基于身份标签的一体化网络接入认证方案

本文针对一体化网络体系结构中接入认证机制的安全问题,提出一种基于身份标签的一体化网络新型接入认证方案,该方案采用"挑战-应答"的方式,充分结合一体化网络体系结构的特点与现有数字证书机制的优势,实现用户终端与接入网络的双向认证;并且,该方案采用"身份标签"将接入用户的数字证书与接入标志绑定,实现用户的身份信息与用户终端的真实对应关系;同时,通过对用户终端实施可持续性认证,有效地保障了一体化网络体系中信息源的真实性,从而提高一体化网络接入的可控可管性。最后对该方案的安全性与初始接入认证过程的性能进行定性分析与比较,并对身份标签的可持续性认证进行会话性能分析。

An Access Authentication Scheme Based on Identity Label in Universal Network

Aiming at assuring the authenticity and creditability of the terminals in the universal network,this paper proposes a new access authentication scheme based on the identity label for the universal network.By combining the characteristics of the universal network architecture with the advantages of the existing digital certificate,the scheme uses the challenge-response approach to achieve the double-way authentication between the terminals and access network.In addition,the scheme introduces the "identity label" to bind the user’s digital certificate and Access Identifier(AID) of the terminal,and accomplishes the real relation between the user’s identity and the terminal.At the same time,by implementing the sustainable authentication for the terminals,the scheme successfully guarantees the authenticity of the sources in the universal network and effectively promotes the control-ability and manageability of the universal network.Finally,this paper presents a qualitative analysis for the security and the performance of this scheme,and gives a timing analysis for the sustainable authentication of the identity label.