| Multi-level security network is a way to allow users of multiple sensitive levels toaccess the networks and communicate with others, which can handle a variety ofsensitivity levels of data storage, processing and transmission of high-level networksecurity. With the ceaseless development of network application and expansion indistributed environment, multi-level security technologies which can solve the securityproblem of network system of high sensitivity level created an urgent demand. In thispaper, key technologies of a mobile IPSec based distributed multilevel secure networkarchitecture were in-depth researched, and related work is as follows:With PKI technology, there may be some security issues of single point of failureand lack of authorization control in traditional key management in the root CA. In orderto improve the security of network authorization and authentication security, a thresholdsignature mechanism based scheme of key management and authentication is presentedin the paper.Mobile IPSec based distributed multilevel security network exists a problem ofcovert channel of two-way key interaction in IKEv2protocol. With MAC-Gate’s(mandatory access control gateway) participation, this paper proposes a mobile IPSecbased key agreement scheme, to achieve a one-way key negotiation process, and toreduce the covert channel risk of leaking secret information.In multi-level security networks, security label provides a premise for all levels ofmulti-task processing system. Current way of handling security label is adding it as aload into every data header, which added an additional header overhead, and also is notconducive to reduce the network load. This paper presents a new security labelprocessing method, which takes security label as a MIPSec selector, in accordance withIKEv2to negotiate the this communication’s security association. And its correctnessand feasibility are verified on the simulation platform of NS-2.28. |
PDF Full Text Request