形式描述技术在通信协议安全分析中的应用

讨论在通信协议安全分析中形式描述技术的使用方法。重点研究在协议模型的基础上建立层次化的协议攻击行为模型的方法,对所建模型进行形式化验证和脆弱性分析,根据验证和分析结果提出防护措施,设计安全方案。给出Petri网建模实例,提出形式描述技术在通信协议安全分析中的一些其他应用。     

The design and implementation of a session layer for delay-tolerant networks

The DTN architecture is based around sender-initiated unicast communication that is insufficient or inconvenient to meet the needs of many applications. To address these limitations, we define a DTN session layer and associated extensions to the DTN bundle protocol that more naturally support receiver-driven applications and multicast communication. Within a session, we provide mechanisms allowing applications to convey ordering relationships between successive transmissions that can be used by the network to help ensure a distributed application’s delivery ordering expectations are met. We also extend the bundle protocol’s expiration procedures to support more efficient network utilization by allowing in-network deletion of obsolete messages. We present the design rationale and describe our implementation of these mechanisms and discuss their advantages in meeting the needs of several popular types of applications.     

基于输入/输出动作的协议形式化描述和测试用例生成方法

通信协议的形式化描述及在其基础之上的协议测试用例生成,一直是协议工程的重要研究内容。为此尝试将RSL引入协议形式化描述：首先探讨了一种基于输入/输出动作模型的协议形式化描述方法;随后对基于RSL描述的协议测试技术展开了讨论,提出了一种基于输入/输出动作的协议测试序列生成法则以及基于此法则的测试用例生成方法,并对使用该方法生成的测试用例的性质进行了讨论。     

On the secure implementation of security protocols

We consider the problem of implementing a security protocol in such a manner that secrecy of sensitive data is not jeopardized. Implementation is assumed to take place in the context of an API that provides standard cryptography and communication services. Given a dependency specification, stating how API methods can produce and consume secret information, we propose an information flow property based on the idea of invariance under perturbation, relating observable changes in output to corresponding changes in input. Besides the information flow condition itself, the main contributions of the paper are results relating the admissibility property to a direct flow property in the special case of programs which branch on secrets only in cases permitted by the dependency rules. These results are used to derive an unwinding theorem, reducing a behavioural correctness check (strong bisimulation) to an invariant.     

VoIP通信协议IAX与SIP协议互通机制的研究与实现

IAX作为一种轻量级和低带宽消耗的VoIP通信协议日益得到关注。在实际部署过程中,必须解决IAX与SIP协议的互通问题。文中从注册和接入认证机制,呼叫流程与SIP协议的映射对照,以及语音帧(MINIFRAME)和RTP/RTCP的转换等方面,详细分析了IAX与SIP协议互通中的难点问题并给出了具体的解决方案。     

一种适用于局网的传输协议及其形式描述

本文研讨局部网络的传输协议及其形式描述技术。文中论述了局部网络建立传输层的必要性和可能性。讨论了局部网络体系结构中的传输层、传输服务和传输协议的设计、给出了该传输协议的一种基于有限状态自动机的形式描述，并通过可达树对该协议的正确性进行了验证。     

IMS基本探讨TP3-0

IMS,IP多媒体子系统,为下一代网络用户服务提供强大的会话和服务体系结构平台。简要回顾了IMS的发展历程;详细介绍了IMS的体系结构,阐述了IMS机构的三层:应用层、会话控制层、传输与端点层的基本技术与功能;从兼容性、管理、安全三个方面分析了IMS的特点.;展望未来IMS的应用前景。     

Improving the efficiency of automated protocol implementation using Estelle

Correctness and runtime efficiency are essential properties of software in general and of high-speed protocols in particular. Establishing correctness requires the use of FDTs during protocol design, and to prove the protocol code correct with respect to its formal specification. Another approach to boost confidence in the correctness of the implementation is to generate protocol code automatically from the specification. However, the runtime efficiency of this code is often insufficient. This has turned out to be a major obstacle to the use of FDTs in practice. One of the FDTs currently applied to communication protocols is Estelle. We show how runtime efficiency can be significantly improved by several measures carried out during the design, implementation and runtime of a protocol. Recent results of improvements in the efficiency of Estelle-based protocol implementations are extended and interpreted.     

IMS基本探讨TP3-0

IMS，IP多媒体子系统，为下一代网络用户服务提供强大的会话和服务体系结构平台。简要回顾了IMS的发展历程；详细介绍了IMS的体系结构，阐述了IMS机构的三层：应用层、会话控制层、传输与端点层的基本技术与功能；从兼容性、管理、安全三个方面分析了IMS的特点；展望未来IMS的应用前景。     

SIP网络监听模型的设计与实现

针对会话初始协议（SIP）网络及其协议自身的特点，重点研究了如何在SIP网络中快捷、有效地实现监听。在此基础上，提出了SIP网络监听模型的设计方案，并给出了对目标用户进行监听时的通信实现流程。这种模型的设计与实现是探索性研究，但是与现有的接口技术相比更具有灵活性，实现起来更为简便。     

非否认协议形式化分析技术

对目前现有的非否认协议的几种形式化分析方法进行了分析和比较,指出了它们的优缺点,最后提出了进一步的研究方向。     

MAP载波带局域网MMS程序调用服务的形式化描述

网络协议的形式化描述对于协议的定义，协议的正确性验证以及协议的实施有着非常重要的意义，本文采用有限状态自动机的方法对制造自动化协议的关键部分ＭＭＳ的程序调用服务进行了形式化的描述。     

面向对象通信协议的设计与实现

文章介绍了如何利用面向对象技术构建模块化通信系统，并给出了作者设计的TCP模块化实例。     

一种时间相关的分析安全协议的扩展逻辑

Coffey和Saidha提出的CS逻辑可以分析与时间相关的的公钥协议。〖BP）〗在对CS逻辑进行研究的基础上,提出了CS逻辑的扩展逻辑。该扩展逻辑对CS逻辑中存在的一些缺陷进行了修改和扩展,使其不仅可以分析公钥协议,还可以分析对称密钥协议。最后对一个协议实例进行了有效的形式化分析。     

SIP的VoWLAN通信平台设计与实现

如何将会话初始化协议（SIP）与现有的通信网络有机结合,提供安全可靠的数据及通信服务已成为当今的热点问题。VoIP应用也受到业界的持续关注。安全问题一直都是企业实施VoIP的一个阻碍。提出了一个基于SIP的VoWLAN通信平台,将各种语音服务构建于无线局域网之上。利用虚拟专用网(VPN)、数据加密技术、VLAN和防火墙等必要安全技术和策略,应对在系统中的安全威胁,实现了通话质量可靠、安全性高的企业级VoIP无线网络架构。描述了该系统的设计和实现过程,讨论了其中的关键技术。     

一种实现SIP穿越NAT的新方案

提出了一种使用STUN协议,只在应用层实现,无须改动现有NAT及SIP终端,无须扩展协议就可以让用UDP方式传输的SIP信令和媒体流顺利穿越大多数类型NAT设备的解决方案,并通过一个实例详细说明了这一方案的实现。     

Formal analysis and design of multi-party fair exchange protocols

1 Background The essence of electronic protocols is exchanging message items. In miscellaneous applications, especially in E-commerce, an electronic message item has its value. Fairness is one of the important properties of these practical protocols. Rece…     

Algebra model and security analysis for cryptographic protocols

With the rapid growth of the Internet and the World Wide Web a large number of cryptographic protocols have been deployed in distributed systems for various application requirements, and security problems of distributed systems have become very important issues. There are some natural problems: does the protocol have the right properties as dictated by the requirements of the system? Is it still secure that multiple secure cryptographic protocols are concurrently executed? How shall we analy…