您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2014, Vol. 49 ›› Issue (11): 82-88.doi: 10.6040/j.issn.1671-9352.2.2014.140

• 论文 • 上一篇    下一篇

企业级无线局域网可信域间访问控制方案

吕盟, 刘哲, 刘建伟   

  1. 北京航空航天大学电子信息工程学院, 北京 100191
  • 收稿日期:2014-06-24 修回日期:2014-10-17 出版日期:2014-11-20 发布日期:2014-11-25
  • 通讯作者: 刘建伟(1964- ),男,博士,教授,研究方向为密码学、网络安全. E-mail:liujianwei@buaa.edu.cn E-mail:liujianwei@buaa.edu.cn
  • 作者简介:吕盟(1989- ),男,硕士研究生,研究方向为密码学、网络安全. E-mail:lvmeng11@hotmail.com
  • 基金资助:
    国家自然科学基金资助项目(61272501)

A trusted inter-domain access control scheme for enterprise WLAN

LÜ Meng, LIU Zhe, LIU Jian-wei   

  1. School of Electronics and Information Engineering, Beihang University, Beijing 100191, China
  • Received:2014-06-24 Revised:2014-10-17 Online:2014-11-20 Published:2014-11-25

PDF (PC)

815

摘要: 无线局域网(wireless LAN, WLAN)是移动办公网络的重要组成部分,但因其缺乏平台完整性验证机制及有效的域间访问控制机制,致其难以安全高效地支持更多新业务的应用及推广.提出了一种新型企业WLAN访问控制方案,结合可信平台模块及属性基访问控制思想,将信任链扩展至WLAN域间,并在域间切换过程中实现基于用户属性的细粒度访问控制,确保企业网络安全、可信.

关键词: TPM, 细粒度访问控制, 移动办公, 属性基加密, 信任链传递

Abstract: WLAN has been an essential technology for enterprise Network. However, because of the lack of platform integrity verification mechanism and effective inter-domain access control mechanism, it is difficult to efficiently support emerging applications such as mobile cloud storage.A novel TPM-based WLAN access control scheme was proposed which uses TPM and Attribute-based access control to extend the trust chain from platform to the whole enterprise network and perform fine-grained access control, which ensure that the enterprise WLAN is secure and trusted.

Key words: TPM, fine-grained access control, attribute-based encryption, trust chain, mobile office

中图分类号: 

  • TP393
[1] 张焕国, 赵波.可信计算[M]. 武汉:武汉大学出版社, 2011. ZHANG Huanguo, ZHAO Bo. Trusted computing [M]. Wuhan: Wuhan University Press, 2011.
[2] 张焕国, 陈璐, 张立强. 可信网络连接研究[J]. 计算机学报, 2010, 33(1):706-717. ZHANG Huanguo, CHEN Lu, ZHANG Liqiang. Research on trusted network connection[J]. Chinese Journal of Computers, 2010, 33(1):706-717.
[3] TPM T C G. Main part 1 design principles specification version 1.2[EB/OL].[2014-02-08]. http://www.trustedcomputinggroup.org.
[4] Tusted Computing Group. Trusted network connect architecture for interoperability [EB/OL]. [2014-01-25].http://www. trustedcomputinggroup.org/.
[5] 池亚平, 杨磊, 李兆斌, 等. 基于EAP-TLS的可信网络连接认证方案设计与实现[J]. 计算机工程与科学, 2011, 33(4):8-12. CHI Yaping, YANG Lei, LI Zhaobin, et al. Design and implementation ofan authentication scheme for trustednetwork connection based on EAP-TLS[J]. Computer Engineering & Science, 2011, 33(4):8-12.
[6] XIAO P, HE J, FU Y, et al. Mutual access authentication in wireless wearable networks based on trusted platform module[J]. Journal of Convergence Information Technology, 2012, 7(7):148-156.
[7] 马卓, 马建峰, 杨超, 等. 无线环境下的可信网络连接协议[J]. 北京工业大学学报, 2010, 36(5):577-581. MA Zhuo, MA Jianfeng, YANG Chao, et al. Trusted network connect protocol for wireless environment[J]. Journal of Beijing University of Technology, 2010, 36(5):577-581.
[8] LI Guoqin, JIANG Yu, HU Aiqun. Study on application of TNC technology in mobile office[C]// Proceedings of International Conference on Multimedia Information Networking and Security (MINES). Los Alamitos: IEEE Computer Society, 2010: 799-803.
[9] JIANG Yi, LV Weike, LIU Xiangbin. Research of trust chain improvement technology[C]// Proceedings of 2010 International Conference on Networks Security, Wireless Communications and Trusted Computing. Los Alamitos: IEEE Computer Society, 2010: 294-297.
[10] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]// Proceedings of IEEE Symposium on Security and Privacy(SP'07). Los Alamitos: IEEE Computer Society, 2007: 321-334.
[11] BETHENCOURT J, SAHAI A, WATERS B.Thecpabe toolkit[EB/OL].[2014-01-25].http://acsc.csl.sri.com/cpabe/.
[1] 黄宇晴,赵波,肖钰,陶威. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报(理学版), 2017, 52(6): 69-75.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发