| Based on SOA(Service Oriented Architecture), SWIM(System Wide Information Management) service architecture is supposed to provide more reliable and efficient information exchange and data sharing for civil aviation information network. Along with it, SWIM is faced with more dangerous security problems, which makes it more inevitable for the development of SWIM core services to deal with the data security and information privacy issues. Thus effective authentication methods should be used to identify the legal users as well as refuse the illegal ones, thus making sure of the legitimacy for users to access the SWIM network and the protection to according resources.Concerning some concrete research on the physical and security architecture of SWIM, along with the underlying protocol and EAP sub-protocol based on Diameter, this paper analysed the applicability for Diameter protocol to the identity authentication of SWIM users. Based upon EAP sub-protocol, this paper revealed security weaknesses existing in standard Diameter/EAP-MD5 and standard Diameter/EAP-TLS authentication method, and then optimized them by proposing an enhanced authentication method respectively.The enhanced Diameter/EAP authentication methods were proposed for identity authentication in SWIM and simulation experiments and security analysis were implemented in a virtual SWIM environment built on the SOA architecture, Linux operating system and opendiameter open source software package. The enhanced Diameter/EAP-MD5 and Diameter/EAP-TLS authentication method can strengthen the system security without sacrificing other performance, thus providing assurance to the construction of SWIM service architecture. |
PDF Full Text Request