Research On Trusted Connection Protocol Between Networks Based On Trusted Connect Architecture

With the rapid development of the "Internet Plus" applications and the Industrial Internet,the global manufacturing is increasingly relying on network infrastructure and information systems.In the process of comprehensively deepening the integration of advanced manufacturing industry and the internet,the Industrial Internet provides a platform for the integration and optimization of industrial production methods,organizational methods,and manufacturing models.Security is the precondition and guarantee for the healthy development of the Industrial Internet platform.Establishing a reliable and secure network communication environment has become an urgent problem to be resolved.Trusted network connection technology based on the trusted computing technology completes the identity authentication and integrity measurement to the terminal when the terminal accesses the network,and verifies the credibility of the platform.According to the analysis of the mature Trusted Network Connection(TNC)and Trusted Connect Architecture(TCA),the TNC only authenticates the terminal unidirectional and there is a flaw that it cannot resist impersonation attacks and replay attacks,and the TCA implements a bidirectional peer-to-peer trusted authentication process between the terminal and the network,which solves the defect of the TNC.However,both TNC and TCA can only perform a trusted evaluation to the terminal into the network and cannot solve the trusted authentication problem for the network interconnection.Based on the trusted connection technology and guided by the idea of TCA,a fourelement architecture suitable for trusted authentication between networks is proposed by horizontal scaling,and the Trusted Connect Architecture Supporting Network Interconnection(TCA-SNI)is designed.The protocol holds the characteristics of twoway four-factor trusted authentication and multi-level trusted authentication.It accomplishes the trusted interconnection authentication process through three stages: trusted access to the terminal,trusted connection between networks,and the in-depth authentication to the terminal.In order to verify the security of the TCA-SNI protocol,an extended SVO logic system is used to perform logical inference analysis,and the TCA-SNI protocol is tested based on the Dolev-Yao attacker model.Depending on the results of analysis and test,TCA-SNI protocol achieves the predefined security goals in logic analysis and security testing.It proves that the protocol is secure and reliable,and can resist attacks in real networks.Based on the workflow of TCA-SNI protocol,this paper implements an access client,an access control and a policy server,and establishes a network interconnection experiment environment.According to the results of the access test and performance test to the TCA-SNI protocol,the effectiveness and availability of the protocol are demonstrated,which solves the trusted authentication problem in network interconnection scenario.