共查询到18条相似文献,搜索用时 140 毫秒
1.
2.
IP组播建立在一个非封闭的传输系统上,为了实现安全组播,除了密钥加密信息,还需要下层的通讯子网提供支持,这样才能彻底实现安全封闭的组播通讯。其中讨论了一些流行的密钥管理框架,密钥更新方案以及用户管理机制。通过这些方案可以防止信息泄漏、Dos攻击、组攻击、伪造信息,从而实现了组播的安全通讯。 相似文献
3.
门限技术在组播密钥管理中的应用 总被引:1,自引:0,他引:1
目前组播协议以其节省带宽等优点被广泛认可,但在安全性和可靠性方面存在着一些问题。针对组播应用中所涉及到的密钥管理问题,提出一种运用动态门限技术和组播安全代理结合的方案,通过构建一个IP组播安全管理系统来实现组播密钥的分发和恢复,进而讨论了由成员加入和退出引起的密钥更新问题,最后针对该系统给出实验测试并讨论了采用此方案引起的更新代价,说明采用该方案可以较好地解决组播应用中的授权管理问题,实现安全组播。 相似文献
4.
5.
6.
7.
针对基于动态身份远程用户认证,可有效防止用户关键信息泄露,保证已认证用户通过授权获取网络服务.针对Wen-Li提出的基于动态身份远程用户认证与密钥协商方案进行安全性分析,指出该方案存在安全缺陷,可能导致泄露用户部分关键信息,进而遭受网络攻击.在保留Wen-Li方案优点基础上提出一种改进的远程用户认证方案,重新设计了认证过程中的会话密钥和密钥确认消息,与Wen-Li方案相比,改进方案能够抵御中间人攻击以及盗窃智能卡攻击,并增强了方案的前向安全性. 相似文献
8.
9.
IP多媒体子系统(IMS)作为3G网络的核心控制平台,其安全问题正面临着严峻的挑战。IMS的接入认证机制的实现作为整个IMS安全方案实施的第一步,是保证IMS系统安全的关键。基于认证和密钥协商(AKA)的IMS接入认证机制是由因特网工程任务组(IETF)制定,并被3GPP采用,广泛应用于3G无线网络的鉴权机制。此机制基于"提问/回答"模式实现对用户的认证和会话密钥的分发,由携带AKA参数的SIP消息在用户设备(UE)和IMS网络认证实体之间进行交互,按照AKA机制进行传输和协商,从而实现用户和网络之间的双向认证,并协商出后续通信所需的安全性密钥对。 相似文献
10.
为了解决BACnet/IP身份认证存在多种可攻击漏洞和密钥泄露带来的安全问题,提出了一种安全增强的BACnet/IP-SA协议认证方案。研究协议身份认证消息流模型,基于着色Petri网理论和CPNTools对身份认证消息流建模,采用Dolev-Yao攻击者模型和形式化分析方法对BACnet/IP进行安全性分析,发现协议漏洞并提出改进方案。BACnet/IP-SA协议使用设备的伪身份来保护真实身份信息,使用PUF响应进行认证,通过多信息集合的验证值来验证端身份的真实性并生成会话密钥。结合BAN逻辑和非形式化方法,对协议的安全性进行了证明。实验结果表明,所提方案能有效抵抗多类攻击和密钥泄露带来的安全威胁,在减少计算开销的同时增强了协议身份认证的安全性。 相似文献
11.
IP组播是一种高效的多目标传输机制.随着网络的发展,组播在网络的应用占据着越来越重要的地位,其应用不断扩展,技术日益成熟.目前,组播作为一个崭新的学术研究领域,在组播路由算法、流量控制、可靠传输等方面的研究已有很多成果,而对于组播安全问题的研究特别是组播通信密钥的研究还很不成熟.本文通过研究绀播通信安全进行深入的研究,对比各种密钥管理方法,研究了可扩展的密钥管理方法.该密钥管理体系采用分层管理结构,采用子管理中心对各个子域进行管理,不仅可以高效地处理组播组成员动态加入和退出,同时,大大减少了密钥管理中心的负担.使该方法可以应用于大型、动态的组播系统.此外,该方法根据现有的网络和组播系统的要求,提出了控制中心由计算机组进行统一调度管理,避免了单点故障的问题,增加了系统的鲁棒性. 相似文献
12.
基于LKH混合树的组播密钥更新方案 总被引:4,自引:0,他引:4
IP组播通信越来越得到广泛的应用,其密钥动态管理是一个值得关注的问题。本文主要对组播密钥更新方案进行分析,并对基于LKH密钥树的更新方案进行了改进。 相似文献
13.
The widespread use of the Internet has led to the problem of intellectual property and copyright infringement. Digital rights management (DRM) technologies have been developed to protect digital content items. Digital content can be classified into static content (for example, text or media files) and dynamic content (for example, VOD or multicast streams). This paper deals with the protection of a multicast stream on set‐top boxes connected to an IP network. In this paper, we examine the following design and architectural issues to be considered when applying DRM functions to multicast streaming service environments: transparent streaming service and large‐scale user environments. To address the transparency issue, we introduce a ‘selective encryption scheme'. To address the second issue, a ‘key packet insertion scheme’ and ‘hierarchical key management scheme’ are introduced. Based on the above design and architecture, we developed a prototype of a multicasting DRM system. The analysis of our implementation shows that it supports transparent and scalable DRM multicasting service in a large‐scale user environment. 相似文献
14.
Satellite networks play an important role in today’s information age because they can provide the global coverage services. Information security is an important concern in satellite multicast communications, where eavesdropping can be performed much easier than the fixed terrestrial networks. In this work, a novel multicast key management scheme based on key hypergraph for satellite networks on a predefined communication scenario is proposed. We use logical key hierarchy and distributed-logical key hierarchy as reference models for performance comparisons. It is shown that the proposed multicast key management scheme is scalable to large dynamic groups and minimizes satellite bandwidth usage. 相似文献
15.
Multicast support for mobile hosts using Mobile IP: Design issues and proposed architecture 总被引:15,自引:0,他引:15
Chikarmane Vineet Williamson Carey L. Bunt Richard B. Mackrell Wayne L. 《Mobile Networks and Applications》1998,3(4):365-379
In this paper, we consider the problem of providing multicast to mobile hosts using Mobile IP for network routing support.
Providing multicast in an internetwork with mobile hosts is made difficult because many multicast protocols are inefficient
when faced with frequent membership or location changes. This basic difficulty can be handled in a number of ways, but three
main problems emerge with most solutions. The tunnel convergence problem, the duplication problem, and the scoping problem are identified in this paper and a set of solutions are proposed. The paper describes an architecture to support IP multicast
for mobile hosts using Mobile IP. The basic unicast routing capability of Mobile IP is used to serve as the foundation for
the design of a multicast service facility for mobile hosts. We believe that our scheme is transparent to higher layers, simple,
flexible, robust, scalable, and, to the extent possible, independent of the underlying multicast routing facility. For example,
our scheme could interoperate with DVMRP, MOSPF, CBT, or PIM in the current Internet. Where differences exist between the
current version of IP (IPv4) and the next generation protocol (IPv6), these differences and any further optimizations are
discussed.
This revised version was published online in June 2006 with corrections to the Cover Date. 相似文献
16.
文章说明IPMulticast 机制是实现Internet 上多方会谈实时通信的一种好方法, 重点介绍Internet 上基于IPMulticast 的多方交谈实时通信的方法、实现过程及关键问题的解决方案, 最后给出实验结果并作了简单的分析。 相似文献
17.
The major challenges of designing multicast traffic control protocols for a combined wired/wireless network are the varying
transmission characteristics (bandwidth, error, and propagation delay) of the wireless and wired media, and the different,
possibly conflicting frame rate requests from multiple sources. To address these issues, in this paper we design and evaluate
new unicast and multicast guaranteed frame rate (GFR) schemes for supporting TCP/IP traffic over a combined wired/wireless
ATM network. We first propose a new, flexible weighted buffer management, and a frame‐based virtual spacing (VS) mechanism
implementing weighted fair queueing. The unicast GFR scheme is based on the integration of the new weighted buffer management,
and either cell‐based or frame‐based VS. It is then extended to support multicast GFR flows. The multicast scheme presented
in this paper is the first multicast GFR scheme appeared in the literature. These schemes are carefully evaluated over several
network configuration, supporting heterogeneous TCP/IP traffic with various frame rates. Simulation results show that the
new schemes guarantee the minimum rates requested, provide excellent fairness, and achieve reasonably high efficiency. The
new schemes may be extended to provide differentiated service in both IP and mobile IP frame work.
This revised version was published online in July 2006 with corrections to the Cover Date. 相似文献
18.
Chin‐Chen Chang Yi‐Fang Cheng Iuon‐Chang Lin 《International Journal of Communication Systems》2009,22(1):53-66
Secure multicasting allows the sender to deliver an identical secret to an arbitrary set of recipients through an insecure broadcasting channel, whereas the unintended recipients cannot obtain the secret. A practical approach for securing multicast communications is to apply a session key to encrypt the transmitted data. However, the challenges of secure multicast are to manage the session keys possessed by a dynamic group of recipients and to reduce the overhead of computation and transmission when the membership is changed. In this paper, we propose a new key management scheme for dynamic multicast communication, which is based on privacy homomorphism and Chinese remainder theorem. Our scheme can efficiently and securely deliver an identical message to multiple recipients. In particular, the complexity of the key update process in our scheme is O(1). Copyright © 2008 John Wiley & Sons, Ltd. 相似文献