计算机工程与科学2011,Vol.33Issue(4):8-12,5.DOI:10.3969.j.issn.1007-130X.2011.04.002
基于EAP-TLS的可信网络连接认证方案设计与实现
Design and Implementation of an Authentication Scheme for Trusted Network Connection Based on EAP-TLS
摘要
Abstract
When a terminal access network, a trusted authentication of the terminal platform identity and the platform environment are implemented in the TNC architecture, which ensures the credibility of access terminal.However, the trusted authentication has the one-way limitation that can not guarantee the network server's credibility.EAP-TLS is a extended authentication protocol based on 802.1x,which suports mutual authentication.On the basis of analyzing the architecture of TNC and the mutual authentication mechanism of EAP-TLS,a mutual authentication scheme used in TNC based on EAP-TLS is designed in this paper.The mutual authentication scheme is based on the certificates,the integrity and the trusted environment of platform, both for clients and servers.Finally, the paper implements a two-way trusted authentication scheme between the client and the server on the basis of the open source software FHH@TNC,and proves its validity.关键词
可信网络连接/双向认证/EAP-TLSKey words
trusted network connection/ mutual authentication/ EAP-TLS分类
信息技术与安全科学引用本文复制引用
池亚平,杨磊,李兆斌,方勇..基于EAP-TLS的可信网络连接认证方案设计与实现[J].计算机工程与科学,2011,33(4):8-12,5.基金项目
国家自然科学基金资助项目(60951001) (60951001)
北京市自然科学基金资助项目(4102057) (4102057)
中办信息安全重点实验室项目(YZDJ0806) (YZDJ0806)
