论文部分内容阅读
在位置与标识分离的体系结构(LISA)的基础上,提出位置与标识分离的体系结构的网络访问控制机制(LISA-NAC).该机制包括基于标识的访问控制(IBAC)模型和自验证标识.IBAC模型提供了更加精确和高效的网络访问控制,并能适应移动节点的访问控制.自验证标识使得报文接收方可以不依赖第三方认证,直接根据报文携带的信息来验证报文源归属,从而减少标识欺骗的可能性.基于原型系统的实验结果表明,LISA-NAC带来的传输性能下降和系统开销较小,具有可行性.
Based on LISA, a LISA-NAC architecture is proposed to separate location from identity architecture, which includes Identity-Based Access Control (IBAC) model and self-verifying identity .IBAC model provides more accurate and efficient network access control, and can adapt to the mobile node access control.A self-validating identifier makes the message receiver can not rely on third-party authentication, directly according to the message carrying information to verify the message source And reduce the possibility of identity spoofing.The experimental results based on the prototype system show that the LISA-NAC can reduce the transmission performance and reduce the system overhead, which is feasible.