摘要
在位置与标识分离的体系结构(LISA)的基础上,提出位置与标识分离的体系结构的网络访问控制机制(LISA-NAC).该机制包括基于标识的访问控制(IBAC)模型和自验证标识.IBAC模型提供了更加精确和高效的网络访问控制,并能适应移动节点的访问控制.自验证标识使得报文接收方可以不依赖第三方认证,直接根据报文携带的信息来验证报文源归属,从而减少标识欺骗的可能性.基于原型系统的实验结果表明,LISA-NAC带来的传输性能下降和系统开销较小,具有可行性.
On the basis of locator and identifier separation architecture (LISA), a LISA-NAC (net- work access control) access control mechanism, including identifier-based access control (IBAC) model and self-verifying identifier, is proposed. The IBAC model makes network access control more accurate and efficient, and fits for mobile nodes' access control quite well. Moreover, self-verifying identifier makes it possible for the receiver to verify the packet sender's identity without the third part authentication; which reduces the probability of "identifier spoofing". The experimental results shows that LISA-NAC brings low traffic performance degrade and the system cost is small, which proved the feasibility.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2010年第5期28-31,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家高技术研究发展计划资助项目(2008AA01A325)
关键词
网络访问
移动性
位置与标识分离
标识欺骗
基于标识的访问控制
自验证标识
network access
mobility
locator and identifier separation
identifier spoofing
identifier-based access control (IBAC)
self-verifying identifier