摘要
描述了在TCP/IP网络中,如何通过路由器对入网的机器进行动态安全认证以防止IP地址或使用者的身份被盗用,从而增强网络安全.详细地介绍了这种基于路由器的安全认证方法的实现模型,该模型由在路由器上运行的安全认证服务器和在用户机器上运行的安全客户程序,以及在网络管理工作站上运行的日志服务器构成;同时,还介绍了基于128位密钥的动态认证过程,以及密钥和日志记录的管理,最后探讨了这些方法的有效性及安全性.所描述的方法可以有效地解决如地址欺骗、非法网络活动的记录和追查等问题.
A router based approach to authenticate TCP/IP network activities dynamically is presented. The objective is to enhance network security by giving each user an identity that cann′t be forged. The model consists of a security authentication server running on router, a security client running on user machine and a log server running on NMS (network management station). Discussed in detail here are the 128bits key dynamic authentication process, the management of key and security log, and the effectiveness of this model. This model makes it easier for network manager to solve the problem of IP spoofing, and to trace network hacking activities.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
1999年第7期1-4,共4页
Journal of Xi'an Jiaotong University
基金
国家"九五"重点科技攻关项目
