《高校校园网二次身份认证的研究与设计》由会员分享,可在线阅读,更多相关《高校校园网二次身份认证的研究与设计(62页珍藏版)》请在金锄头文库上搜索。
1、湖北工业大学硕士学位论文高校校园网二次身份认证的研究与设计姓名:张涛申请学位级别:硕士专业:计算机应用技术指导教师:张颖江20100401湖 北 工 业 大 学 硕 士 学 位 论 文 I 摘 要 信息技术的高速发展让校园网已经成为高校教学和管理中的一个不可缺少的部分,校园网的应用对高校的建设和发展起到了很大的促进作用。校园网良好的运行、网络用户方便有效的管理,是保障高校各项工作正常开展的必要前提之一。 校园网的认证方式在校园网的运行和管理中起到了非常关键的作用。目前高校校园网普遍采用的认证方式都存在接入控制与访问控制不能兼顾、网络稳定与用户有效管理不能兼顾、认证与计费不能兼顾的问题,随着校园
2、网向服务型网络的转型,这些问题的存在让校园网与高校需求之间的矛盾日益突出,阻碍了校园网的健康发展。因此采用一种合理的校园网认证方式以避免出现上述问题对高校校园网的可持续发展有着重要的现实意义。 在校园网中部署认证系统一般有 3 个目的:一是能够严格、准确的判别接入用户的合法身份, “合法身份”是指这个身份是真实的、可识别的、可管理的;二是能对接入用户的上网行为进行一定的管理和控制,这里的“上网行为”包括网络用户访问的网站、从事的网络活动、使用的网络流量等;三是能够对网络用户进行准确的计费,能够提供丰富多样的计费策略。目前高校校园网使用的认证系统都不能完全达到这 3 个目的。 本文首先介绍了高校
3、校园网的发展概况以及校园网网络结构的特点,然后阐述了现阶段高校普遍采用的几种校园网认证方式的原理和过程,指出了这几种认证方式给校园网带来的问题和弊端,说明了校园网二次身份认证在校园网应用和发展中的必要性,并通过对现在有校园网认证方式的特点和弊端的根源性分析,设计了一种校园网二次身份认证的方案。最后通过对二次身份认证系统与传统认证系统的综合性能分析和比较可以得出, 802.1x 认证+集中式身份认证这种二次认证方式是一种比较理想的高校校园网认证方式,它能达到在校园网使用认证系统的 3 个目的,满足了校园网管理的需求,改进和优化了高校校园网的管理,能够有效保障校园网的良好运行,从而为高校校园网向服
4、务型网络转变打下了基础。 关键词:关键词: 802.1x 认证,集中式身份认证,二次身份认证,出口控制网关 湖 北 工 业 大 学 硕 士 学 位 论 文 II Abstract The rapid development of information technology has made campus network become an indispensable part of university teaching and management, and the application of campus network plays a great promoting effect f
5、or the construction and development of university. Good operation of campus network and convenient and effective management of users are a part of prerequisites to ensure the normal operation of works of university. The authentication method of campus network plays a key role in the operation and ma
6、nagement of campus network. At present, the authentication method generally adopted by campus network of university has such problems as failure to consider admission control and access control, to consider network stabilization and effective management of users and to consider authentication and bi
7、lling at the same time. Along with the transformation of campus network to service-oriented network, the existence of these problems makes the conflicts between campus network and university demand more obvious, which hampers the healthy development of campus network. Therefore, it is of important p
8、ractical significance for the sustainable development of campus network of university to adopt a reasonable campus network authentication method to avoid above-mentioned problems. There are generally three purposes to deploy authentication system in campus network. Firstly, it can judge the legal id
9、entity of access users strictly and correctly. Legal identity means that the identity is true, recognizable and administrable. Secondly, it can administrate and control the online behavior of access users to a certain extent. The online behavior includes the website accessed by network users, the on
10、line activities done by network users and then network flow used by network users. Thirdly, it can carry out accurate billing for network users and provide various billing strategy. However, the authentication system adopted by campus network of university can not achieve these three purposes totall
11、y. The paper introduces the development of campus network of university and the structure and characteristics of campus network firstly. Then it states the principle and process of several authentication methods of campus network generally adopted by university at this stage and points out the probl
12、ems and shortcomings brought by these authentication methods to campus network. It also indicates the necessity of double identity authentication in the application and development of campus network and designs a program of double identity authentication of campus network through a root cause analys
13、is into the characteristics and shortcoming of the authentication methods of existing campus network. Finally, the paper makes a conclusion that the double authentication method with the combination of 802.1x authentication and concentrated identity authentication is an ideal authentication method o
14、f campus network of university through the analysis and comparison of the comprehensive performance of 湖 北 工 业 大 学 硕 士 学 位 论 文 III double identity authentication system and traditional authentication system. It can achieve three purposes of adopting authentication system in campus network, meet the
15、requirements of campus network management, improve campus network of university management and guarantee the good operation of campus network effectively to lay a foundation for campus network of university to transform to service-oriented network. Keywords: 802.1x authentication, concentrated ident
16、ity authentication, double identity authentication, the gateway of export control 学位论文原创性声明和使用授权说明 原创性声明原创性声明 本人郑重声明:所呈交的学位论文,是本人在导师指导下,独立进行研究工作所取得的研究成果。除文中已经标明引用的内容外,本论文不包含任何其他个人或集体已经发表或撰写过的研究成果。对本文的研究做出贡献的个人和集体,均已在文中以明确方式标明。本声明的法律结果由本人承担。 学位论文作者签名: 日期: 年 月 日 学位论文版权使用授权书学位论文版权使用授权书 本学位论文作者完全了解学校有关保留、使用学位论文的规定,即:学校有权保留并向国家有关部门或机构送交论文的复印件和电子版,允许论文被查阅和借阅。本人授权湖北工业大学可以将本学位论文的全部或部分内容编入有关数据库进行检索,可以采用影印、缩印或扫描等复制手段保存
