Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (7): 1970-1976.DOI: 10.11772/j.issn.1001-9081.2020081155

Special Issue: 网络空间安全

• Cyber security • Previous Articles     Next Articles

Improvement and analysis of certificate-based wired local area network security association scheme

XIAO Yuelei1,2, DENG Xiaofan3   

  1. 1. School of Modern Posts, Xi'an University of Posts and Telecommunications, Xi'an Shaanxi 710061, China;
    2. Shaanxi Information Engineering Research Institute, Xi'an Shaanxi 710075, China;
    3. School of Computer Science and Technology, Xi'an University of Posts and Telecommunications, Xi'an Shaanxi 710121, China
  • Received:2020-08-04 Revised:2020-10-17 Online:2021-07-10 Published:2020-11-25
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61741216, 61402367).

基于证书的有线局域网安全关联方案改进与分析

肖跃雷1,2, 邓小凡3   

  1. 1. 西安邮电大学 现代邮政学院, 西安 710061;
    2. 陕西省信息化工程研究院, 西安 710075;
    3. 西安邮电大学 计算机学院, 西安 710121
  • 通讯作者: 肖跃雷
  • 作者简介:肖跃雷(1979-),男,江西吉安人,副教授,博士,主要研究方向:信息安全、大数据;邓小凡(1995-),女,陕西礼泉人,硕士研究生,主要研究方向:数据分析与挖掘。
  • 基金资助:
    国家自然科学基金资助项目(61741216,61402367)。

Abstract: In the Tri-element Peer Authentication (TePA)-based wired Local Area Network (LAN) media access control Security (TLSec), the certificate-based wired LAN security association scheme has communication waste in the exchange key establishment processes and is not suitable for trusted computing environment. To solve these two problems, firstly, an improved certificate-based wired LAN security association scheme was proposed. In this scheme, the exchange key establishment process between the newly added switch and each nonadjacent switch was simplified, thus improving the communication performance of the exchange key establishment processes. Then, a certificate-based wired LAN security association scheme for trusted computing environment was proposed based on the above scheme. In this scheme, the platform authentication of the newly added terminal devices was added in the process of certificate-based authentication, so as to realize the trusted network access of the newly added terminal devices, and effectively prevent the newly added terminal devices from bringing worms, viruses and malicious softwares into the wired LAN. Finally, the two schemes were proved secure by using the Strand Space Model (SSM). In addition, through qualitative and quantitative comparative analysis, the two schemes are better than those proposed in related literatures.

Key words: wired Local Area Network (LAN), trusted computing, platform authentication, Strand Space Model (SSM), security association

摘要: 在基于三元对等鉴别(TePA)的有线局域网(LAN)媒体访问控制安全(TLSec)中,基于证书的LAN安全关联方案在交换密钥建立过程中存在通信浪费和不适用于可信计算环境的问题。为了解决这两个问题,首先提出了一种改进的基于证书的LAN安全关联方案。该方案简化了新加入交换机与各个不相邻交换机之间的交换密钥建立过程,从而提高了交换密钥建立过程的通信性能。然后,在该方案基础上提出了一种可信计算环境下的基于证书的LAN安全关联方案。该方案在基于证书的鉴别过程中增加了对新加入终端设备的平台认证,从而实现了新加入终端设备的可信网络接入,能有效防止新加入终端设备将蠕虫、病毒和恶意软件带入LAN。最后,利用串空间模型(SSM)证明了这两个方案是安全的。此外,通过定性和定量的对比分析可知,这两个方案要优于相关文献所提出的方案。

关键词: 有线局域网, 可信计算, 平台认证, 串空间模型, 安全关联

CLC Number: