| With the continuous development of converged network and the diversify of equipment type,the network structure becomes more complex and requirements of network safety continue toincrease. The existing SNMPv3scheme is based on user security model which uses engineID toidentify equipment’s legal status. But this method can’t meet the safety management for complexequipments in converged network.In this paper, the concept of device fingerprint is proposed to specify and mark kinds ofequipments in converged network. The structure and generation method of the new concept hasalready been designed specifically. The local-key generation method is generated from devicefingerprint. Improved authentication and encryption process of network message are also described.By analyzing the problems of USM mechanism and comparing defects of public key cryptographyschemes, the new security model of message encryption and authentication is proposed which isbased on certificateless public key cryptography. It also gives an improved algorithm and processabout SNMPv3message communication.The first experiment can be divided into two parts. The first part is generating devicefingerprint dynamically and achieving security communication in network management. Thesecond part is verifying the success of data privacy, integrity authentication and other securityrequirements. The second experiment is based on certificateless cryptography mechanism. Itcompares the level of safety and efficiency among CL-PKCSM, USM, TLS and other models.By the rigorous message authentication and encryption mechanism, it achieves securitymanagement of complex equipment in converged network and protects the security of SNMPv3network communications. |
PDF Full Text Request