网络安全传输建立与维护的研究
|
摘要
本文主要讨论网络传输过程中的安全问题,即安全通道的建立与维护。建立一个安全的网络通道,首先需要通讯方彼此确认身份,其次需要在传输过程中对传输的信息数据加密。网络传输分为单播、广播和组播,鉴于不同的网络方式对密钥的要求也有所不同,本文从网络传输方式的角度对身份认证,会话密钥生成、更新技术进行讨论。其中重点讨论了目前流行的组播密钥管理框架,密钥树,分隙密钥更新方案。最后在文中针对多媒体组播提出了一个简单的安全框架。
This article is mainly focus on the security of the network transmission, that is, the establishment and the maintain of the security channel. To establish a security link need to do two thing: first, authentication; second, key agreement. The model of the network transmission is divided to unicast, broadcast and multicast. For the different model has different require, this issue is discuss about the authentication and key agreement from this respect. And we mainly focus on the distributed key management framework: IGKMP and lolus , the rekeying protocol based on key tree , and periodical rekeying strategies. And at the last of this article we put forward a secure framework based on the multicast of multimedia.
This article is mainly focus on the security of the network transmission, that is, the establishment and the maintain of the security channel. To establish a security link need to do two thing: first, authentication; second, key agreement. The model of the network transmission is divided to unicast, broadcast and multicast. For the different model has different require, this issue is discuss about the authentication and key agreement from this respect. And we mainly focus on the distributed key management framework: IGKMP and lolus , the rekeying protocol based on key tree , and periodical rekeying strategies. And at the last of this article we put forward a secure framework based on the multicast of multimedia.
引文
[1] M.Tatipamula B.Khasnabish.多媒体通信网路——技术与业务.人民邮电出版社.2001
[2] 曹佳,黎明.一种简易的会话密钥生成机制.计算机与信息技术..2003.6
[2] 杨波.网络安全理论与应用.电子工业出版社.2000 P11
[3] F.L.Bauer(德).密码编码和密码分析原理与方法.机械工业出版社.2001
[4] Steven M.Bellovin, Michael Merritt.Encrypted Key Exchange:Password-Based Protocols Secure Against Dictionary Attacks. IEEE 1992
[5] Maughan D,Schertlet M,Turnet J.Internet Security Association and Key Management Protocol (ISAKMP).RFC 2408,1998
[6] Steven M.Bellovin,Michael Merritt.Augmented Encrypted Key Exchange:a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise.1992
[7] David P.Jablon.Strong Password-Only Authenticated Key Exchange.1996
[8] Radia Perlman.Interconnections Second Edition Bridges,Routers,Switches,and Internetworking Protocols.Addison Wesley.2003 P449-456
[9] Sanjeev Setia,Samir Koussih,Sushil Jajodia,Eric Harder.Kronos:A Scalable Group Re-Keying Approach for Secure Multicast.IEEE Symposium on Security & Privacy.2000
[10] D.M.Wallner,E.G.Harder.and R.C.Agree.Key Management for Multicast:Issues and Architecture.Internet Draft,draft-wallner-key-arch-01. txt,September 1998
[11] S.Mittra.IoIus:A framework Scalable Secure Multicast.Proceedings of AcM SIGCOMM' 97.1997
[12] Chung Kei Wong,Simon S.Lam.Secure Group Cmmunications Using Key Graphs.IEEE/ACM TRANSACTIONA ON NETWORKING.vol8.1.feberary. 2000
[13] 蒙扬,卿斯汉,刘克龙.等级加密体制中的密钥管理研究.软件学报.Vol.12.No.8.2001
[14] William C. Fenner.Internet Group Management Protocol,Version 2.RFC 2236
[15] Amos Fiat,Moni Naor.Broadcast Encryption.Computer Science Vol.773, 1994, pp.480-491.
[16] (美)Lars Tvede,Peter Pircher,Jens Bodenkamp.数据广播.机械工业出版社.2002
[17] 关振胜.公钥基础设施PKI与认证机构CA.电子.工业出版社.2002
[18] 熊正光,谢冬青.基于通行字的传输层安全.计算机工程.Vol.28 No 9.Sep 2002
[19] 王勇,曹元大,林观銮.基于口令的可隐含认证的密钥协商协议.计算机工程.Vol.28 No119.Nov 2002
[20] 李先贤,怀进鹏.高效的动态组播群通信认证签字方案.软件学报.Vol.12.No.10.2001
[21] 刘璟,周明天.大型动态多播群组的密钥管理和访问控制.软件学报.Vol.13.No.13.2002
[22] Mandy Andress.计算机安全原理.机械工业出版社.2002
[23] 曹佳,基于Diffie-Hellman型Kerberos的改进.2003
[24] Philip Mackenzie.The PAK suite:Protocols for Password-Authenticated Key Exchange.DIMACS Techincal Report 2002-46. Oct 2002
[25] D.L.Mills.Network Time Protocol(version3)Specification and Implementation.RFC1305,March 1992
[26] ITU-T Recommendation Q.NSEC,Q29/11, draft output from July 95 Interim Rappoteur's meeting
[27] 密码编码学与网络安全:原理与实践.电子工业出版社.
[28] Tanenbaum.计算机网络.[M].清华大学出版社.1999.
[29] He Haixiang,Hardjono T. Simple Multicast Receiver Access Control.IETF Internet Draft,draft-irtf-gsec-smrac-00, txt,2001-11
[30] Mittra.S. IOLUS: a framework for scaleable secure multicast.ACM Computer Communication, 1997,27(3)
[31] 王宝智.杨思东.宽带网与多媒体系统.北京希望电子出版社.2002
[32] 桂宁,陈松乔,杨建.IP多播视频会议的安全机制设计与实现.计算机工程.Vol.28.No3.Mar.2002
[33] Amos Fiat. Moni Naor.Broadcast Encryption.Computer Science Vol.773, 1994, pp. 480-491.
[34] 翁贻方,鞠磊.基于混沌的序列密码加密算法.计算机工程.Vol.28.Nov.2002
[35] Pecora L M. Carroll TL.Synchronization in Chaotic Systems.Phys.Rev. Lett.1990,64:821-823
[36] Philippe Golle.Authenticating streamed data in the presence of random paeket loss.Stanford University.Feb, 2001
[37] S. Mittra.Iolus:A framework Scalable Secure Multicast.Proceedings of ACM SIGCOMM' 97, Cannes,France,Sep,1997
[38] T.Hardjono,B.Cain,I.Monga.Intra-Domain Group Key Management Protocol.Internet Draft,draft-ietf-ipsec-intragkm-00.txt.Nov 1998.
[39] Ahmet M.Eskicioglu.Multimedia Security in Group Communications:Recent Progress in Key Management,Authentication,and Watermarking.IASTED International Conference on Communications and Computer Networks.USA, Nov,2002
[2] 曹佳,黎明.一种简易的会话密钥生成机制.计算机与信息技术..2003.6
[2] 杨波.网络安全理论与应用.电子工业出版社.2000 P11
[3] F.L.Bauer(德).密码编码和密码分析原理与方法.机械工业出版社.2001
[4] Steven M.Bellovin, Michael Merritt.Encrypted Key Exchange:Password-Based Protocols Secure Against Dictionary Attacks. IEEE 1992
[5] Maughan D,Schertlet M,Turnet J.Internet Security Association and Key Management Protocol (ISAKMP).RFC 2408,1998
[6] Steven M.Bellovin,Michael Merritt.Augmented Encrypted Key Exchange:a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise.1992
[7] David P.Jablon.Strong Password-Only Authenticated Key Exchange.1996
[8] Radia Perlman.Interconnections Second Edition Bridges,Routers,Switches,and Internetworking Protocols.Addison Wesley.2003 P449-456
[9] Sanjeev Setia,Samir Koussih,Sushil Jajodia,Eric Harder.Kronos:A Scalable Group Re-Keying Approach for Secure Multicast.IEEE Symposium on Security & Privacy.2000
[10] D.M.Wallner,E.G.Harder.and R.C.Agree.Key Management for Multicast:Issues and Architecture.Internet Draft,draft-wallner-key-arch-01. txt,September 1998
[11] S.Mittra.IoIus:A framework Scalable Secure Multicast.Proceedings of AcM SIGCOMM' 97.1997
[12] Chung Kei Wong,Simon S.Lam.Secure Group Cmmunications Using Key Graphs.IEEE/ACM TRANSACTIONA ON NETWORKING.vol8.1.feberary. 2000
[13] 蒙扬,卿斯汉,刘克龙.等级加密体制中的密钥管理研究.软件学报.Vol.12.No.8.2001
[14] William C. Fenner.Internet Group Management Protocol,Version 2.RFC 2236
[15] Amos Fiat,Moni Naor.Broadcast Encryption.Computer Science Vol.773, 1994, pp.480-491.
[16] (美)Lars Tvede,Peter Pircher,Jens Bodenkamp.数据广播.机械工业出版社.2002
[17] 关振胜.公钥基础设施PKI与认证机构CA.电子.工业出版社.2002
[18] 熊正光,谢冬青.基于通行字的传输层安全.计算机工程.Vol.28 No 9.Sep 2002
[19] 王勇,曹元大,林观銮.基于口令的可隐含认证的密钥协商协议.计算机工程.Vol.28 No119.Nov 2002
[20] 李先贤,怀进鹏.高效的动态组播群通信认证签字方案.软件学报.Vol.12.No.10.2001
[21] 刘璟,周明天.大型动态多播群组的密钥管理和访问控制.软件学报.Vol.13.No.13.2002
[22] Mandy Andress.计算机安全原理.机械工业出版社.2002
[23] 曹佳,基于Diffie-Hellman型Kerberos的改进.2003
[24] Philip Mackenzie.The PAK suite:Protocols for Password-Authenticated Key Exchange.DIMACS Techincal Report 2002-46. Oct 2002
[25] D.L.Mills.Network Time Protocol(version3)Specification and Implementation.RFC1305,March 1992
[26] ITU-T Recommendation Q.NSEC,Q29/11, draft output from July 95 Interim Rappoteur's meeting
[27] 密码编码学与网络安全:原理与实践.电子工业出版社.
[28] Tanenbaum.计算机网络.[M].清华大学出版社.1999.
[29] He Haixiang,Hardjono T. Simple Multicast Receiver Access Control.IETF Internet Draft,draft-irtf-gsec-smrac-00, txt,2001-11
[30] Mittra.S. IOLUS: a framework for scaleable secure multicast.ACM Computer Communication, 1997,27(3)
[31] 王宝智.杨思东.宽带网与多媒体系统.北京希望电子出版社.2002
[32] 桂宁,陈松乔,杨建.IP多播视频会议的安全机制设计与实现.计算机工程.Vol.28.No3.Mar.2002
[33] Amos Fiat. Moni Naor.Broadcast Encryption.Computer Science Vol.773, 1994, pp. 480-491.
[34] 翁贻方,鞠磊.基于混沌的序列密码加密算法.计算机工程.Vol.28.Nov.2002
[35] Pecora L M. Carroll TL.Synchronization in Chaotic Systems.Phys.Rev. Lett.1990,64:821-823
[36] Philippe Golle.Authenticating streamed data in the presence of random paeket loss.Stanford University.Feb, 2001
[37] S. Mittra.Iolus:A framework Scalable Secure Multicast.Proceedings of ACM SIGCOMM' 97, Cannes,France,Sep,1997
[38] T.Hardjono,B.Cain,I.Monga.Intra-Domain Group Key Management Protocol.Internet Draft,draft-ietf-ipsec-intragkm-00.txt.Nov 1998.
[39] Ahmet M.Eskicioglu.Multimedia Security in Group Communications:Recent Progress in Key Management,Authentication,and Watermarking.IASTED International Conference on Communications and Computer Networks.USA, Nov,2002