| The Wide Sense Circuit(WSC) is a new network technology that can enhance the network service by dynamically adjusting the communication capability, adapt to network application, and have the adaptability and re-configurability characteristics. Because the existing network did not contain the security measurements when it was designed, it owns many security problems all the times. The WSC network also faces many security challenges, because it is established on the backbone network. The pressing issues that the WSC needs to solve include how to guarantee its secure communication and high quality service, and how to securely authenticate and manage the data flow. Aiming at these problems, this paper discusses the authentication technology of data flow under the WSC environment. The main works are as follows.1. The authentication architecture of data flow in WSC network.We propose the authentication architecture of data flow in WSC network and design an authentication scheme for the data flow that goes into the WSC network. In the scheme, a user needs to authenticate himself and register before getting the WSC services, to retrieve the authorization token and the private key of packet signatures. Then, the user can send out signed packets containing the authorization token, while the entrance routers of the WSC network can authenticate the data flow by checking the decrypted signatures. To guarantee the security and efficiency of data flow authentication, a multi-factor identity authentication protocol is used to authenticate the user and server identities, and a batch validation algorithm based on short signatures is used to improve the efficiency of signature validation. The combination of authentication and batch signature validation achieves the secure, fast and efficient data flow authentication in a high speed network. This architecture can benefit on finding out user’s illegal communication behaviors, preventing the illegal data flow going into the WSC network, and guaranteeing the reasonable usage of WSC resources.2. The multi-factor identity authentication protocol.We propose a multi-factor identity authentication scheme. It improves the scheme proposed by Chuang et al on protecting from the stolen smart card attack, impersonation attack, server spoofing attack and man-in-the-middle attack, and guaranteeing on the forward security. It solves the problem of weak resistance to attacks in single-factor authentication approaches, by combining the smart card, with biometrics and session key. It also guarantees the security of mutual identity authentication between users and servers and that of session keys from bilinear map. To enhance the protocol security, the increased costs resulted from the security measures are acceptable and cause no pressure to authentication servers. The result of security analysis shows that our scheme can resist to several known attacks by enhancing the security in identity authentication.3. The batch validation algorithm based on short signatures.We propose a batch validation scheme for the data flow signatures in the WSC network. In the scheme, the validation cost is independable to the signature amount, because they are validated all together. It solves the problems of traditional signature validating methods, such as one by one validation, relatively high computing costs and low validation efficiency. The result of analysis and test shows that our scheme possesses high validation efficiency when it is used to validate signatures signed by the same user. |
PDF Full Text Request