关于IMC/IMV的网络设备可信认证方法研究
|
摘要
近年来,网络设备的安全问题日益凸显。如果网络设备不可信,网内所有计算机都可能面临被攻击的危险,所有数据也都可能面临被窃取的危险。所以网络设备是否安全地接入网络直接影响到整个网络的安全。提出了一种基于IMC/IMV的网络设备可信认证方法,在完成传统的平台身份认证的同时,进行平台可信状态验证,通过设计的完整性收集器(Integrity Measurement Collector,IMC)收集网络设备的可信状态信息,通过协议的多轮交互提交给完整性验证器(Integrity Measurement Verifier,IMV)进行验证,完成平台的完整性认证。实验表明,这种认证方式在实现网络设备的可信认证的同时,对系统性能的影响不大。
In recent years, the security issues on network device have been increasingly prominent. If the network devices are not trusted, all computers in the net are likely to be in the risk of being attacked and all data being stolen. Whether the network devices access network in security or not directly affects the safety of the whole network. It presents a trusted authentication method based on IMC/IMV for network devices. Under this method, the traditional platform identity authentication is carried out and the trusted status verification of the platform is carried out too. The network device's trusted status information is collected by Integrity Measurement Collector(IMC)and verified by Integrity Measurement Verifier(IMV), to which the information are submitted by multiple rounds protocol interactions. The final experiments show that this authentication method effects little on system performance when the network device are under trusted authentication.
In recent years, the security issues on network device have been increasingly prominent. If the network devices are not trusted, all computers in the net are likely to be in the risk of being attacked and all data being stolen. Whether the network devices access network in security or not directly affects the safety of the whole network. It presents a trusted authentication method based on IMC/IMV for network devices. Under this method, the traditional platform identity authentication is carried out and the trusted status verification of the platform is carried out too. The network device's trusted status information is collected by Integrity Measurement Collector(IMC)and verified by Integrity Measurement Verifier(IMV), to which the information are submitted by multiple rounds protocol interactions. The final experiments show that this authentication method effects little on system performance when the network device are under trusted authentication.
引文
[1]林闯,彭雪海.可信网络研究[J].计算机学报,2005(5):751-758.
[2]罗军舟,韩志耕.一种可信可控的网络体系及协议结构[J].计算机学报,2012(4):391-404.
[3]于冬梅,刘西军,张玉民.基于RADIUS的虚拟专用拨号网络安全认证[J].计算机与信息技术,2005(4):17-19.
[4]游新娥.增强型身份认证系统的研究与实现[J].微计算机信息,2010,26(12):109-111.
[5]吴俊军,方明伟,张新访.一种基于可信计算的NFC认证模型[J].计算机工程与科学,2011,33(11):20-26.
[6]蔚慧琼,李强.基于群组的MTC设备接入认证机制研究[J].计算机技术与发展,2016,26(6):87-91.
[7]周海涛,孔华锋,刘虹.基于物理不可克隆函数的智能警务设备认证协议[J].计算机应用与软件,2016,33(12):284-286.
[8]丁俊,张曦煌.实现欧洲/电气安装总线协议数据加密和设备认证的方法[J].计算机应用,2014,34(3):728-732.
[9]Lee Y K,Lee D G,Han J W.Home network device authentication:device authentication framework and device certificate profile[J].The Computer Journal,2009,52(8):871-877.
[10]Zhang Dengyin,Xu Jinlian,Cheng Chunling.An authentication and encryption scheme of network management message based on device fingerprint[J].Information Technology Journal,2013,12(6):1206-1212.
[11]Kwon H,Hahn C,Kim D.Secure device-to-device authentication in mobile multihop networks[M].Wireless algorithms,systems,and applications.[S.l.]:Springer International Publishing,2014:267-278.
[12]Park B J,Lee T J,Jin K.Blockchain-based iot device authentication scheme[J].Journal of the Korea Institute of Information Security and Cryptology,2017,27(2):343-351.
[13]Jeong Y S,Park J S,Park J H.An efficient authentication system of smart device using multi factors in mobile cloud service architecture[J].International Journal of Communication Systems,2013,28(4):659-674.
[14]Yoo H J,Park J G,Koh J Y.An authentication scheme to guarantee reliability of device on wireless network environments[J].Information Science,2012,9(3):39.
[15]草春杰,杨超,马建峰.WLAN Mesh漫游接入认证协议[J].计算机研究与发展,2009,46(7):1102-1108.
[16]Ran C.Universally composable security:a new paradigm for cryptographic protocols[C]//42nd IEEE Annual Symposium on Foundations of Computer Science.Oakland:IEEE,2001:136-145.
[2]罗军舟,韩志耕.一种可信可控的网络体系及协议结构[J].计算机学报,2012(4):391-404.
[3]于冬梅,刘西军,张玉民.基于RADIUS的虚拟专用拨号网络安全认证[J].计算机与信息技术,2005(4):17-19.
[4]游新娥.增强型身份认证系统的研究与实现[J].微计算机信息,2010,26(12):109-111.
[5]吴俊军,方明伟,张新访.一种基于可信计算的NFC认证模型[J].计算机工程与科学,2011,33(11):20-26.
[6]蔚慧琼,李强.基于群组的MTC设备接入认证机制研究[J].计算机技术与发展,2016,26(6):87-91.
[7]周海涛,孔华锋,刘虹.基于物理不可克隆函数的智能警务设备认证协议[J].计算机应用与软件,2016,33(12):284-286.
[8]丁俊,张曦煌.实现欧洲/电气安装总线协议数据加密和设备认证的方法[J].计算机应用,2014,34(3):728-732.
[9]Lee Y K,Lee D G,Han J W.Home network device authentication:device authentication framework and device certificate profile[J].The Computer Journal,2009,52(8):871-877.
[10]Zhang Dengyin,Xu Jinlian,Cheng Chunling.An authentication and encryption scheme of network management message based on device fingerprint[J].Information Technology Journal,2013,12(6):1206-1212.
[11]Kwon H,Hahn C,Kim D.Secure device-to-device authentication in mobile multihop networks[M].Wireless algorithms,systems,and applications.[S.l.]:Springer International Publishing,2014:267-278.
[12]Park B J,Lee T J,Jin K.Blockchain-based iot device authentication scheme[J].Journal of the Korea Institute of Information Security and Cryptology,2017,27(2):343-351.
[13]Jeong Y S,Park J S,Park J H.An efficient authentication system of smart device using multi factors in mobile cloud service architecture[J].International Journal of Communication Systems,2013,28(4):659-674.
[14]Yoo H J,Park J G,Koh J Y.An authentication scheme to guarantee reliability of device on wireless network environments[J].Information Science,2012,9(3):39.
[15]草春杰,杨超,马建峰.WLAN Mesh漫游接入认证协议[J].计算机研究与发展,2009,46(7):1102-1108.
[16]Ran C.Universally composable security:a new paradigm for cryptographic protocols[C]//42nd IEEE Annual Symposium on Foundations of Computer Science.Oakland:IEEE,2001:136-145.