| People’s daily lives are more and more dependent on the network, but the security issues of the open network raises more and more attention, so building a secure network and computing environment has become a research hot topic recently. Trusted Network technology is a good candidate, and it has important significance to build a safe, controllable and reliable network. The establishment of a credible communication between authentication parts is based on authorization of the trusted third party. However, most current authorization system is centralized authorization service model, which has a single point of failure and performance problems and it is difficult to deploy in the large-scale network, so scalable distributed authorization service system is an important factor for the extensive application of the trusted network.Based on deep research and analysis of the existing authorization service system, a distributed hierarchical authorization system model is put forward, interaction protocol is designed among authorization servers. Distributed hierarchical authorization system architecture is divided into two layers including core authorization service layer and sub-authorization service layer. The network is divided into different areas for sub-authorization servers and strategies are automatically divided and delivered to sub-authorization servers by core authorization servers. The sub-authorization servers provide authorization service for network devices of their own network areas. For automatic segmentation problem of hierarchical authorization strategies, optimization strategies screening algorithm and strategies synchronization algorithm based on breadth-first search(BFS) are presented, and strategies distribution protocol designed among the authorization servers. In the protocol packets, digital packets signature technology to ensure information integrity and anti-counterfeiting and uses data encryption/decryption technology to ensure the privacy of information, and to ensure communication security between the authorization servers.Based on the above research, distributed hierarchical authorization system software is implemented based on the Linux server platform and the YH commercial router platform, and a test environment is built for performance testing. Experiments show that: a distributed hierarchical authorization system divides strategies according to the network topology, and effectively reduces the demand of resources in sub-authorization servers, and the system avoids single point of failure problem in the traditional authorization service system and improves overall service performance of the system and achieves good application effect. |
PDF Full Text Request