基于预共享密钥的LAN安全关联方案改进与分析

Improvement and analysis of LAN security association scheme based on pre-shared key

针对基于预共享密钥的有线局域网(LAN)安全关联方案中交换密钥建立过程的通信浪费问题,提出了一种改进的LAN安全关联方案。该方案通过对基于预共享密钥的鉴别及单播密钥协商过程的改进,生成了新加入交换机和认证服务器之间的成对主密钥,并用于新加入交换机与各个不相邻交换机之间的交换密钥协商过程。然后,在该方案基础上提出了一种可信计算环境下的LAN安全关联方案。该方案在改进的基于预共享密钥的鉴别及单播密钥协商过程中进一步增加对终端设备的平台认证,从而实现终端设备的可信网络接入,有效增强了LAN的安全性。最后,利用串空间模型(SSM)证明了这两个LAN安全关联方案是安全的。性能对比分析结果表明,该方案有效减少了交换密钥建立过程的消息交互数和计算量。

For the communication waste of the exchange key establishment process in Local Area Network(LAN)security association scheme based on pre-shared key,an improved LAN security association scheme was proposed.A pairwise key between a new added switch and the authentication server was generated by improving the authentication and unicast key agreement process based on pre-shared key,and was used to the exchange key agreement processes between the new added switch and other nonadjacent switches.Then,on basis of the above improved scheme,a LAN security association scheme in trusted computing environment was put forward.In the improved authentication and unicast key negotiation process based on pre-shared key,the platform authentication of the terminal device was further increased,thereby realizing the trusted network access of the terminal device,and effectively enhancing the security of the LAN.Finally,the two LAN security association schemes were proved secure in the Strand Space Model(SSM).The results of performance comparison analysis show that the improved scheme reduces the number of exchanged messages and computation complexity of the exchange key agreement processes.