基于局域网DHCP系统下的用户认证新方法的研究

发布时间：2018-06-24 19:53

本文选题：身份认证 + 局域网　；参考：《北京邮电大学》2014年硕士论文

【摘要】：美国的“棱镜计划”被曝光之后,网络安全的问题更加成为了国家政府企业关注的焦点,同时随着互联网和智能终端的发展人们也越来越依赖于互联网了。因此加强其上网时的安全性越来越受到人们的重视。身份认证则是网络安全的第一道闸门。因为访问权限的控制、信息的加密等网络安全方面的技术,都是在安全的认证基础上的。如果不是这样的话攻击者捏造或者冒用的合法的用户身份,那么其他的安全举措都会变成无用的了。局域网DHCP环境下的用户上网认证已经广泛应用于公司企业,学校等局域网环境。也正是因为应用的十分广泛所以针对该系统认证时的攻击窃取用户的认证信息的行为也很多,给用户带来了安全隐患,造成了的损失。尽管人们为了用户的安全采取了一些方法,但是还是会存在些不足。而本文试图解决这些存在的问题。本文作者以自己在实习公司所做用户认证方面的工作并结合理论知识,针对目前基于局域网DHCP系统下的用户上网认证存在的问题,提出了自己的改进方法,提出了基于四元组认证的新方法。使得用户在认证过程中更加的安全,同时认证更加的便捷,并且节约建网成本。本文进行了以下几个方面的工作。 1.调研了目前国内外在局域网用户认证方面的研究现状。介绍了目前局域网用户认证的相关标准协议和方法,并且对各种方法优缺点进行的对比。分析了它们存在的安全性漏洞。 2.提出了局域网DHCP环境下基于四元组认证的方法。重点阐述了基于四元组认证的原理,系统设计方法,所要达到的目标。系统总体的框架,各个模块工作的流程。 3.最后对基于四元组认证的主要功能进行了测试验证。结果表明基于四元组的认证方案实现了用户安全的上网认证,因为在认证过程中会产生非固定的因子而且每一次认证都不同,这样就抵挡了诸如重放攻击、假冒攻击等的一些网络攻击手段,从而在安全性方面更加的安全,同时认证过程中不需要传送密码,这样也护卫了用户的隐私,同时还节约了用户的建网成本。
[Abstract]:With the exposure of the Prism Project in the United States, the issue of network security has become the focus of national government enterprises, and with the development of the Internet and intelligent terminals, people have become more and more dependent on the Internet. Therefore, people pay more and more attention to strengthening the security of their Internet access. Identity authentication is the first gate of network security. Access control, information encryption and other network security technologies are based on secure authentication. If this is not the case, the attacker will fabricate or falsely use the legitimate user identity, then other security measures will become useless. User authentication under LAN DHCP environment has been widely used in enterprises, schools and other LAN environments. It is also because of the wide application of the system authentication attacks to steal user authentication information behavior is also a lot of, to the user security risks, resulting in losses. Although people take some methods for the safety of users, but there are still some shortcomings. This paper tries to solve these problems. Based on his work in the field of user authentication and theoretical knowledge, the author puts forward his own improvement method in view of the problems existing in user authentication based on LAN DHCP system. A new method based on quaternion authentication is proposed. Make the user in the authentication process more secure, at the same time authentication more convenient, and save the cost of network construction. This article has carried on the following several aspects of work. 1. The current situation of local area network user authentication at home and abroad is investigated. This paper introduces the current standard protocols and methods of LAN user authentication, and compares the advantages and disadvantages of these methods. Analyzed their security vulnerabilities. 2. 2. A method based on quaternion authentication in local area network (LAN) DHCP environment is proposed. The principle of quaternion authentication, the method of system design and the goal to be achieved are expounded. The overall framework of the system, each module work flow. 3. Finally, the main functions based on quaternion authentication are tested and verified. The results show that the authentication scheme based on quaternion realizes the secure authentication of users online, because there are non-fixed factors in the authentication process and each authentication is different, so the authentication scheme can resist the attack such as replay. Some network attack methods such as fake attacks are more secure in the security aspect, at the same time, the authentication process does not need to transmit the password, which also protects the user's privacy and saves the user's network construction cost.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP393.1

【参考文献】