| With the continuous development of network information technology,computing methods have developed rapidly.Most calculations were based on client computers in the past,while the current calculations are based on networks.In this situation,network security has become the focus.High requirements are put forward for network security in many industries and departments,such as military industry,financial industry and government departments.The business logic involved in these industries is very complex and requires very high reliability and confidentiality.Information security level protection is a very effective strategy to improve intranet security,and trusted computing provides necessary technical support for this.For trusted computing technology,network equipment access authentication is a very important front-end and key part,which has a profound impact on intranet security.The network equipment access protocol proposed in this thesis has extremely high credibility.It introduces a trusted module to package the information of equipment startup on the authentication server,so as to be able to authenticate the equipment.The user’s identity information is bound well so as to carry out second identity authentication.In this way,the user identity and equipment can have extremely high credibility.The network equipment configured with the trusted module can have a trusted network access mode.The details of this thesis are as follows.(1)Design a prototype system of security network based on trusted computing framework and related technologies.Based on Ternary Peer-to-Peer Model of the trusted link structure,the access control mechanism and authorization mechanism of the internal network are optimized.The access control module of storage device and server authentication module are applied to improve the security of the system by means of trusted computing technology.Even if the server is hacked,the stored data cannot be accessed by the hacker,thus improving the security of the stored data.(2)An authentication protocol is designed for server-side devices and remote users.The security of this protocol is analyzed by the security protocol tool set AVISPA and BAN predicate logic reasoning.(3)The implementation process of the protocol in the prototype system is discussed in detail.The performance of the protocol is analyzed from the perspectives of time and space.The protocol designed in this thesis has good security,versatility and very low cost.The prototype system designed in this thesis has been applied in many special departments,such as the army and the government,to improve the security of user data storage. |
PDF Full Text Request