中文摘要：

广域信息管理（SWIM,system wide information management）采用面向服务的体系结构（SOA,service oriented architecture）提供民航信息交互与数据共享功能。在分析SWIM体系结构和基于Diameter协议的EAP-MD5应用子协议基础上,给出标准Diameter/EAP-MD5认证过程中存在的安全隐患,改进了EAP-MD5认证协议,提出基于改进的Diameter/EAP-MD5协议的SWIM用户身份认证方法,研究基于Diameter的SWIM认证服务,并在模拟的SWIM环境中对改进方法进行仿真实验和安全性分析。实验结果表明,改进的Diameter/EAP-MD5认证方法可在计算性能相当的前提下提高SWIM认证系统的安全性,为SWIM安全服务框架的构建提供保障。

英文摘要：

System wide information management （SWIM） provides the civil aviation information exchange and data sharing function by using service-oriented architecture （SOA）. Based on the analysis of SWIM architecture and the sub-protocol EAP-MD5 of Diameter, the security vulnerable of authenticating process in standard Diameter/EAP-MD5 is explored, the EAP-MD5 authentication protocol is improved, and the SWIM authentication service based on Diameter is studied, then the SWIM authentication method based on improved Diameter/EAP-MD5 protocol is proposed. Experiments on the security of SWIM authentication service based on Diameter are performed in SWIM simulation environment, results show that the improved Diameter/EAP-MD5 authentication method can enhance the security of SWIM authentication and guarantee SWIM security service.