Abstract:
Spilt mechanism network cleanly separates the host location from its identity information and it is designed to divide the whole Internet into two parts: the core network and the access network. It can solve the extension and mobility of the Internet. In split mechanism network, when the terminal handoffs in intra-domain, the rapidity and security of the authentication process must be guaranteed. In this paper, combined with trusted computing, an authentication scheme for intra-domain fast authentication based on the split mechanism network is proposed. The proposed scheme can realize the terminal platform authentication and terminal platform integrity verification as well as the user identity authentication. In the proposed scheme, the access switch router uses the token to authenticate the mobile terminal without communicating with the authentication center when the handover occurs in intra-domain. Through comparison with other intra-domain fast authentication schemes from the authentication costs, authentication latency and security, it demonstrates that the proposed scheme is more secure and more effective. It provides identity anonymity and platform anonymity, resists man-in-the-middle attack, anti-replay attack, and ensures key negotiation fairness and one-time pad. Also, the scheme reduces the burden of the authentication centers and it has great advantages over the current schemes.