首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到18条相似文献,搜索用时 93 毫秒
1.
为了克服IP组播模型的开放性,使得在现有互联网条件下能够为组播管理者提供用户对频道的访问控制,在原有安全组播模型的基础上,提出了一种基于IPv6网络环境的组播用户安全管理系统模型的设计方案。该方案采用钩子(hook)机制在接入路由器上挂载了认证与访问控制模块,任何想要监听组播流的用户,都要通过该模块进行身份认证与频道访问权限的判定,从而实现了基于频道的组播用户安全管理。并在教育科研骨干网中实验验证了该系统的身份认证和访问控制功能。  相似文献   

2.
多播作为一种能够有效利用网络带宽、提高通信效率的通信机制,正在广泛地被应用于多个领域。传统组播缺乏细粒度的访问控制机制,这给组播的安全及性能带来许多隐患。本文在主动组播的基础上提出一种基于信任管理的访问控制机制,并在此基础上给出了Keynote信任管理系统在安全主动组播中的应用构架。该构架能较好解决传统IP组播中未能解决的组播组成员的访问控制与分布式授权问题,从而提高了IP组播的安全性。  相似文献   

3.
葛瑞海  翟健宏  杨茹 《电脑学习》2012,2(3):48-50,54
为了在IP组播中实现用户身份认证等安全管理,避免IP组播中的不安全因素,提出了一种运用门限技术和椭圆曲线密钥体制相结合的方案,构建一个IP组播服务系统并在其上分层实现了组播密钥的分发与恢复。最后通过实验测试给出了此方案的管理代价,证明了此方案可以很好地实现lP组播应用中的密钥管理,有效地解决了用户身份认证和授权管理问题,实现了安全IP组播。  相似文献   

4.
针对ASM(Any Source Multicast)模式在组播业务中对访问控制机制的不足,讨论基于源特定地址组播SSM(Source Specific Multicast)模式和支持该模式的IGMPv3协议,并在以IPTV部署为应用背景的IPDSLAM系统中实现支持IGMPv3协议的IGMPsnooping功能,初步完成对IPTV源频道(组播业务)的访问控制管理机制。  相似文献   

5.
王剑  曹争 《微机发展》2006,16(7):144-146
组播业务的实施离不开组播安全。文中提出了一种使用会话初始化协议(SIP)作为信令实现安全组播的方法,该方法利用SIP协议身份验证机制、S/MIME加密与签名、会话参数协商能力,提供了组播源和接收者访问控制、组播源认证以及安全通信。该方法具有安全性高、运行稳定、扩展性好的优点,并能轻松移植到IPv6下运行。  相似文献   

6.
组播业务的实施离不开组播安全。文中提出了一种使用会话初始化协议(SIP)作为信令实现安全组播的方法.该方法利用SIP协议身份验证机制、S/MIME加密与签名、会话参数协商能力,提供了组播源和接收者访问控制、组播源认证以及安全通信。该方法具有安全性高、运行稳定、扩展性好的优点,并能轻松移植到IPv6下运行。  相似文献   

7.
作为一种新的组播模型,特定源组播受到学术界越来越多地关注.它解决了传统IP组播组地址冲突、缺乏访问控制等问题,适于单源组播的应用.仿真实验是一种经济有效的网络技术研究方法.NS-2是目前应用较为广泛的网络仿真平台,支持各种网络协议仿真,但是并不支持特定源组播.为此,分析了使用NS-2进行IP组播模拟的实现原理,通过扩展NS-2实现SSM协议的仿真实验.模拟结果显示该仿真实现与SSM的规范相一致.  相似文献   

8.
IP 组播及其在WinSock上的应用   总被引:4,自引:0,他引:4  
文中介绍了IP组播的模型 ,管理、路由协议 ,数据包的转发机制。讨论了WinSock2上实现IP组播的方法。分析了当前组播模型存在的问题  相似文献   

9.
系统地综述了IP组播的基本实现协议,分析组播域内、组播域间和无线移动网的组播路由协议的基本原理和工作性能,并比较不同协议设计实现的主要区别。  相似文献   

10.
多媒体组播协议分析及其实现   总被引:2,自引:2,他引:2  
从IP网络多媒体组播协议体系结构出发,在网络协议,传输协议和应用协议方面,讨论组播协议的特点,功能和实现方法,在传输层讨论RTP/RTCP协议的设计原则,以适用于IP上的视频会议;在应用层讨论设计组播服务器时相关的协议及产品;在网络层由实现了IGMP的路由器组成Mbone,组播用户通过IGMP加入组播组,以达到合理利用网络带宽,并给出实例,组播技术还在继续发展,IGMP协议的V3版IGMPV3在线路由 器的层次上提供了对源路由组播的支持。  相似文献   

11.
In this paper we propose two new enhancements to the SOCKS protocol in the areas of IP multicasting and UDP tunneling. Most network firewalls deployed at the entrance to a private network block multicast traffic. This is because of potential security threats inherent with IP multicast. Multicasting is the backbone of many Internet technologies like voice and video conferencing, real time gaming, multimedia streaming, and online stock quotes, among others. There is a need to be able to safely and securely allow multicast streams to enter into and leave a protected enterprise network. Securing multicast streams is challenging. It poses many architectural issues. The SOCKS protocol is typically implemented in a network firewall as an application-layer gateway. Our first enhancement in the area of IP multicast to the SOCKS protocol is to enable the application of security and access control policies and safely allow multicast traffic to enter into the boundaries of a protected enterprise network. The second enhancement we propose is to allow the establishment of a tunnel between two protected networks that have SOCKS based firewalls to transport UDP datagrams.  相似文献   

12.
In software-defined networks (SDN), most controllers do not have an established control function for endpoint users and access terminals to access network, which may lead to many attacks. In order to address the problem of security check on access terminals, a secure trusted access method in SDN is designed and implemented in this paper. The method includes an access architecture design and a security access authentication protocol. The access architecture combines the characteristics of the trusted access technology and SDN architecture, and enhances the access security of SDN. The security access authentication protocol specifies the specific structure and implementation of data exchange in the access process. The architecture and protocol implemented in this paper can complete the credibility judgment of the access device and user's identification. Furthermore, it provides different trusted users with different network access permissions. Experiments show that the proposed access method is more secure than the access method that is based on IP address, MAC address and user identity authentication only, thus can effectively guarantee the access security of SDN.  相似文献   

13.
IP multicast is best-known for its bandwidth conservation and lower resource utilization. The present service model of multicast makes it difficult to restrict access to authorized End Users (EUs) or paying customers. Without an effective receiver access control, an adversary may exploit the existing IP multicast model, where a host or EU can join any multicast group by sending an Internet Group Management Protocol (IGMP) join message without prior authentication and authorization. We have developed a novel, scalable and secured access control architecture for IP multicast that deploys Authentication Authorization and Accounting (AAA) protocols to control group membership.The principal feature of the access control architecture, receiver access control, is addressed in this paper. The EU or host informs the multicast Access Router (AR) of its interest in receiving multicast traffic using the IGMP protocol. We propose the necessary extensions of IGMPv3 to carry AAA information, called IGMP with Access Control (IGMP-AC). For EU authentication, IGMP-AC encapsulates Extensible Authentication Protocol (EAP) packets. EAP is an authentication framework to provide some common functions and a negotiation of the desired authentication mechanism. Thus, IGMP-AC can support a variety of authentications by encapsulating different EAP methods. Furthermore, we have modeled the IGMP-AC protocol in PROMELA, and also verified the model using SPIN. We have illustrated the EAP encapsulation method with an example EAP method, EAP Internet Key Exchange (EAP-IKEv2). We have used AVISPA to validate the security properties of the EAP-IKEv2 method in pass-through mode, which fits within the IGMP-AC architecture. Finally, we have extended our previously developed access control architecture to accomplish inter-domain receiver access control and demonstrated the applicability of IGMP-AC in a multi-domain environment.  相似文献   

14.
基于IPsec的IPv6安全邻居发现协议   总被引:2,自引:0,他引:2  
为了保证邻居发现协议的安全,通过在邻居发现协议中引入IPSec协议,提出了基于IPSec的安全邻居发现协议模型结构;设计了在邻居组播状态下的密钥交换和管理协议MIKE,并给出了密钥管理的星型结构算法;在AH验证数据中将IP地址与链路层地址绑定,有效的防御IP地址的伪造。该方案与现行的安全邻居发现算法的比较结果表明,该安全模型能够有效地保证邻居发现的安全,并能与IPv6协议无缝连接,进一步提高下一代互联网的安全。  相似文献   

15.
大型动态多播群组的密钥管理和访问控制   总被引:15,自引:0,他引:15  
刘璟  周明天 《软件学报》2002,13(2):291-297
随着因特网用户的急剧增加和因特网不断的商业化,多播技术呈现出极为广阔的应用领域.在国际上,多播是一个崭新的学术研究领域,主要的研究成果集中在多播的路由算法、流量控制、拥塞控制和可靠传输上,多播安全领域的研究成果相对较少(尤其是在组通信密钥管理方面).研究了多播安全机制中的组通信密钥管理和访问控制问题.提出了一种基于子组安全控制器的组通信密钥管理和访问控制方案,该安全方案改进并解决了IOLUS系统和WGL方案中存在的若干问题,简化了访问控制策略,达到了预期的设计目标和要求.  相似文献   

16.
组播技术在面向组的应用中越来越多地使用,但是组播数据源认证问题却一直没有很好的解决方案.IPSec是解决IP层安全问题的协议,目前IPSec协议已经越来越多地用于组播应用中,在对IPSec的安全组播主机系统框架进行研究的基础上,提出了基于一次性签名的组播数据源认证方案,重点解决了组播数据源认证设计的困难,这个方案能够达到组播数据源认证的安全性与性能两个方面的要求,尤其在抗抵赖和计算量两个方面作了改进.  相似文献   

17.
交换式以太网上的多播协议   总被引:15,自引:1,他引:15       下载免费PDF全文
王军  吴志美 《软件学报》2003,14(3):496-502
目前,桌面会议、电子白板和视频广播等多播服务大都运行在局域网环境中,而绝大多数局域网结构,如以太网,都采用广播方式处理多播数据,对多播的支持有限.采用IGMP Snooping的方法,在二层交换机中设计一个基于VLAN和IGMP的多播协议,用于控制交换以太网中不断增长的IP多播流.描述了该协议的基本思想、语法和语义以及一个该协议验证和测试的过程.  相似文献   

18.
IPTV services consist of multiple video channels grouped in bundles, such as sports, movies or generic bundles; users typically subscribe multiple bundles, including the generic bundle. Secure IP multicast can be used to implement IPTV services, but it still has problems to be addressed. Current solutions require high computational power in video channel zapping situations, lack support for groups sourced at the users, and present a weak support for admission control in IP multicast for both sources and receivers in dynamically configured environments.This work proposes a new, secure and efficient IPTV solution that, cumulatively: (a) enforces individual access control to groups of real-time IPTV video channels; (b) enforces IP multicast admission control for both multicast senders and receivers; (c) supports user generated videos; (d) generates low signaling overheads; (e) does not introduce perceivable delays, particularly in video channel zapping situations. Moreover, this solution can be easily integrated in the IPTV architectures being developed by ETSI and ITU-T.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号