| Under the open Internet environment, three security mechanisms, including data confidentiality, identity authentication, and access control mechanism, must be realize when constructing logic secure subnet. Access control can prevent data from being destroyed, altered, disclosed, or copied by unauthorized accesses. And every access control system needs to authenticate the identity of user. Secure access control mechanism is key technique that keeps security of subnet, and also the hotspot in the field of network security. The aim of the thesis is to research identity authentication and access control mechanism of secure subnet, and realizeing scheme. To overcome the shortcoming of the double-way authentication access control scheme based on Harn's digital signature, a new double-way authentication protocol is proposed to improve the old one. A new single-key-lock-pair access control scheme is proposed as a improved access control scheme, based on the property that a integer can be denoted into only one binary digital. This thesis is composed of three parts:Firstly, summarize of theoretics. The security framework of open connecting systems is introduced in charpter one. Key technology of modem cryptology used in the thesis is described in charpter two.Secondly, researchs of identity authentication and access control mechanism in secure subnet. An abstract model of secure subnet is put forward based on channel model of VPN and secure subnet model of enterprise in charpter three. And double-way authentication access control mechanism of secure subnet is analyzed in detail in charpte four.Thirdly, researchs of the double-way authentication access control scheme. The insecurity of the double-way authentication access control scheme based on Harn's digital signature is analyzed in charpter five. A new scheme is proposed to improve the old one in charpter six.An improved shceme for the old double-way authentication access control scheme based on Harn's digital signature is proposed. The new double-way authentication protocol of the improved access control scheme can prevent man-in-the-middle attack and replay attack. After strict formal analysis with BAN logic, the result have proved that the authentication protocol is secure. The improved access control scheme is realized by the mode of single-key-lock-pair. Under new access control scheme, user can own several kinds of access right upon one file under the new scheme without the supposition that the access rights is increase by degrees, and the possibility of overflow problem is significantly reduced by our new method... |
PDF Full Text Request