Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (11): 3246-3251.DOI: 10.11772/j.issn.1001-9081.2018040896

Previous Articles     Next Articles

Improvement and analysis of LAN security association scheme based on pre-shared key

XIAO Yuelei1,2,3, WU Junsheng1, ZHU Zhixiang2,3   

  1. 1. College of Computer Science, Northwestern Polytechnical University, Xi'an Shaanxi 710072, China;
    2. Shaanxi Provincial Information Engineering Research Institute, Xi'an Shaanxi 710075, China;
    3. Institute of IOT and IT-based industrialization, Xi'an University of Posts & Telecommunications, Xi'an Shaanxi 710061, China
  • Received:2018-05-02 Revised:2018-06-15 Online:2018-11-10 Published:2018-11-10
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61741216,61402367), the Shaanxi Science & Technology Co-ordination and Innovation Project (2016KTTSGY01-03), the Special Scientific Research Project of Education Department of Shaanxi Province (17JK0704), the New Star Team Project of Xi'an University of Posts and Telecommunications.

基于预共享密钥的LAN安全关联方案改进与分析

肖跃雷1,2,3, 武君胜1, 朱志祥2,3   

  1. 1. 西北工业大学 计算机学院, 西安 710072;
    2. 陕西省信息化工程研究院, 西安 710075;
    3. 西安邮电大学 物联网与两化融合研究院, 西安 710061
  • 通讯作者: 肖跃雷
  • 作者简介:肖跃雷(1979-),男,江西吉安人,副教授,博士,主要研究方向:可信计算、无线网络安全;武君胜(1962-),男,陕西礼泉人,教授,博士,主要研究方向:软件工程、科学计算可视化;朱志祥(1967-),男,天津人,教授,博士,主要研究方向:网络与信息安全、政务信息化。
  • 基金资助:
    国家自然科学基金资助项目(61741216,61402367);陕西省科技统筹创新工程计划项目(2016KTTSGY01-03);陕西省教育厅专项科学研究项目(17JK0704);西安邮电大学"西邮新星"团队支持计划项目。

Abstract: For the communication waste of the exchange key establishment process in Local Area Network (LAN) security association scheme based on pre-shared key, an improved LAN security association scheme was proposed. A pairwise key between a new added switch and the authentication server was generated by improving the authentication and unicast key agreement process based on pre-shared key, and was used to the exchange key agreement processes between the new added switch and other nonadjacent switches. Then, on basis of the above improved scheme, a LAN security association scheme in trusted computing environment was put forward. In the improved authentication and unicast key negotiation process based on pre-shared key, the platform authentication of the terminal device was further increased, thereby realizing the trusted network access of the terminal device, and effectively enhancing the security of the LAN. Finally, the two LAN security association schemes were proved secure in the Strand Space Model (SSM). The results of performance comparison analysis show that the improved scheme reduces the number of exchanged messages and computation complexity of the exchange key agreement processes.

Key words: Local Area Network (LAN), trusted computing, platform authentication, Strand Space Model (SSM), security association

摘要: 针对基于预共享密钥的有线局域网(LAN)安全关联方案中交换密钥建立过程的通信浪费问题,提出了一种改进的LAN安全关联方案。该方案通过对基于预共享密钥的鉴别及单播密钥协商过程的改进,生成了新加入交换机和认证服务器之间的成对主密钥,并用于新加入交换机与各个不相邻交换机之间的交换密钥协商过程。然后,在该方案基础上提出了一种可信计算环境下的LAN安全关联方案。该方案在改进的基于预共享密钥的鉴别及单播密钥协商过程中进一步增加对终端设备的平台认证,从而实现终端设备的可信网络接入,有效增强了LAN的安全性。最后,利用串空间模型(SSM)证明了这两个LAN安全关联方案是安全的。性能对比分析结果表明,该方案有效减少了交换密钥建立过程的消息交互数和计算量。

关键词: 有线局域网, 可信计算, 平台认证, 串空间模型, 安全关联

CLC Number: