Multi-level secure tunnel establishment protocol and its security analysis

Computer Engineering and Applications ›› 2012, Vol. 48 ›› Issue (20): 117-122.

Previous Articles Next Articles

Multi-level secure tunnel establishment protocol and its security analysis

CAO Lifeng1, CHEN Xingyuan1, DU Xuehui1, WANG Huaipeng2

1.Institute of Electronic Technology, the PLA Information Engineering University, Zhengzhou 450004, China
2.The PLA Air Defense Forces Command Academy, Zhengzhou 450001, China

Online:2012-07-11 Published:2012-07-10

一个多级安全通道建立协议及安全性分析

曹利峰1，陈性元1，杜学绘1，王怀鹏2

1.解放军信息工程大学电子技术学院，郑州 450004
2.解放军防空兵指挥学院，郑州 450001

Abstract

Abstract: This paper analyzes the characteristics of classified information system, and puts forward a secure tunnel establishment protocol in classified network. The protocol establishes the relation of communication among different classified or level information systems by coalition, and according to virtual subject and mapping rules of secure label, it accomplishes authorization of subject and overcomes the heterogeneous of secure label in different information systems, moreover, multi-level secure tunnel established by the protocol may insulate different level information. It extends the method of secure protocol analysis based on strand space, and analyzes security of the protocol on authentication, confidentiality, integrality and so on.

Key words: classified security protection, Multi-Level Secure（MLS）, secure tunnel, virtual subject, strand space

摘要： 在研究等级化信息系统特点的基础之上，给出了一个等级化网络环境下安全通道建立协议LTEP，该协议通过联合机制确立了不同等级、不同敏感级的信息系统间通信关系，依据虚拟主体转换以及安全标记映射规则，实现了不同等级信息系统内通信主体的授权，克服了安全标记的异构性问题，而且协议所构建的多级安全通道能够有效地实现不同敏感级别信息传输的相互隔离。拓展了基于串空间的安全协议分析方法，从认证性、机密性、完整性等几个方面对LTEP 协议进行了安全性分析。

关键词: 等级保护, 多级安全, 安全通道, 虚拟主体, 串空间

CAO Lifeng1, CHEN Xingyuan1, DU Xuehui1, WANG Huaipeng2. Multi-level secure tunnel establishment protocol and its security analysis[J]. Computer Engineering and Applications, 2012, 48(20): 117-122.

曹利峰1，陈性元1，杜学绘1，王怀鹏2. 一个多级安全通道建立协议及安全性分析[J]. 计算机工程与应用, 2012, 48(20): 117-122.

[1]	LI Qian1, WANG Zheng1, MA Jianfen1, LI Na2. Lightweight mobile payment protocol fairness analysis [J]. Computer Engineering and Applications, 2018, 54(19): 82-87.
[2]	CAO Lifeng1, LI Haihua2, DU Xuehui1, CHEN Xingyuan1. Research on binding of secure label based on unified description of information object [J]. Computer Engineering and Applications, 2017, 53(9): 103-110.
[3]	YU Lei1, WEI Shimin1, ZHUO Zepeng2. Research on consistence of strand parameters for protocol principals in authentication test theory [J]. Computer Engineering and Applications, 2015, 51(13): 86-91.
[4]	YU Lei, WEI Shimin. Analysis on properties for principals’ keys on construction of test components [J]. Computer Engineering and Applications, 2013, 49(6): 114-117.
[5]	YU Lei, WEI Shimin. Security analysis of mutual-authentication cryptographic protocol in network management [J]. Computer Engineering and Applications, 2012, 48(4): 94-96.
[6]	CAO Lifeng，CHEN Xingyuan，DU Xuehui，XIA Chuntao. Access control mechanism of multi-level network based trust evaluation [J]. Computer Engineering and Applications, 2011, 47(34): 86-89.
[7]	DENG Fan，DENG Shaofeng，LI Yifa. Provable secure authenticated key exchange protocol under standard model [J]. Computer Engineering and Applications, 2011, 47(13): 106-109.
[8]	LI Ting-yuan1，2，QIN Zhi-guang1，LIU Xiao-dong2，ZHANG Xuan-fang2. Formal analysis of Needham-Schroeder protocol with authentication test methods [J]. Computer Engineering and Applications, 2010, 46(19): 100-102.
[9]	MA Yu-chi，ZHAO Yuan，DENG Yi-qun，LI Yi-fa. Trusted computing platform login authentication scheme based on CPK [J]. Computer Engineering and Applications, 2010, 46(1): 90-94.
[10]	ZHANG Yan，WANG Ze. Improved method of enhancing EAP-AKA protocol security [J]. Computer Engineering and Applications, 2009, 45(28): 96-98.
[11]	^{KONG Juan，CAO Li-pei} . Formalized analysis for authentication test model of TLS [J]. Computer Engineering and Applications, 2009, 45(23): 100-103.
[12]	GUO Yu-yan¹,WEI Shi-min²,ZHUO Ze-peng³. Analyzing model of amended wireless authentication protocol SSM [J]. Computer Engineering and Applications, 2009, 45(1): 129-130.
[13]	DING Meng-wei,ZHOU Qing-lei,ZHAO Dong-ming. Strand space model of Yahalom-Paulson protocol and its analysis [J]. Computer Engineering and Applications, 2008, 44(22): 97-99.
[14]	ZHAO Hui，LI Ming-chu，WANG Zhi-hui. New formal verification method of grid security protocols based on virtual organization [J]. Computer Engineering and Applications, 2007, 43(24): 117-122.
[15]	WANG Peng，LI Xie-hua，LU Song-nian. Formal analysis of EAP-AKA protocol based on authentication tests [J]. Computer Engineering and Applications, 2007, 43(15): 157-159.

Multi-level secure tunnel establishment protocol and its security analysis

一个多级安全通道建立协议及安全性分析

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics