计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2014年
12期
108-113
,共6页
王志蓬%林慕清%季东杰%徐剑
王誌蓬%林慕清%季東傑%徐劍
왕지봉%림모청%계동걸%서검
无线局域网%双向接入认证%基于身份签名%密钥协商%EAP-TLS方案%WAPI方案
無線跼域網%雙嚮接入認證%基于身份籤名%密鑰協商%EAP-TLS方案%WAPI方案
무선국역망%쌍향접입인증%기우신빈첨명%밀약협상%EAP-TLS방안%WAPI방안
Wireless Local Area Network ( WLAN )%bidirectional access authentication%Identity-based Signature ( IBS)%key agreement%EAP-TLS scheme%WAPI scheme
目前无线局域网中的典型接入认证方案不能较好地支持双向认证,并且效率较低。针对上述问题,利用基于身份签名技术,提出一种新的双向接入认证方案。给出方案的初始化过程、实体间认证协议以及基于该接入认证方案的密钥协商协议,并对密钥协商协议进行效率和安全性分析,结果表明,该协议能以较小的计算代价,实现已知密钥安全、前向安全、未知密钥分享和密钥控制。与EAP-TLS和WAPI2接入认证方案相比,该方案具有无证书、双向认证以及认证效率高等优势。
目前無線跼域網中的典型接入認證方案不能較好地支持雙嚮認證,併且效率較低。針對上述問題,利用基于身份籤名技術,提齣一種新的雙嚮接入認證方案。給齣方案的初始化過程、實體間認證協議以及基于該接入認證方案的密鑰協商協議,併對密鑰協商協議進行效率和安全性分析,結果錶明,該協議能以較小的計算代價,實現已知密鑰安全、前嚮安全、未知密鑰分享和密鑰控製。與EAP-TLS和WAPI2接入認證方案相比,該方案具有無證書、雙嚮認證以及認證效率高等優勢。
목전무선국역망중적전형접입인증방안불능교호지지지쌍향인증,병차효솔교저。침대상술문제,이용기우신빈첨명기술,제출일충신적쌍향접입인증방안。급출방안적초시화과정、실체간인증협의이급기우해접입인증방안적밀약협상협의,병대밀약협상협의진행효솔화안전성분석,결과표명,해협의능이교소적계산대개,실현이지밀약안전、전향안전、미지밀약분향화밀약공제。여EAP-TLS화WAPI2접입인증방안상비,해방안구유무증서、쌍향인증이급인증효솔고등우세。
Aiming at the problems such as bidirectional access authentication can not be supported and low efficiency in typical Wireless Local Area Network( WLAN) access authentication schemes,this paper proposes a bidirectional access authentication scheme using the Identity-based Signature ( IBS ) . The scheme ’ s initialization process, inter-entity authentication protocol,and an efficient key agreement protocol based on that access authentication scheme are given. The efficiency and safety property of the key agreement protocol are analyzed. Results show that this protocol not only has the expense of small computational cost,but also achieves known key security,forward security,unknown key sharing and key control. This is the advantage that other similar protocols do not have. Finally, this paper compares the proposed scheme with EAP-TLS and WAPI scheme in the aspects of performance,the results show that the proposed scheme has advantages of no certificate,mutual authentication and efficient authenticating.
