摘要
为满足跨交换机间的媒体访问控制(MAC)层安全通信需求,提出一种改进的MACSec安全关联方案。该方案建立了新加入交换机与不相邻交换机之间的安全关联密钥(SAK),用于保护它们之间的MAC层数据通信。为了使得该方案进一步适合于可信计算环境,在该方案基础上提出了一种可信计算环境下的MACSec安全关联方案。该方案增加了对终端设备的平台认证,从而实现了终端设备的可信网络接入,有效增强了局域网络的安全性。最后,利用串空间模型(SSM)证明了这两个MACSec安全关联方案是安全的。
To meet the cross-switch security communication demand in media access control(MAC)layer,this paper proposed an improved MACSec security association scheme.It established a security association key(SAK)between a new added switch and each nonadjacent switch to protect the data communication between them in MAC layer.In order to make the above scheme suitable for trusted computing environment,this paper further put forward a MACSec security association scheme for trusted computing environment based on the above scheme.It added the platform-authentication of a terminal for realizing the terminal’s trusted network accessed.As a result,it enhanced the security of local area network effectively.Finally,this paper proves that the two schemes are secure by the strand space model(SSM).
作者
肖跃雷
武君胜
朱志祥
Xiao Yuelei;Wu Junsheng;Zhu Zhixiang(School of Computer Science,Northwestern Polytechnical University,Xi'an 710072,China;Shaanxi Provincial Information Engineering Research Institute,Xi'an 710075,China;Institute of IOT & IT-based Industrialization,Xi'an University of Posts & Telecommunications,Xi'an 710061,China)
出处
《计算机应用研究》
CSCD
北大核心
2019年第10期3043-3047,3062,共6页
Application Research of Computers
基金
国家自然科学基金资助项目(61741216,61402367)
陕西省科技统筹创新工程计划资助项目(2016KTTSGY01-03)
陕西省教育厅专项科学研究项目(17JK0704)
西安邮电大学“西邮新星”团队支持计划项目
关键词
媒体访问控制
安全关联
可信计算
平台认证
串空间模型
media access control
security association
trusted computing
platform-authentication
strand space model
