| With the development of information technology, the gathering, processing and using of information have become more convenient and efficient. However, due to the interconnection, sharing, exchange of the network and weak security features, as the powerful and efficient information technology brings great convenience to people, the boundaries of public space and private space are blurred, which creates great impact on network information security. Therefore, the development of science and technology and the changes of social lifestyle put forward the new and higher requirements on the protection of personal information.In order to meet the security needs of the majority of Internet users, a large number of network security techniques have been researched and applied extensively. Among them, the Internet cross-domain authentication model and the related technologies become a research focus. From the reality, around the Internet-domain authentication model and the related technologies, the main work is as follows:First, when a sudden increase in Internet cross-domain authentication requests, cross-domain authentication requests may cause the collapse of the authentication server. Instead, as the request is too less, the network authentication server will be idle. For the Internet services which transfer authentication messages through Web protocols and require less security and higher performance and expansibility, the optimization scheme of Internet cross-domain authentication based on consistent hashing is proposed. With this scheme, it is very easy to add or remove a certain authentication server at the lowest cost. And it can provide a better way to balance load and realize redundancy.Second, the network tends to be more distributed, in the form of mutual cooperation. Users usually log on to the information systems which consist of multiple heterogeneous trust realms. Each domain is independent and autonomous. If users always have to enter their id, passwords or the other user credentials information when using some service each time, it’s obviously very troublesome and insecure. In this paper, a new cross-realm authentication protocol model is proposed. The model supports mutual authentication between the entities in different trust realms. Compared with traditional cross-realm authentication model, the model reduces the register workload among authentication servers and simplifies the distribution and management of shared keys among authentication servers. The model could also avoid network bottleneck and single point collapse problem caused by single authority authentication. The analysis shows that the protocol model owns higher security and reliability, which can make application server carry out access control effectively to ensure network security.Due to the rapid growth of network resources, users log on to the different information systems everyday. In this paper, a new cross heterogeneous realm authentication model mainly based on PKI is proposed, and the detailed authentication processes in different situations are designed. The cross-realm authentication between PKI realm and Kerberos realm can be achieved effectively, and mutual authentication is supported in this model. The analysis shows that the proposed scheme has better security, compatibility and expansibility.In addition, when visiting cross-domain service resources, the network users usually use the cross-domain authentication protocol and key agreement protocol to achieve the purpose of mutual authentication and shared key. Through the theoretical analysis and performance comparison, a new protocol which combines cross-domain authentication and key agreement together is proposed in this paper. With the help of this protocol, cross-domain authentication and key agreement can be achieved with less computational resource, storage resource and network bandwidth. At the same time, the proposed protocol can provide confidentiality, authentication, integrity, non-repudiation and other security guarantees. And the protocol has higher level of security and efficiency.In recent years, mobile devices commonly use wireless networking technology, so the message transmission can easily be intercepted in the open space. Through the analysis of the security of a Mobile IP registration and the study of its merits and demerits, this paper puts forward one new Mobile IP cross-domain registration and authentication protocol. The proposed protocol can provide a higher level of security while maintaining the characteristics of the original protocol. Therefore, it can resist replay attack, man-in-the-middle attack and other threats effectively. Meanwhile, the RC4algorithm can provide better performance and ensure the security of WLAN data transmission in the resource-constrained environment. This paper analyzes the security of the RC4algorithm, proposes an approach to improve the security of RC4algorithm and analyzes the effect of the improved algorithm.Finally, this paper also proposes one new wireless network cross-domain authentication protocol, which can distribute keys through the appropriate way, and resist replay attacks and man-in-the-middle attacks effectively. With this protocol, users of mobile devices and servers in the different security domain can easily authenticate each other’s identity. In the communication process, symmetric cryptography is used to protect the confidentiality, integrity and non-repudiation of messages, and symmetric cryptosystem is more efficient than asymmetric cryptography. The theoretical analysis and comparison of results show that the cross-domain authentication protocol is secure and efficient, and thus, it is more practical than other similar protocols. |
PDF Full Text Request