基于EAP-TLS的可信网络连接认证方案设计与实现

doi:10.3969/j.issn.1007130X.2011.

J4 ›› 2011, Vol. 33 ›› Issue (4): 8-12.doi: 10.3969/j.issn.1007130X.2011.

基于EAP-TLS的可信网络连接认证方案设计与实现

池亚平1,杨磊1,2,李兆斌1,方勇1

（1.北京电子科技学院通信工程系,北京 100070； 2.西安电子科技大学通信学院，陕西西安 710071）

收稿日期:2010-07-29 修回日期:2010-10-26 出版日期:2011-04-25 发布日期:2011-04-25
作者简介:池亚平(1969),女,河北沙河人，硕士，副教授，CCF会员（E200008445S），研究方向为网络安全和可信计算。杨磊(1986),男,湖南株洲人，研究方向为网络安全。李兆斌(1977),男，内蒙古宝昌人，博士，工程师，研究方向为网络安全和可信计算。方勇(1963),男,江苏盱眙人，教授，CCF会员（E200008444S），研究方向为网络安全。
基金资助:
国家自然科学基金资助项目(60951001);北京市自然科学基金资助项目(4102057);中办信息安全重点实验室项目（YZDJ0806）

Design and Implementation of an Authentication Scheme for Trusted Network Connection Based on EAPTLS

CHI Yaping1,YANG Lei1,2,LI Zhaobin1,FANG Yong1

（1.Department of Communication Engineering,Beijing Electronic and Science Technology Institute,Beijing 100070;
2.School of Communication,Xidian University,Xi’an 710071,China)

Received:2010-07-29 Revised:2010-10-26 Online:2011-04-25 Published:2011-04-25

摘要/Abstract

摘要：

TNC架构在终端接入网络前对终端的平台身份和平台环境进行可信认证，保证了接入终端的可信，但这种可信认证存在单向性的局限，无法保证网络服务器的可信。EAPTLS是802.1x中一种基于证书的扩展认证协议，支持双向认证机制。本文在分析TNC架构和EAPTLS双向认证机制基础上，设计了一种基于EAPTLS的可信网络连接双向认证方案，该方案能够对终端和服务器的平台身份、平台完整性和平台可信环境进行双向认证。在FHH@TNC开源架构搭建的可信网络环境上实现了客户端与服务器之间双向可信认证方案，并进行了方案测试，证明了方案的正确性。

关键词: 可信网络连接, 双向认证, EAPTLS

Abstract:

When a terminal access network, a trusted authentication of the terminal platform identity and the platform environment are implemented in the TNC architecture, which ensures the credibility of access terminal. However, the trusted authentication has the oneway limitation that can not guarantee the network server's credibility. EAPTLS is a extended authentication protocol based on 802.1x,which suports mutual authentication.On the basis of analyzing the architecture of TNC and the mutual authentication mechanism of EAPTLS,a mutual authentication scheme used in TNC based on EAPTLS is designed in this paper.The mutual authentication scheme is based on the certificates,the integrity and the trusted environment of platform,both for clients and servers.Finally,the paper implements a twoway trusted authentication scheme between the client and the server on the basis of the open source software FHH@TNC,and proves its validity.

Key words: trusted network connection;mutual authentication;EAPTLS

池亚平1,杨磊1,2,李兆斌1,方勇1. 基于EAP-TLS的可信网络连接认证方案设计与实现[J]. J4, 2011, 33(4): 8-12.

CHI Yaping1,YANG Lei1,2,LI Zhaobin1,FANG Yong1. Design and Implementation of an Authentication Scheme for Trusted Network Connection Based on EAPTLS[J]. J4, 2011, 33(4): 8-12.

[1]	张晓均, 唐浩宇, 付红, 王文琛. 智能车载网络中匿名认证与密钥交换协议[J]. 计算机工程与科学, 2024, 46(01): 83-90.
[2]	郭豪，王国才，罗聘. 一种基于Cookie的跨域单点登录方案设计[J]. 计算机工程与科学, 2017, 39(07): 1295-1299.
[3]	黄谷,缪力,张大方. 802.11i双向认证协议的模型检查[J]. J4, 2010, 32(4): 25-28.

基于EAP-TLS的可信网络连接认证方案设计与实现

Design and Implementation of an Authentication Scheme for Trusted Network Connection Based on EAPTLS

PDF

可视化

摘要/Abstract

引用本文

使用本文

相关文章 3

编辑推荐

Metrics

本文评价