| Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.In actual use of network and information system, the lack of management tools would directly affect the normal operation of the user network, even bring about irreparable disaster to the state and society. The usual network access control system can boost up the security of the network to a certain extent. However it's deficient in the authentication access and insufficient in control efforts. Currently there are enumerous directory search algorithms, but these algorithms are cost heavely in query with a long delay. Thus the network of information resources can not be effectively demonstrated.In this paper, based on the in-depth analysis of current access technologies, a set of network access control processes are proposed and corresponding authentication protocol is designed for this set of processes. We design a new directory lookup algorithm to improve the search performance.Our research work in this paper are threefold.First, we propose a novel authentication process for network access control system to make up the shortfalls in current network access control system.Second, we design network access authentication protocol for our new authentication process. This protocol resolves problems in the 802.1X authentication protocol such as certification and the business can not be separated, IP addresses would easily be forged, network security in the client system can not be verified and user rights can not be distinguished. We test and analyze possible threats and potential security defects through a prototype system. The results show that our protocol improves performance and security.Third, to better manage the network operation and perform network user behavior monitoring, combining with network information resource structure and the diversity of system behavior, this paper creatively introduce the network directory service into the access control system. We redesign the directory service query module, improve directory search algorithm and lower the query overhead and delay. Prototype test results show that the efficency of directory search is promoted and it can reduce the query overhead of 15% and 10% of the network latency when comparing with existing directory query algorithms.In practical engineering applications, the above work has been applied in the network access control system. Finally, this paper summarized our work and shows the follow-up research work. |
PDF Full Text Request