分离机制网络明确地分离了主机身份与位置信息,将互联网体系划分为接入网与核心网两大类,很好地解决了互联网的扩展性和移动性等问题.基于分离机制网络,结合可信计算技术,提出一种终端域内切换时的快速认证方案,在对终端用户身份进行认证的同时,对终端平台进行身份认证和完整性校验.在本方案中,终端进行域内切换时不需要本域的认证中心再次参与,仅由接入交换路由器通过Token即可完成认证.认证过程可以保持用户身份和平台信息的匿名性,减轻了认证中心的负担.与其他方案相比,本方案在认证开销、认证延迟以及安全性等方面均有明显优势.安全性分析结果表明本方案是安全高效的.
Spilt mechanism network cleanly separates the host location from its identity information and it is designed to divide the whole Internet into two parts, the core network and the access network. It can solve the extension and mobility of the Internet. In split mechanism network, when the terminal handoffs in intra-domain, the rapidity and security of the authentication process must be guaranteed. In this paper, combined with trusted computing, an authentication scheme for intradomain fast authentication based on the split mechanism network is proposed. The proposed scheme can realize the terminal platform authentication and terminal platform integrity verification as well as the user identity authentication. In the proposed scheme, the access switch router uses the token to authenticate the mobile terminal without communicating with the authentication center when the handover occurs in intra-domain. Through comparison with other intra-domain fast authentication schemes from the authentication costs, authentication latency and security, it demonstrates that the proposed scheme is more secure and more effective. It provides identity anonymity and platform anonymity, resists man-in-the-middle attack, anti-replay attack, and ensures key negotiation fairness and one-time pad. Also, the scheme reduces the burden of the authentication centers and it has great advantages over the current schemes.