The Design And Implement Of ACR Access Control Mechanism And It's Security Analysis

With the expanding of broad band information network, the management system of backbone core network is consummating increasingly. We must build a kind of new band access network immediately which making people access backbone core network on the administrable, controllable and exercisable condition. This project relies on an important item—Research on system performance and key technologies of large-scale Access Convergence Router (ACR).It is precondition to constructing the security and reliable information ligament between ACR access network and people. To satisfy these demands that providing fast, stable, secure and credible services to clients, the access network of ACR must have a suit of mechanism to security admission and reasonable control. This dissertation designs the access control mechanism of ACR system and analyzes of its security. the main works and contributions include:1. Proposes the key problems in the design of ACR security access control mechanism, through the analysis on the structure of the ACR system and the security demands, and makes deep research on current main access authentications. According to their principles, it analyses their implementation overflow in ACR system, and makes comparisons of their advantages and disadvantages. These works make a theory foundation for the design of ACR system access control mechanism.2. Through the analysis on the demands of ACR access control mechanism, it designs the whole access control scheme, and combining with the concrete equipment of ACR-Portal, adopts the hook mechanism to link the protocol part under the embedded core state and program application part under client state.3. Presents the security hidden trouble of the access network, and analyzes the security of the ACR access control mechanism that based on 802.1x. Proposes a "three-part authentication framework" for the sake of improving the security of the ACR access control mechanism and its security is proved via the style of format language.4. Through the analysis on the testing data from the concrete ACR environment, the usability and the security of the ACR access control mechanism proposed by this thesis is proved.