| With the rapid development of the Internet,the number and scale of network users are increasing,and the importance of network security is becoming more and more important.The traditional Internet is relatively weak in security and lacks credible foundations,making secure issues such as forgery and fraud.The traditional Internet builds credible foundations by public key infrastructure,but the complexity and cost of deploying public key infrastructure is large.Besides,cross-domain public key infrastructure collaboration is more difficult.In order to solve these problems,secure transmission mechanisms are proposed under the framework of Smart Collaboration Network,which is more lightweight than complex PKI and is conducive to improving network security.In this paper,secure transmission scheme is built on self-certified identifiers as the design of access authentication,end to end secure transmission,and identity tracing mechanism.In the aspect of access authentication,compared to the traditional Internet certificate authentication,the way based on self-certified identifiers is more convenient;for end to end secure transmission,the traditional Internet firstly establishs secure connection,then the content of transmission,the design of end to end secure transmission mechanism based on transmission content size and privacy takes different method;for identity tracing,the traditional Internet routing process pays more attention to the destination address,so the identity tracing is difficult,since this paper prove that the construction of traceability system of identity is convenient.This paper firstly summarizes the overall architecture of Smart Collaboration Network,and introduces the main packet format and the transmission mechanism of the data packet.Secondly,this paper introduces secure transmission mechanism based on self-certified identifications.The design scheme of secure transport mechanism includes access authentication mechanism,identity traceability mechanism and end to end secure transmission mechanism.The access authentication mechanism relies on the identity authentication system,so the design of the identity authentication system is introduced.The identity traceability mechanism relies on the identity traceability system,and also introduces the design of the identity traceability system.The end to end secure transmission mechanism is deployed at the terminal level.For the end to end secure transmission mechanism,how to establish secure connection between end to end,end to end key agreement and end to end security connection reuse are also introduced in detail.Finally,it is deployed in the CoLoR to perform functional verification and performance test for secure transmission protocol based on self-certified identifiers.Functional verification includes access authentication,tracing identity and end to end secure transmission.The performance test includes the time overhead of authentication system,the time overhead of the identity traceability system and the delay of end to end to establish the secure connection.By deploying the secure transmission mechanism based on self-certified identifiers in the prototype system,the feasibility of the mechanism is proved,and the security of the network architecture is improved. |
PDF Full Text Request