| With the rapid development of the global economy and networking process progresses, user’s demand tends to be diversified and personalized. Traditional enterprises only rely on the optimal use of their internal resources, has been difficult to cope with the rapidly changing market demands and complex competitive environment. To survival and development better, the enterprises must break through the traditional business model and introduction of new organizational model, so the virtual enterprise came into being. Virtual Enterprise is compose of a number of heterogeneous enterprises come from different places who want to seize market opportunities. They form a dynamic temporary alliance to share resources and improve their competitiveness. In the virtual enterprise environment, there are many activities that user access resource cross a different domain, what’s more, because of the virtual enterprise with the characteristics of heterogeneous, temporary and low cost making the security of virtual enterprise more complex than the traditional enterprises. To ensure the safety and effective of resource sharing between heterogeneous domains, user needs to resolve cross domain authentication and session key agreement first when access resources. Therefore, design a cross-domain authentication and key agreement which satisfy the characteristics of virtual enterprise to ensure the security of resource sharing. It is an urgent and basic work with important theoretical value and significance.In this paper, firstly, the overview of virtual enterprise environment is shown and its specific security demand is analysed. Then a heterogeneous cross domains authentication and key agreement protocol in virtual enterprise is proposed. In the protocol, Firstly, a public key crypto system based first-tier distributed authentication mechanism between the CA in a PKI domain and the AS in a Kerberos domain is established. Then based on the access authorization tickets generated by the CA or the AS (together with TGS), two second-tier authenticated key agreement protocols are presented to realize the cross-domain authentication and session key agreement between the end user and the resource. The correctness of the new scheme is proven by the SVO logic, and the detailed analysis shows that the proposed scheme not only meets the security requirements of both tiers, but also has high efficiency. At last, In the Windows environment we use the visual studio2005programming software, and calling the WinNTL5.4and OpenSSL10.0function library, finished the authentication and key agreement simulation, based on the simulation results the feasibility and efficiency of the protocol is proved. |
PDF Full Text Request