基于协同地址碰撞的隐蔽认证方法-计算机科学.PDFVIP

第 43 卷第9 期 计算机科学 Vo1. 43 No.9 2016 年 9 月 Computer Science Sep 2016 基于协同地址碰撞的隐蔽认证方法 曹旭祝跃飞费金龙 (信息工程大学数学工程与先进计算国家重点实验室 郑州 450002) 摘 要 云计算的兴起不可避免地带来了一些安全问题，服务资源的非授权访问就是其中的一个重要威胁。对此，基 于 IPv6 地址的新特性，提出一种协同地址碰撞技术，即待认证节点通过多个协同节点的配合，向关键主机所在网络发 送在 IP 地址接口标识部分隐含认证秘密的数据包，以实现对节点的隐蔽认证。理论和实验分析结采表明，该方案可 有效提高网络的安全性。 关键词 云计算，IP词，地址碰撞，通信认证 中圄法分类号 TP393.08 文献标识码 A DOI 10. 11896/j. issn. 1002-137X. 2016. 9. 034 Cooperative Address Knocking ßased Covert Authentication CAO Xu ZHU Yue-fei FEI Jin-long (State Key Laboratory of Mathematic Engineering and Advanced Computing ,Information Engineering University ,Zhengzhou 450002 ,China) Abstract With the development of cloud computing , it is inevitable that many security problems arise. Unauthorized service access is one of the most important threats. Based on the new features of IPv6 address ,we proposed a new net work security technique called cooperative address knocking ,which can be seen as an undetectable authentication. It is a form of host-tσhost communication which relies on deliberate communication attempts from some cooperative nodes. These connection attempts are monitored by a daemon which interprets the interface identifier of destination IP addres ses as information. The theoretical and empirical analysis demonstrate that CAKCA scheme can effectively conduct un detectable authentication and prevent the exposure of existence of the important host. The theoretical analysis and simu lation results show that the proposed scheme can effectively improve the level of network security. Keywords Cloud computing ,IP词，Address knocking