Research On Authentication Mechanism For Trusted Network Access

With development of Internet, the network has become the major mean of information exchanging in every field. However, it also brings more threats to the network due to the insufficient trust and security. Espacially, the fast development of E-commerce and E-government also makes the security problems of the network increasingly severe with too many viruses and Hackers. All of these lead to the decline of the credibility of the network. Through the study, we learn: The shortcoming in the design of software and hardware architecture, and without strict authentication and authorization to users, which are the main cause of security incidents. The traditional security safeguards focus on the protection of the server and the network, but ignore security of the terminal device itself. However, most of attacks arise from unsafe terminal devices. Only setting up security architecture from the source of terminal device, and combining with internal and external factors which can construct a trust and safe network environment. Refering to the existing authentication technology and the trusted computing technologies, this paper designs a model of the trusted network access authentication. The basic theory is to control network access privileges of endpoints by evaluating their security posture information through which unhealthy endpoints will be excluded. By prevent the unhealthy endpoints from accessing the network, the network is trusted and healthy, which doesn't have any weakness that can be used by hackers. Such a trusted network can effectively defend against threats and reduce frequency of attack.Refering to security posture assessment and traditionary access authentication mechanism, this paper designs an access authentication model which based on security posture assessment. This model supports current access mechanism such as 802.1x, VPN, but also supports the authentication protocol WAPI contrived by CHINA. The mainly tasks are as follows: 1. analyzed the security problems and the shortages in the current network and the security system, and introduced the related technologies in the paper; 2. Improved WAPI and avoided "the-middle-man" attack, and used BAN logic to analyze the security of the improved protocol; 3. Particularly described the model, the system framework, the layer model structure of the trusted network access authentication mechanism; 4. Described the deployment of the trusted network access authentication model which located in the mobile terminal and mobile data netework; 5. Summarized the paper, and explained the shortage and following research works.To sum up, based on the current trusted network access technologies, this paper searched and studed the trusted network access technology, and I hope this paper will do great contribution to the development of the trusted network access and might be contributed the future China self-owned trusted network access technology.