【摘要】 网络层安全体系框架IPSec(IP Security)在报文信息安全模型基础上提供了基于密钥的报文源验证服务。针对该服务存在的一些不足,在面向网络基础设施的安全模型基础上,提出一种网络层身份验证机制,利用机制中设计的身份标识协议和报文源身份验证机制,可保证通信实体的合法性,提供可靠的基于IP地址的报文源验证服务和基于通信实体特征信息的密钥协商机制。最后通过测试实验,阐述新机制具有的功能和性能。更多还原

【Abstract】 Existing network security framework IP Security(IPSec) proposed for information security model offers data origin authentication service based on common keys in IP layer.To tackle the deficiency of the service,a kind of authentication mechanism is proposed on the basis of network security model facing to network infrastructure..Making use of the identity label protocol and message origin authentication mechanism designed in the authentication mechanism,they can guarantee the legitimacy of the communication entities,offer a credible data origin authentication service based on IP addresses and provide key agreement mechanism based on the characteristic information of the entities.Finally,The functions and the performance of the new mechanism are illustrated by results.更多还原