platform authentication Strand Space Model (SSM) security association |
|
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
