【作者】 霍英；

【导师】 张小真；

【作者基本信息】 西南师范大学 ， 计算机应用技术， 2001， 硕士

【摘要】 Internet网络的兴起推动了整个世界信息产业的飞速发展，但同时也给网络服务的提供者（ISP）们提出了一个无法回避的问题，即如何保证远程访问的网络安全。 远程访问控制的安全包含三方面的内容：认证（Authentication）、授权（Authorization）、记帐（Accounting），现在人们常常将它们称作为“3A”或“ AAA”，已成为网络安全策略研究的重要部分，并用于各种网络的安全设计中。 传统的AAA主要用于局域网和校园网当中，应用面窄，满足不了大型ISP业务的需求；电信部门虽然在广域网上采用了AAA技术，但主要是用在PSTN网上；基于Internet的AAA问题的研究甚少，在实用系统的开发上更是力量薄弱。针对上述情况，我们进行了基于Internet的远程访问控制安全中AAA问题（以下简称AAA问题）的研究。 文中首先对AAA问题所涉及的相关内容进行了研究：首先对Internet上信息服务的基本工作环境——分布式系统进行了介绍，对Internet上超大容量数据的有关问题进行了探讨，然后着重对Internet远程访问控制的安全性进行了研究，并对实现远程访问控制的安全提出了下述措施： 1．在认证过程中，提出了对传统的抵御报文重播方法的一种改进措施， 2．设计了一种新的一次性口令鉴别协议。 3．提出一种新的授权证书来实现分布式的访问控制。 在上述工作的基础上，进一步对AAA问题的相关技术进行了探讨，提出了一个基于Internet的远程访问控制的AAA模型（I3A-1模型），对其功能、工作流程及关键问题分别做了详细阐述，并在记帐问题上，提出利用两套不同的数据采集和计费采集系统（一套是利用I3A-1模型本身的接入服务器和认证服务器来进行，另一套是直接利用电信部门的固有设备。）所采集的数据分别进行记帐并核对，达到计费的准确和实时高效，从而充分利用两者的优势达到互补。 最后，将I3A-1模型在联想集团的计费项目LegendAAA中进行了实际应用。通过实践的验证，说明运用模型及有关方法解决互联网上信息系统中的远程访问控制安全问题是可行的。本文所做的工作对ISP在灵活定制计费策略，安全、准确地进行计费工作上也起到了积极作用，同时对Internet上远程访问控制安全问题的解决也具有一定的理论和实用价值。 随着Internet网上应用的推陈出新，与其相关的AAA技术也在日新月异地不断变化。今后我们还将进一步将应用系统记帐功能完善、细化，改进目前应用系统，使其能够应用于多种平台上，并进一步完善模型，逐步将其应用于移动网络领域。更多还原

【Abstract】 The appearance of Internet has promoted the development of world’s information industry. But at the same time , it brings Internet Service Provider (ISP) an unavoidable problem that is the security of remote access. The control of remote access includes three aspect: authentication, authorization and accounting, which are often called “3A”or “AAA” It has become an important part of the strategy research of the network’s safety design. The traditional AAA primarily is used in Local Area Network (LAN). It’s limited application can’t satisfy the need of the large scale ISP. Although telecom departments have used the technology of AAA , they mainly have used it in PSTN. There have little research on Internet?s AAA problem, and especially in the development of application system. In the light of these, we researched the AM problem based on the control of remote access in Internet. In this article, some points about MA are discussed. First the essential working environment of information service in Internet -distribution system is introduced. Some problems of large capacity data in Internet are presented. Then the security of the remote access in Internet are researched. And some measures of the security of remote access in Internet are advanced: 1. Providing a new measure to prevent the replay of message. 2. Designing a new protocol-OTPAP( One Time Password Authentication Protocol) 3. Presenting a new certification of authorization to realize the distributive access control. Based on the research of these, we farther research some technology about AAA problem, give a AAA model based on the control of remote access in Internet-I3A-1, and introduce the model’s function, operational process and key problem. And in the problem of accounting, we put forward a way of using two sets of data to check the accounts (One comes from telecom department, and the other comes from I3A-1 model) to secure accounts’ accuracy and real time process. In the end, we use the I3Al model in LegendAAA system, Legend Group’s accounting project. Through the practice we prove that the use of I3A-1 model in thecontrol of remote access in Internet is operable, and the I3A-1 model play an important role in promting the development of ISP. With the development of Internet, the relevant technology of AM will be changing day by day. In the future, we will improve the application system to equip it with more function, and perfect the model to be applied in the field of mobile network step by step.更多还原