| 网络层身份验证机制的设计与实现 |
| |
| 引用本文: | 毛燕琴,沈苏彬.网络层身份验证机制的设计与实现[J].南京邮电大学学报(自然科学版),2006,26(4):79-85. |
| |
| 作者姓名: | 毛燕琴 沈苏彬 |
| |
| 作者单位: | 南京邮电大学,网络技术研究中心,江苏,南京,210003 |
| |
| 基金项目: | 国家自然科学基金;江苏省自然科学基金;信息产业部资助项目 |
| |
| 摘 要: | 网络层安全体系框架IPSec(IP Security)在报文信息安全模型基础上提供了基于密钥的报文源验证服务。针对该服务存在的一些不足,在面向网络基础设施的安全模型基础上,提出一种网络层身份验证机制,利用机制中设计的身份标识协议和报文源身份验证机制,可保证通信实体的合法性,提供可靠的基于IP地址的报文源验证服务和基于通信实体特征信息的密钥协商机制。最后通过测试实验,阐述新机制具有的功能和性能。
|
| 关 键 词: | 网络安全 安全攻击 身份验证 IP假冒 |
| 文章编号: | 1673-5439(2006)04-0079-07 |
| 收稿时间: | 2005-11-01 |
| 修稿时间: | 2006-03-01 |
Design and Implementation of Authentication Mechanism in IP Networks |
| |
| MAO Yan-qin,SHEN Su-bin.Design and Implementation of Authentication Mechanism in IP Networks[J].Journal of Nanjing University of Posts and Telecommunications,2006,26(4):79-85. |
| |
| Authors: | MAO Yan-qin SHEN Su-bin |
| |
| Institution: | Research Center of Network Technology, Nanjing University of Posts and Telecommunications, Nanjing 21003, China |
| |
| Abstract: | Existing network security framework IP Security(IPSec) proposed for information security model offers data origin authentication service based on common keys in IP layer.To tackle the deficiency of the service,a kind of authentication mechanism is proposed on the basis of network security model facing to network infrastructure..Making use of the identity label protocol and message origin authentication mechanism designed in the authentication mechanism,they can guarantee the legitimacy of the communication entities,offer a credible data origin authentication service based on IP addresses and provide key agreement mechanism based on the characteristic information of the entities.Finally,The functions and the performance of the new mechanism are illustrated by results. |
| |
| Keywords: | IPSec |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
