新一代视频会议安全关键技术研究
|
摘要
随着网络技术和多媒体技术的发展,人们越来越不满足于基于网络的文本和语音的交流,视频会议等多媒体应用快速发展,日趋成为人们远程交流与协作的重要手段。
安全是构建新一代视频会议系统、开展安全可信的视频会议服务的关键之一。本文对新一代视频会议框架、视频会议安全架构、视频会议中的信令安全和可控组播等方面进行了研究,具体研究内容如下:
1.基于以IPv6协议为核心的下一代互联网,结合SIPPING会议框架和XCON会议框架,我们提出了一种具有服务质量保证、可扩展的新一代视频会议系统框架,并研制了该系统,本文重点研究了系统的安全部分;同时,本文设计了一种视频会议安全功能模型,定义了视频会议安全相关的功能区域和组成元素,以及它们之间的相互关系。
2.针对传统基于软件的视频会议安全方案容易被盗用、欺骗和入侵的问题,结合可信计算技术,本文提出了一种用于视频会议系统的双层认证结构(DAF),实现了对会议实体与用户身份的双认证;利用DAF结构,设计了一种基于可信计算的视频会议安全架构,并利用可信平台模块(TPM)和直接匿名证明等方法,设计了新的注册协议,实现了一种以TPM芯片为信任起点的视频会议系统安全。同时证明了协议的安全性,并对整个方案的安全性与效率进行了分析。
3.信令协议和媒体传输协议在多媒体通信系统中扮演重要的角色,会话初始协议(SIP)是一种重要的视频会议信令协议。针对源地址伪造导致的各种恶意攻击问题,基于可信网络连接(TNC)架构思想,本文将源地址验证体系架构(SAVA)的源地址验证与视频会议中的SIP信令框架结合,提出了基于源地址验证的SIP安全服务模型;针对SIP认证中客户端和代理服务器身份欺骗的问题,设计了与源地址验证结合的SIP双向摘要认证算法;针对SIP身份标识的真实性问题,设计了与源地址验证结合的、基于身份签名体制的SIP身份标识方案。该模型、算法和方案提高了SIP应用的真实性和安全性,有助于在下一代互联网中开展可追溯、更加安全可信的SIP信令服务。同时,结合相关互联网工程任务组(IETF)草案和IPv6协议新特性,利用嵌入式Linux开发环境,我们研制了IPv6源地址验证交换机,并且,在中国下一代互联网工程—第二代中国教育与科研网(CNGI-CERNET2)的环境中构建了IPv6源地址验证的实验环境,进行SIP信令安全实验,结果表明方案的有效性。
4.针对视频会议中大规模组播的安全可控问题,本文将软件领域的面向服务体系架构(SOA)思想引入安全组播服务中,提出了一种面向服务的可控组播模型(SOCMM),定义了组播服务系统的层次结构、层次之间的相互关系及各层所包含的可能的服务;在此基础上,针对CNGI-CERNET2的网络环境,利用开放的网络协议,设计了SOCMM模型的参考实现方案,定义了SOCMM方案的框架、组成元素、通信协议和接口;而且,结合SOCMM方案和IPv6组播环境,利用嵌入式Linux开发环境,我们研制了IPv6可控组播接入交换机。同时,在CNGI-CERNET2网络环境中构建了IPv6组播实验环境,进行了组播接入控制实验,结果表明方案的有效性。
综上所述,本文在新一代视频会议系统框架研究的基础上,重点研究了系统的安全部分,并提出了一种视频会议安全功能模型;结合可信计算技术,设计了一种双层认证结构和基于可信计算的视频会议安全架构;基于TNC架构思想,将源地址验证与SIP应用框架结合,提出了基于源地址验证的SIP安全模型、双向摘要认证算法和身份签名的SIP安全标识方案;将SOA架构思想引入视频会议大规模组播服务中,设计了面向服务的可控组播模型和实现参考框架;并研制了视频会议安全接入控制交换机。
With the development of network technology and multimedia technology, people areincreasingly not satisfied with the text and voice communication based on network,multimedia applications, such as video conferencing, are developing rapidly and increasinglybecome an important means of remote communication and collaboration for people.
Security is one of the key issues to build the new generation video conferencing systems,and carry out the safe and reliable video conferencing services. This paper studies theframework of the new generation video conferencing, the trusted computing based securityarchitecture of video conferencing, the security of signaling of video conferencing, and thecontrollable multicast of the new generation video conferencing. The specific research is asfollows.
Firstly, based on the next generation Internet with IPv6protocol, combining with theSIPPING Conference Framework and the XCON conferencing framework, we design a newgeneration video conferencing architecture, which has QoS assurance and scalability, anddevelope the system. This paper focuses on the security part of the system. And this paperproposes a security functional model for the new generation video conferencing, whichdefines the security functional areas, the elements of video conferencing securtiy, and therelationship between them in this model.
Secondly, as the traditional software-based traditional video conferencing securitysolutions are vulnerable to theft, deception and invasion, combining with trusted computingtechnology, this paper proposes a Dual-layer Authentication Framework (DAF) for theconference entity and the user identity. With the DAF, this paper proposes a trusted computingbased security architecture of video conferencing. With the Trusted Platform Module (TPM)and Direct Anonymous Attestation, this paper designs a new SIP registration protocol toachieve a kind of security for video conferencing, which the TPM chip is as the trustedstarting point. This paper proves the security of the new protocol, and analyzes the securityand efficiency of the entire scheme.
Thirdly, signaling protocols and media transport protocols play important roles in themultimedia communication systems. Session Initial Protocol (SIP) is an important signalingprotocol for video conferencing. To against the forged source address that leads to a variety ofmalicious attacks, based on the thinking of Trusted Network Connect (TNC) architecture, thispaper combines the source address validation of the Source Address Validation Architectureand the SIP application framework, and proposes the SIP security services model based on source address validation and the relevant definitions. Combining with the source addressvalidation, this paper designs the SIP two-way digest authentication algorithm to against theidentity deception of the client and proxy server in SIP authentication. To the SIP identitysecurity issues, this paper designs the identity-based signature based SIP identity scheme.These model, algorithm and scheme improve the authenticity and security of the SIPapplication, and would help to carry out traceable, safe and trusted SIP signaling service in thenext generation Internet. According to the relevant draft of the Internet Engineering TaskForce (IETF) and the IPv6protocol new features, we devolope an IPv6source addressvalidation switch based on the embedded Linux development environment. This paper carriesout the SIP security experiments with the switch in the CNGI-CERNET2campus network,and the experiment results show that the proposed shceme is effective.
Fourthly, for the controllable and security issue of large-scale multicast service, thispaper proposes a Service-Oriented Controllable Multicast Model (SOCMM), whichintroduces the Service-Oriented Architecture (SOA) in software realm to the multicastservices. The model defines the hierarchy of the multicast service system, the mutualrelationship between the layers and the services of each layer in this model. With the opennetwork protocols, this paper proposes the reference implementation scheme for SOCMM,including the framework, the components, the communication protocols and the interfaces.According to the SOCMM and the IPv6multicast enviornment, we develope a controllablemulticast switch based on the embedded Linux development environment. This paper carriesout the IPv6controllable multicast experiments in the CNGI-CERNET2campus network, andthe experiment results show that the proposed shceme is effective.
In summary, based on the framework research of the new generation of videoconferencing systems, this paper focuses on the security part of the system. And this paperproposes a video conferencing security functional model. Combining with the trustedcomputing technology, this paper designs a Dual-Layer authentication structure and a trustedcomputing based security architecture of video conferencing. Based on the TNC architecture,this paper combines the source address validation and the SIP application framework; andproposes a source address verification based SIP security model, two-way digestauthentication algorithm and Identity-based Signature based SIP security identificationscheme. This paper introduces the SOA architecture to the large-scale multicast services ofvideo conferencing, and designs a service-oriented controllable multicast model and thereference implementation. And this paper developes a security access control switch for thevideo conferencing system.
安全是构建新一代视频会议系统、开展安全可信的视频会议服务的关键之一。本文对新一代视频会议框架、视频会议安全架构、视频会议中的信令安全和可控组播等方面进行了研究,具体研究内容如下:
1.基于以IPv6协议为核心的下一代互联网,结合SIPPING会议框架和XCON会议框架,我们提出了一种具有服务质量保证、可扩展的新一代视频会议系统框架,并研制了该系统,本文重点研究了系统的安全部分;同时,本文设计了一种视频会议安全功能模型,定义了视频会议安全相关的功能区域和组成元素,以及它们之间的相互关系。
2.针对传统基于软件的视频会议安全方案容易被盗用、欺骗和入侵的问题,结合可信计算技术,本文提出了一种用于视频会议系统的双层认证结构(DAF),实现了对会议实体与用户身份的双认证;利用DAF结构,设计了一种基于可信计算的视频会议安全架构,并利用可信平台模块(TPM)和直接匿名证明等方法,设计了新的注册协议,实现了一种以TPM芯片为信任起点的视频会议系统安全。同时证明了协议的安全性,并对整个方案的安全性与效率进行了分析。
3.信令协议和媒体传输协议在多媒体通信系统中扮演重要的角色,会话初始协议(SIP)是一种重要的视频会议信令协议。针对源地址伪造导致的各种恶意攻击问题,基于可信网络连接(TNC)架构思想,本文将源地址验证体系架构(SAVA)的源地址验证与视频会议中的SIP信令框架结合,提出了基于源地址验证的SIP安全服务模型;针对SIP认证中客户端和代理服务器身份欺骗的问题,设计了与源地址验证结合的SIP双向摘要认证算法;针对SIP身份标识的真实性问题,设计了与源地址验证结合的、基于身份签名体制的SIP身份标识方案。该模型、算法和方案提高了SIP应用的真实性和安全性,有助于在下一代互联网中开展可追溯、更加安全可信的SIP信令服务。同时,结合相关互联网工程任务组(IETF)草案和IPv6协议新特性,利用嵌入式Linux开发环境,我们研制了IPv6源地址验证交换机,并且,在中国下一代互联网工程—第二代中国教育与科研网(CNGI-CERNET2)的环境中构建了IPv6源地址验证的实验环境,进行SIP信令安全实验,结果表明方案的有效性。
4.针对视频会议中大规模组播的安全可控问题,本文将软件领域的面向服务体系架构(SOA)思想引入安全组播服务中,提出了一种面向服务的可控组播模型(SOCMM),定义了组播服务系统的层次结构、层次之间的相互关系及各层所包含的可能的服务;在此基础上,针对CNGI-CERNET2的网络环境,利用开放的网络协议,设计了SOCMM模型的参考实现方案,定义了SOCMM方案的框架、组成元素、通信协议和接口;而且,结合SOCMM方案和IPv6组播环境,利用嵌入式Linux开发环境,我们研制了IPv6可控组播接入交换机。同时,在CNGI-CERNET2网络环境中构建了IPv6组播实验环境,进行了组播接入控制实验,结果表明方案的有效性。
综上所述,本文在新一代视频会议系统框架研究的基础上,重点研究了系统的安全部分,并提出了一种视频会议安全功能模型;结合可信计算技术,设计了一种双层认证结构和基于可信计算的视频会议安全架构;基于TNC架构思想,将源地址验证与SIP应用框架结合,提出了基于源地址验证的SIP安全模型、双向摘要认证算法和身份签名的SIP安全标识方案;将SOA架构思想引入视频会议大规模组播服务中,设计了面向服务的可控组播模型和实现参考框架;并研制了视频会议安全接入控制交换机。
With the development of network technology and multimedia technology, people areincreasingly not satisfied with the text and voice communication based on network,multimedia applications, such as video conferencing, are developing rapidly and increasinglybecome an important means of remote communication and collaboration for people.
Security is one of the key issues to build the new generation video conferencing systems,and carry out the safe and reliable video conferencing services. This paper studies theframework of the new generation video conferencing, the trusted computing based securityarchitecture of video conferencing, the security of signaling of video conferencing, and thecontrollable multicast of the new generation video conferencing. The specific research is asfollows.
Firstly, based on the next generation Internet with IPv6protocol, combining with theSIPPING Conference Framework and the XCON conferencing framework, we design a newgeneration video conferencing architecture, which has QoS assurance and scalability, anddevelope the system. This paper focuses on the security part of the system. And this paperproposes a security functional model for the new generation video conferencing, whichdefines the security functional areas, the elements of video conferencing securtiy, and therelationship between them in this model.
Secondly, as the traditional software-based traditional video conferencing securitysolutions are vulnerable to theft, deception and invasion, combining with trusted computingtechnology, this paper proposes a Dual-layer Authentication Framework (DAF) for theconference entity and the user identity. With the DAF, this paper proposes a trusted computingbased security architecture of video conferencing. With the Trusted Platform Module (TPM)and Direct Anonymous Attestation, this paper designs a new SIP registration protocol toachieve a kind of security for video conferencing, which the TPM chip is as the trustedstarting point. This paper proves the security of the new protocol, and analyzes the securityand efficiency of the entire scheme.
Thirdly, signaling protocols and media transport protocols play important roles in themultimedia communication systems. Session Initial Protocol (SIP) is an important signalingprotocol for video conferencing. To against the forged source address that leads to a variety ofmalicious attacks, based on the thinking of Trusted Network Connect (TNC) architecture, thispaper combines the source address validation of the Source Address Validation Architectureand the SIP application framework, and proposes the SIP security services model based on source address validation and the relevant definitions. Combining with the source addressvalidation, this paper designs the SIP two-way digest authentication algorithm to against theidentity deception of the client and proxy server in SIP authentication. To the SIP identitysecurity issues, this paper designs the identity-based signature based SIP identity scheme.These model, algorithm and scheme improve the authenticity and security of the SIPapplication, and would help to carry out traceable, safe and trusted SIP signaling service in thenext generation Internet. According to the relevant draft of the Internet Engineering TaskForce (IETF) and the IPv6protocol new features, we devolope an IPv6source addressvalidation switch based on the embedded Linux development environment. This paper carriesout the SIP security experiments with the switch in the CNGI-CERNET2campus network,and the experiment results show that the proposed shceme is effective.
Fourthly, for the controllable and security issue of large-scale multicast service, thispaper proposes a Service-Oriented Controllable Multicast Model (SOCMM), whichintroduces the Service-Oriented Architecture (SOA) in software realm to the multicastservices. The model defines the hierarchy of the multicast service system, the mutualrelationship between the layers and the services of each layer in this model. With the opennetwork protocols, this paper proposes the reference implementation scheme for SOCMM,including the framework, the components, the communication protocols and the interfaces.According to the SOCMM and the IPv6multicast enviornment, we develope a controllablemulticast switch based on the embedded Linux development environment. This paper carriesout the IPv6controllable multicast experiments in the CNGI-CERNET2campus network, andthe experiment results show that the proposed shceme is effective.
In summary, based on the framework research of the new generation of videoconferencing systems, this paper focuses on the security part of the system. And this paperproposes a video conferencing security functional model. Combining with the trustedcomputing technology, this paper designs a Dual-Layer authentication structure and a trustedcomputing based security architecture of video conferencing. Based on the TNC architecture,this paper combines the source address validation and the SIP application framework; andproposes a source address verification based SIP security model, two-way digestauthentication algorithm and Identity-based Signature based SIP security identificationscheme. This paper introduces the SOA architecture to the large-scale multicast services ofvideo conferencing, and designs a service-oriented controllable multicast model and thereference implementation. And this paper developes a security access control switch for thevideo conferencing system.
引文
注1运行界面截图由实验室视频会议研究小组提供。
注1SOCMM-Switch的代码编写主要由研究小组的其他同学完成。
[1]凌波.视频会议系统中QoS研究[D].杭州:浙江大学,2008年.
[2]叶昭,张凌,袁华等.视频会议业务扩展性研究[EB/OL].中国教育和科研计算机网CERNET第十六届学术会议,http://www.edu.cn/html/cernet2009/.[2012-03-15].
[3] Yuan H., Sun z., Zhang L., et al. A scalable Video Communication Framework based onD-Bus [A].2011International Conference on Electronics, Communications and Control(ICECC)[C]. New Jersey: IEEE,2011:1277-1280.
[4] Debra Chin. Next Generation Video Conferencing [EB/OL].http://www.arkadin.com/DownFile-fileid-2233.html/.[2012-3-15].
[5] Keiji Hirata, Yasunori Harada, Toshihiro Takada, et al. t-Room: Next Generation VideoCommunication System [A]. IEEE Global Telecommunications Conference (IEEEGLOBECOM2008)[C]. New Jersey: IEEE,2008:5536-5539.
[6] Deering S., Hinden R. Internet Protocol, Version6(IPv6) Specification [EB/OL]. IETFRFC2460, December1998.
[7] Amante S., Carpenter B., Jiang S., et al. IPv6Flow Label Specification [EB/OL].IETFRFC6437, November2011.
[8] GENI: Global Environment for Network Innovations [EB/OL]. http://www.geni.net.
[2012-03-15].
[9] FIND: Future Internet Design [EB/OL]. http://www.nets-find.net/.[2012-03-15].
[10] FIRE: Future Internet Research and Experimentation [EB/OL].http://cordis.europa.eu/fp7/ict/fire/.[2012-03-15].
[11] FIA: Future Internet Architectures [EB/OL]. http://www.nets-fia.net/.[2012-03-15].
[12] Bradner S.,Mankin A. IP: Next Generation (IPng) White Paper Solicitation [EB/OL].IETF RFC1550,December1993.
[13] Deering S., Hinden R. Internet Protocol, Version6(IPv6) Specification [EB/OL]. IETFRFC1883, December1995.
[14] Abley J., Savola P., Neville-Neil G. Deprecation of Type0Routing Headers in IPv6
[EB/OL].IETF RFC5095, December2007.
[15] Krishnan S. Handling of Overlapping IPv6Fragments [EB/OL].IETF RFC5722,December2009.
[16] vBNS: very high-speed Backbone Network Services [EB/OL].http://www2.gsu.edu/~wwwhsn/vbns/.[2012-03-15].
[17] Internet2[EB/OL]. http://www.internet2.edu/.[2012-03-15].
[18] GéANT2[EB/OL]. http://www.geant2.net/.[2012-03-15].
[19] TEIN2: Trans-Eurasia Information Network [EB/OL]. http://www.tein2.net/.
[2012-03-15].
[20]吴建平,李星,刘莹.下一代互联网体系结构研究现状和发展趋势[J].中兴通信技术,2011,17(2):10-14
[21]中国下一代互联网示范工程专家委员会. CNGI新技术、新业务研究试验情况
[EB/OL]. http://www.cngi.cn/gzdt/xjs0xywy/[2012-03-15]
[22]中国互联网络信息中心.中国互联网络发展状况统计报告[EB/OL].http://www.cnnic.cn/.2012年1月.
[23]李俊超.面向服务的云会议系统架构及其关键技术研究[D].合肥:中国科学技术大学,2011年
[24] ITU-T Recommendation H.100, Visual telephone systems [S]. InternationalTelecommunication Union,1988.
[25] ITU-T Recommendation H.110, Hypothetical reference connections for videoconferencing using primary digital group transmission [S]. InternationalTelecommunication Union,1988.
[26] ITU-T Recommendation H.320, Narrow-band visual telephone systems and terminalequipment [S]. International Telecommunication Union,2004
[27] ITU-T Recommendation H.321, Adaptation of H.320visual telephone terminals toB-ISDN environments [S]. International Telecommunication Union,1998.
[28] ITU-T Recommendation H.323, Packet-based multimedia communications systems [S].International Telecommunication Union,2009
[29] Handley M., Schulzrinne H., Columbia U. SIP: Session Initiation Protocol [EB/OL].IETF RFC2543, March1999.
[30] Rosenberg, J., Schulzrinne, H., Camarillo, G., et al. SIP: Session Initiation Protocol
[EB/OL]. IETF RFC3261, June2002.
[31] BeamYourScreen Corporation. Mikogo [EB/OL]. http://www.mikogo.com/.
[2012-03-15].
[32] Cisco System Corporation. WebEx [EB/OL]. http://www.webex.com/.[2012-03-15].
[33] West Corporation. InterCall [EB/OL]. http://www.intercall.com/.[2012-03-15].
[34] Microsoft Corporation. Skype [EB/OL]. http://http://skype.tom.com/.[2012-03-15].
[35] Cisco System Corporation. TelePresence[EB/OL].http://www.cisco.com/web/telepresence/.[2012-03-15].
[36] Polycom Inc. RealPresence [EB/OL].http://www.polycom.com/products/telepresence_video/telepresence_solutions/immersive_telepresence/.[2012-03-15].
[37] Johnson D., Perkins C., Arkko J. Mobility Support in IPv6[EB/OL]. IETF RFC3775,June2004.
[38] Savola P., Haberman B. Embedding the Rendezvous Point (RP) Address in an IPv6Multicast Address [EB/OL]. IETF RFC3956, November2004.
[39]吴建平,任罡,李星.构建基于真实IPv6源地址验证体系结构的下一代互联网[J].中国科学E辑:信息科学,2008,38(10):1583-1593.
[40] Garcia-Martin M. Input3rd-Generation Partnership Project (3GPP) Release5Requirements on the Session Initiation Protocol (SIP)[EB/OL]. IETF RFC4083, May2005.
[41]马骥,周晓光,辛阳,等.基于信任域的SIP认证机制[J].计算机工程,2009,35(12):131-136
[42] Yoon EJ., Yoo KY. A New Authentication Scheme for Session Initiation Protocol [A],in Proceedings of International Conference on Complex, Intelligent and SoftwareIntensive Systems [C], New York: IEEE Computer Society,2009:549–554.
[43] Durlanik A., Sogukpinar I. SIP Authentication Scheme Using ECDH [J] WorldAcademy Science, Engineering and Technology (WASET),2005,8(1):350–353.
[44] Srinivasan R., Vaidehi V., Harish K., et al. Authentication of Signaling in VoIPApplications [A]. In Proceedings of11th Asia-Pacific Conference on Communications(APCC)[C]. Washington: IEEE Communications Society,2005:530–533.
[45] Tsai JL. Efficient Nonce-based Authentication Scheme for Session Initiation Protocol[J]. International Journal of Network Security (IJNS),2009,9(1):12–16.
[46] Lee CC. On Security of An Efficient Nonce-based Authentication Scheme for SIP [J].International Journal of Network Security,2009,9(3):201–203.
[47] Peterson J., Jennings C. Enhancements for Authenticated Identity Management in theSession Initiation Protocol (SIP)[EB/OL]. IETF RFC4474, August2006.
[48] Elwell J. Connected Identity in the Session Initiation Protocol (SIP)[EB/OL]. IETFRFC4916, June2007.
[49] Arkko J., Torvinen V., Camarillo, et al. Security Mechanism Agreement for the SessionInitiation Protocol (SIP)[EB/OL]. IETF RFC3329, January2003.
[50] Bremler-Barr A., Halachmi-Bekel R., Kangasharju K. Unregister Attacks in SIP [A]. InProceedings of2nd IEEE Workshop on Secure Network Protocols [C]. Washington:IEEE,2006:32–37.
[51] Keromytis AD. Voice over IP: Risks, Threats and Vulnerabilities [EB/OL]. InProceedings of Cyber Infrastructure Protection (CIP) Conference, June2009.
[52] Geneiatakis D., Dagiuklas T., Kambourakis G., et al. Survey of Security Vulnerabilitiesin Session Initiation Protocol [J]. IEEE Communication Surveys Tutorials,2006,8(3):68–81.
[53] Zhang G., Ehlert S., Magedanz T., et al. Denial of Service Attack and Prevention on SIPVoIP Infrastructures Using DNS Flooding [A]. In Proceedings of1st InternationalConference on Principles, Systems and Applications of IP Telecommunications(IPTCOMM)[C]. New York: ACM,2007:57–66.
[54] Luo M., Peng T., Leckie C. CPU-based DoS Attacks Against SIP Servers [A]. InProceedings of IEEE Network Operations and Management Symposium (NOMS)[C],Washington: IEEE,2008:41–48.
[55]张兆心,方滨兴,张宏莉,等.基于改进SIP协议的SIP网络安全通信模型[J].通信学报,2007,28(12):39-47
[56] Geneiatakis D., Dagiuklas T., Kambourakis G., et al., Survey of Security Vulnerabilitiesin Session Initiation Protocol [J]. IEEE Communications Surveys&Tutorials,2006,8(3):68-81.
[57] David Endler, Mark Collier. Hacking Exposed VoIP: Voice Over IP Security Secrets&Solutions [M]. Osborne: McGraw-Hill,2007:389-482
[58] Sven Ehlerta, Dimitris Geneiatakisb, Thomas Magedanza. Survey of network securitysystems to counter SIP-based denial-of-service attacks [J]. Computers&Security,2010,29(2):225-243.
[59] Schulzrinne H., Casner S., Frederick R, et al. RTP: A Transport Protocol for Real-TimeApplications [EB/OL]. IETF RFC3550, July2003.
[60] Wieser C., R ning J., Takanen A. Security analysis and experiments for Voice over IPRTP media streams [EB/OL]. In Proceedings of8th International Symposium on Systemsand Information Security (SSI'2006), November08-10,2006.
[61] Baugher M., McGrew D., Naslund M., et al. The Secure Real-time Transport Protocol(SRTP)[EB/OL]. IETF RFC3711, March2004.
[62] Andreasen F., Baugher M., Wing D. Session Description Protocol (SDP) SecurityDescriptions for Media Streams [EB/OL]. IETF RFC4568, July2006.
[63] Zimmermann P., Johnston A., Callas J. ZRTP: Media Path Key Agreement for UnicastSecure RTP [EB/OL]. IETF RFC6189, April2011.
[64] Arkko J., Carrara E., Lindholm F., et al. MIKEY: Multimedia Internet KEYing [EB/OL].IETF RFC3830, August2004.
[65] McGrew D., Rescorla E. Datagram Transport Layer Security (DTLS) Extension toEstablish Keys for the Secure Real-time Transport Protocol (SRTP)[EB/OL]. IETF RFC5764, May2010.
[66] Petraschek M., Hoeher T., Jung O., et al. Security and Usability Aspects ofMan-in-the-Middle Attacks on ZRTP [J]. Journal of Universal Computer Science,2008,14(5):673–692.
[67] Gurbani VK., V Kolesnikov. A Survey and Analysis of Media Keying Techniques in theSession Initiation Protocol (SIP)[J]. IEEE Communications Surveys&Tutorials,2011,13(2):183-198.
[68] Gurbani VK., Kolesnikov V. Work in Progress: A secure and lightweight scheme formedia keying in the Session Initiation Protocol (SIP)[A]. In Proceedings of4th AnnualACM Conference on Principles, Systems and Applications of IP Telecommunications(IPTCOMM)[C]. New York: ACM,2010:32–41.
[69] Floroiu J., Sisalem D. A Comparative Analysis of the Security Aspects of theMultimedia Key Exchange Protocols [A]. In Proceedings of3rd International Conferenceon Principles, Systems and Applications of IP Telecommunications (IPTComm)[C],New York: ACM,2009:2:1–2:10.
[70] Shi C, Wang SY, Bhargava B. MPEG video encryption in real-time using secret keycryptography [A]. International conference on parallel and distributed processingtechniques and applications (PDPTA’99)[C]. Las Vegas:CSREA Press,1999:2822–2828.
[71] Xie D., Kuo C-CJ. Multimedia encryption with joint randomized entropy coding androtation in partitioned bitstream [J]. EURASIP Journal on Information Security,2007,2007(1):1-18.
[72] Qiao L., Nahrstedt K. Comparison of MPEG encryption algorithms [J]. Computer andGraphics,1998,22(4):437–48.
[73] Liu F., Koenig H. Puzzle-a novel video encryption algorithm [A]. IFIP CMS2005,LNCS3677[C]. Heidelberg: Springer,2005:88–97.
[74] Fuwen Liu, Hartmut Koenig. A survey of video encryption algorithms [J]. computers&security,2010,29(1):3–15.
[75] IETF Multicast Security (msec) Working Group [EB/OL].http://datatracker.ietf.org/wg/msec/charter/.[2012-03-15].
[76] IETF MBONE Deployment (mboned) Working Group [EB/OL].http://datatracker.ietf.org/wg/mboned/charter/.[2012-03-15].
[77] Group Security Research Group (GSEC)[EB/OL]. http://irtf.org/concluded/gsec/.
[2012-03-15].
[78] Hardjono T., Weis B. The Multicast Group Security Architecture [EB/OL]. IETF RFC3740, March2004.
[79] Baugher M., Canetti R., Dondeti L. Multicast Security (MSEC) Group KeyManagement Architecture [EB/OL]. IETF RFC4046, April2005.
[80] Ramachandran K., Almeroth K. MAFIA: A Multicast Management Solution for AccessControl and Packet Filtering [A].IEEE/IFIP Conference on Management of MultimediaNetworks and Services, LNCS2839[C]. Heidelberg: Springer,2003:64-77.
[81]周贤伟,杨军,薛楠等.IP组播与安全[M].北京:国防工业出版社,2006:1-64.
[82]刘海燕,张云峰,钱文光.基于组播的会议系统源认证安全方案[J].微处理机,2009,30(3):39-42
[83] Rosenberg J. A Framework for Conferencing with the Session Initiation Protocol (SIP)
[EB/OL]. IETF RFC4353, February2006.
[84] Barnes M., Boulton C., Levin O. A Framework for Centralized Conferencing [EB/OL].IETF RFC5239, June2008.
[85] Roach AB. Session Initiation Protocol (SIP)-Specific Event Notification [EB/OL]. IETFRFC RFC3265, June2002.
[86] Johnston A., Levin O. Session Initiation Protocol (SIP) Call Control-Conferencing forUser Agents [EB/OL]. IETF RFC4579, August2006.
[87] Levin O., Even R. High-Level Requirements for Tightly Coupled SIP Conferencing
[EB/OL]. IETF RFC4245, November2005.
[88] Koskelainen P., Ott J., Schulzrinne H., et al. Requirements for Floor Control Protocols
[EB/OL]. IETF RFC4376, February2006.
[89] Even R., Ismail N. Conferencing Scenarios [EB/OL]. IETF RFC4597, July2006.
[90] Camarillo G., Ott J., Drage K. The Binary Floor Control Protocol (BFCP)[EB/OL].IETF RFC4582,November2006.
[91] Knapp KJ., Morris RF., Marshall TE., et al. Information security policy: Anorganizational-level process model [J]. COMPUTERS and SECURITY,2009,28(7):493-508.
[92] Condell M. Multidimensional Security Policy Management and Enhancements for IPSecurity Policy [EB/OL]. IETF draft-ietf-ipsp-msme-00, November14,2001.
[93] Dan York. Seven Deadliest Unified Communications Attacks [M]. Burlington: SyngressMedia Inc,2010:17-136.
[94] Sangster P., Khosravi H., Mani M., et al. Network Endpoint Assessment (NEA):Overview and Requirements [EB/OL]. IETF RFC5209, June2008.
[95] Trusted Computing Group. TCG Specification Architecture Overview Specification
[EB/OL].http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14,August2007.
[96] Trusted Computing Group. TPM Main Specification Level2Version1.2, Revision116
[EB/OL]. http://www.trustedcomputinggroup.org, March2011.
[97] Trusted Computing Group. TCG Trusted Network Connect, TNC IF-TNCCS: TLVBinding, Specification Vision2.0, Revision16[EB/OL].http://www.trustedcomputinggroup.org, January2010.
[98] Gallery E, Mitchell CJ. Trusted Computing: Security and Applications [J], Cryptologia,2009,33(3):217-245.
[99] Song Z., Molina J., Lee S., et al. Trustcube: An infrastructure that builds trust in client
[A]. In Proceedings of the First International Conference Future of Trust in Computing
[C]. Heidelberg: Springer,2009:68-79.
[100] Song Zhexuan, Kotani Seigo, Masuoka Ryusuke. Building an Independent IntegratedAuthentication Service [A]. The9th International Conference for Young ComputerScientists [C]. New York: IEEE computer society,2008:2254-2259.
[101] Briekell Ernie, Camenisch Jan, Chen Liqun. Direct Anonymous Attestation [A]. InCCS’04Proceedings of the11th ACM conference on Computer and communicationssecurity [C], New York: ACM,2004:132-145.
[102] Canetti R. Universal composable security: A new paradigm for cryptographic protocols
[A]. In42nd Annual Symposium on Foundations of Computer Science (FOCS2001)[C].New York: IEEE Computer Society,2001:136-145.
[103] Canetti R. Universally composable signature, certification, and authentication [A]. InProceedings of the17th IEEE Computer Security Foundations Workshop (CSFW16)[C].New York: IEEE Computer Society,2004:219-233.
[104] Wu, J., Ren, G., Li X. Source Address Validation: Architecture and Protocol Design
[A]. In Proceedings of the IEEE International Conference on Network Protocols2007(ICNP2007)[C]. Washington: IEEE,2007:276-283.
[105] Wu J., Bi J., Li X., et al. A Source Address Validation Architecture (SAVA) Testbedand Deployment Experience [EB/OL]. IETF RFC5210, June2008.
[106] Ferguson P., Senie D. Network Ingress Filtering: Defeating Denial of Service Attackswhich employ IP Source Address Spoofing [EB/OL]. IETF RFC2827, May2000.
[107] Baker F., Savola P. Ingress Filtering for Multihomed Networks [EB/OL]. IETF RFC3704, March2004.
[108] Li J., Mirkovic J., Wang M., et al. SAVE: Source Address Validity EnforcementProtocol [A]. In Proceedings of INFOCOM2002[C], Washington: IEEE,2002:1557-1566.
[109] Massey Dan, Mankin Allison,Wu CL., et al. Intention-Driven ICMP Trace-Back
[EB/OL]. IETF draft-ietf-itrace-intention-00, November2001.
[110] Source Address Validation Improvements (SAVI)[EB/OL].https://datatracker.ietf.org/wg/savi/charter/,[2012-03-15].
[111] McPherson D., Baker F., Halpern J. SAVI Threat Scope [EB/OL]. IETFdraft-ietf-savi-threat-scope-05, April2011.
[112] Bi J., Wu J., Yao G., et al. SAVI Solution for DHCP [EB/OL]. IETFdraft-ietf-savi-dhcp-12, February2012.
[113] Nordmark E., Bagnulo M., Levy-Abegnoli E. FCFS SAVI: First-Come First-ServeSource-Address Validation for Locally Assigned IPv6Addresses [EB/OL]. IETFdraft-ieft-savi-fcfs-14, February2012.
[114] Wu J., Bi J., Bagnulo M., et al. Source Address Validation Improvement Framework[EB/OL]. IETF draft-ietf-savi-framework-06, December2011.
[115] Watson M. Short Term Requirements for Network Asserted Identity [EB/OL]. IETFRFC3324, November2002.
[116] Abdelnur H., Avanesov T., Rusinowitch M., et al. Abusing SIP Authentication [A], InProccedings of the Fourth International Conference on Information Assurance andSecurity [C], Washington: IEEE,2008:237-242.
[117] Peterson J., Jennings C. Enhancements for Authenticated Identity Management in theSession Initiation Protocol (SIP)[EB/OL]. IETF RFC4474, August2006.
[118] Shamir A. Identity-based Cryptosystems and Signature Schemes [A]. Advances inCryptology: Proceedings of CRYPTO84, LNCS196[C], Heidelberg: Springer,1985:47-53.
[119] Boneh D., Franklin MK. Identity-Based Encryption from the Weil Pairing [A].Advances in Cryptology-CRYPTO2001, LNCS2139[C]. Heidelberg: Springer,2001:213–229.
[120] Paterson KG., Schuldt JCN. Efficient identity based signatures secure in the standardmodel [A]. Information Security and Privacy-ACISP2006, LNCS4058[C]. Heidelberg:Springer,2006:207–222.
[121]胡亮,赵阔,袁巍等,基于身份的密码学[M].北京:高等教育出版社,2011:1-33.
[122] Gentry C, Silverbery A. Hierarchical ID-based cryptography [A]. Advances inCryptology-ASIACRYPT2002, LNCS2501[C]. Heidelberg: Springer,2002:149-155.
[123] Goyal V. Reducing Trust in the PKG in Identity Based Cryptosystems [A]. Advancesin Cryptology-Crypto2007, LNCS4622[C]. Heidelberg: Springer,2007:430-447.
[124] SIP Express Router (SER) Version0.9.6[EB/OL]. http://www.iptel.org/. January11,2006.
[125] SIPp Version3.1.2[EB/OL]. http://sipp.sourceforge.net/. November16,2010.
[126] Deering S. Host Extensions for IP Multicasting [EB/OL]. IETF RFC1112, August1989.
[127] Metz C., Tatipamula M. A Look at Native IPv6Multicast [J]. IEEE Internet Computing,2004,8(4):48-53.
[128] Bhattacharyya S. An Overview of Source-Specific Multicast (SSM)[EB/OL]. IETFRFC3569, July2003.
[129] Weis B., Gross G., Ignjatic D. Multicast Extensions to the Security Architecture for theInternet Protocol, IETF RFC5374, November2008.
[130] Savola P., Lehtonen R., Meyer D. Protocol Independent Multicast-Sparse Mode(PIM-SM) Multicast Routing Security Issues and Enhancements [EB/OL]. IETF RFC4609, August2006.
[131] Hayashi T., Satou H., Ohta H., et al. Requirements for Multicast AAA coordinatedbetween Content Provider(s) and Network Service Provider(s)[EB/OL]. IETFdraft-ietf-mboned-maccnt-req-10, August2010.
[132] Satou H., Ohta H., Hayashi T., et al. AAA and Admission Control Framework forMulticasting [EB/OL]. IETF draft-ietf-mboned-multiaaa-framework-12, August2010.
[133] Reuther B., Müller P. Future Internet Architecture–A Service Oriented Approach [J].Information Technology,2008,50(6):383-389.
[134] Braun T., Hilt V., Hofmann M., et al. Service-Centric Networking [A].2011IEEEInternational Conference on Communications Workshops (ICC)[C]. Washington: IEEE,2011:1-6.
[135] Cisco System Corporation. Service Oriented Network Architecture (SONA)[EB/OL].http://www.cisco.com/en/US/netsol/ns629/index.html.[2012-03-15].
[136] Baldine I., Vellala M., Wang A., et al. A unified software architecture to enablecross-layer design in the future internet [A]. In Proceedings of Sixteenth IEEEInternational Conference on Computer Communications and Networks (ICCCN)[C].Washington: IEEE,2007:26-32.
[137] Dutta R., Rouskas GN., Baldine I., et al. The SILO architecture for services integration,control, and optimization for the future internet [A]. In Proceedings of IEEE InternationalConference on Communications (ICC)[C]. Washington: IEEE,2007:1899–1904.
[138] Keller R., Ramamirtham J., Wolf T., et al. Active pipes: Program composition forprogrammable networks [A]. In Proceedings of the2001IEEE Conference on MilitaryCommunications (MILCOM)[C]. Washington: IEEE,2001:962-966.
[139] Shanbhag S., Wolf T. Implementation of end-to-end abstractions in a network servicearchitecture [A]. In Fourth Conference on emerging Networking EXperiments andTechnologies (CoNEXT)[C]. New York: ACM,2008:1-12.
[140] Michael Bell. Service-Oriented Modeling: Service Analysis, Design, and Architecture
[M]. New Jersey: John Wiley and Sons.2008:1-27
[141] Josuttis NM. SOA实践指南—分布式系统设计的艺术[M].程桦译.北京:电子工业出版社,2008:11-46.
[142] W3C Working Group. Web Services Glossary [EB/OL].http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/. February2004.
[143] W3C. SOAP Version1.2Part1: Messaging Framework [EB/OL].http://www.w3.org/TR/soap12-part1/. April2007.
[144] W3C. Web Services Description Language (WSDL) Version2.0Part1: CoreLanguage [EB/OL]. http://www.w3.org/TR/wsdl20/. June2007.
[145] OASIS. OASIS UDDI Specifications TC-Committee Specifications [EB/OL].http://www.oasis-open.org/committees/uddi-spec/doc/tcspecs.htm/.[2012-03-15].
[146] Enns R., Bjorklund M., Schoenwaelder J., et al. Network Configuration Protocol(NETCONF)[EB/OL]. IETF RFC6241,June2011.
[147] Enns R. NETCONF Configuration Protocol [EB/OL]. IETF RFC4741, December2006.
[148] Deering S., Fenner W., Haberman B. Multicast Listener Discovery (MLD) for IPv6[EB/OL]. IETF RFC2710, October1999.
[149] Vida R., Costa L. Multicast Listener Discovery Version2(MLDv2) for IPv6[EB/OL].IETF RFC3810, June2004.
[150] IEEE Std802.1D-2004, IEEE Standard for Local and metropolitan area networks,Media Access Control (MAC) Bridges [S]. New York: IEEE Computer Society,2004
[151] Christensen M., Kimball K., Solensky F. Considerations for Internet GroupManagement Protocol (IGMP) and Multicast Listener Discovery (MLD) SnoopingSwitches [EB/OL]. IETF RFC4541, May2006.
[152] Hinden R., Deering S. IP Version6Addressing Architecture [EB/OL]. IETF RFC4291,February2006.
[153] VLC (Version1.1.9)[EB/OL]. http://www.videolan.org/.[2012-3-15].
[154] Wiresharp: network protocol analyzer [EB/OL]. http://www.wireshark.org/.[2012-3-15].
注1SOCMM-Switch的代码编写主要由研究小组的其他同学完成。
[1]凌波.视频会议系统中QoS研究[D].杭州:浙江大学,2008年.
[2]叶昭,张凌,袁华等.视频会议业务扩展性研究[EB/OL].中国教育和科研计算机网CERNET第十六届学术会议,http://www.edu.cn/html/cernet2009/.[2012-03-15].
[3] Yuan H., Sun z., Zhang L., et al. A scalable Video Communication Framework based onD-Bus [A].2011International Conference on Electronics, Communications and Control(ICECC)[C]. New Jersey: IEEE,2011:1277-1280.
[4] Debra Chin. Next Generation Video Conferencing [EB/OL].http://www.arkadin.com/DownFile-fileid-2233.html/.[2012-3-15].
[5] Keiji Hirata, Yasunori Harada, Toshihiro Takada, et al. t-Room: Next Generation VideoCommunication System [A]. IEEE Global Telecommunications Conference (IEEEGLOBECOM2008)[C]. New Jersey: IEEE,2008:5536-5539.
[6] Deering S., Hinden R. Internet Protocol, Version6(IPv6) Specification [EB/OL]. IETFRFC2460, December1998.
[7] Amante S., Carpenter B., Jiang S., et al. IPv6Flow Label Specification [EB/OL].IETFRFC6437, November2011.
[8] GENI: Global Environment for Network Innovations [EB/OL]. http://www.geni.net.
[2012-03-15].
[9] FIND: Future Internet Design [EB/OL]. http://www.nets-find.net/.[2012-03-15].
[10] FIRE: Future Internet Research and Experimentation [EB/OL].http://cordis.europa.eu/fp7/ict/fire/.[2012-03-15].
[11] FIA: Future Internet Architectures [EB/OL]. http://www.nets-fia.net/.[2012-03-15].
[12] Bradner S.,Mankin A. IP: Next Generation (IPng) White Paper Solicitation [EB/OL].IETF RFC1550,December1993.
[13] Deering S., Hinden R. Internet Protocol, Version6(IPv6) Specification [EB/OL]. IETFRFC1883, December1995.
[14] Abley J., Savola P., Neville-Neil G. Deprecation of Type0Routing Headers in IPv6
[EB/OL].IETF RFC5095, December2007.
[15] Krishnan S. Handling of Overlapping IPv6Fragments [EB/OL].IETF RFC5722,December2009.
[16] vBNS: very high-speed Backbone Network Services [EB/OL].http://www2.gsu.edu/~wwwhsn/vbns/.[2012-03-15].
[17] Internet2[EB/OL]. http://www.internet2.edu/.[2012-03-15].
[18] GéANT2[EB/OL]. http://www.geant2.net/.[2012-03-15].
[19] TEIN2: Trans-Eurasia Information Network [EB/OL]. http://www.tein2.net/.
[2012-03-15].
[20]吴建平,李星,刘莹.下一代互联网体系结构研究现状和发展趋势[J].中兴通信技术,2011,17(2):10-14
[21]中国下一代互联网示范工程专家委员会. CNGI新技术、新业务研究试验情况
[EB/OL]. http://www.cngi.cn/gzdt/xjs0xywy/[2012-03-15]
[22]中国互联网络信息中心.中国互联网络发展状况统计报告[EB/OL].http://www.cnnic.cn/.2012年1月.
[23]李俊超.面向服务的云会议系统架构及其关键技术研究[D].合肥:中国科学技术大学,2011年
[24] ITU-T Recommendation H.100, Visual telephone systems [S]. InternationalTelecommunication Union,1988.
[25] ITU-T Recommendation H.110, Hypothetical reference connections for videoconferencing using primary digital group transmission [S]. InternationalTelecommunication Union,1988.
[26] ITU-T Recommendation H.320, Narrow-band visual telephone systems and terminalequipment [S]. International Telecommunication Union,2004
[27] ITU-T Recommendation H.321, Adaptation of H.320visual telephone terminals toB-ISDN environments [S]. International Telecommunication Union,1998.
[28] ITU-T Recommendation H.323, Packet-based multimedia communications systems [S].International Telecommunication Union,2009
[29] Handley M., Schulzrinne H., Columbia U. SIP: Session Initiation Protocol [EB/OL].IETF RFC2543, March1999.
[30] Rosenberg, J., Schulzrinne, H., Camarillo, G., et al. SIP: Session Initiation Protocol
[EB/OL]. IETF RFC3261, June2002.
[31] BeamYourScreen Corporation. Mikogo [EB/OL]. http://www.mikogo.com/.
[2012-03-15].
[32] Cisco System Corporation. WebEx [EB/OL]. http://www.webex.com/.[2012-03-15].
[33] West Corporation. InterCall [EB/OL]. http://www.intercall.com/.[2012-03-15].
[34] Microsoft Corporation. Skype [EB/OL]. http://http://skype.tom.com/.[2012-03-15].
[35] Cisco System Corporation. TelePresence[EB/OL].http://www.cisco.com/web/telepresence/.[2012-03-15].
[36] Polycom Inc. RealPresence [EB/OL].http://www.polycom.com/products/telepresence_video/telepresence_solutions/immersive_telepresence/.[2012-03-15].
[37] Johnson D., Perkins C., Arkko J. Mobility Support in IPv6[EB/OL]. IETF RFC3775,June2004.
[38] Savola P., Haberman B. Embedding the Rendezvous Point (RP) Address in an IPv6Multicast Address [EB/OL]. IETF RFC3956, November2004.
[39]吴建平,任罡,李星.构建基于真实IPv6源地址验证体系结构的下一代互联网[J].中国科学E辑:信息科学,2008,38(10):1583-1593.
[40] Garcia-Martin M. Input3rd-Generation Partnership Project (3GPP) Release5Requirements on the Session Initiation Protocol (SIP)[EB/OL]. IETF RFC4083, May2005.
[41]马骥,周晓光,辛阳,等.基于信任域的SIP认证机制[J].计算机工程,2009,35(12):131-136
[42] Yoon EJ., Yoo KY. A New Authentication Scheme for Session Initiation Protocol [A],in Proceedings of International Conference on Complex, Intelligent and SoftwareIntensive Systems [C], New York: IEEE Computer Society,2009:549–554.
[43] Durlanik A., Sogukpinar I. SIP Authentication Scheme Using ECDH [J] WorldAcademy Science, Engineering and Technology (WASET),2005,8(1):350–353.
[44] Srinivasan R., Vaidehi V., Harish K., et al. Authentication of Signaling in VoIPApplications [A]. In Proceedings of11th Asia-Pacific Conference on Communications(APCC)[C]. Washington: IEEE Communications Society,2005:530–533.
[45] Tsai JL. Efficient Nonce-based Authentication Scheme for Session Initiation Protocol[J]. International Journal of Network Security (IJNS),2009,9(1):12–16.
[46] Lee CC. On Security of An Efficient Nonce-based Authentication Scheme for SIP [J].International Journal of Network Security,2009,9(3):201–203.
[47] Peterson J., Jennings C. Enhancements for Authenticated Identity Management in theSession Initiation Protocol (SIP)[EB/OL]. IETF RFC4474, August2006.
[48] Elwell J. Connected Identity in the Session Initiation Protocol (SIP)[EB/OL]. IETFRFC4916, June2007.
[49] Arkko J., Torvinen V., Camarillo, et al. Security Mechanism Agreement for the SessionInitiation Protocol (SIP)[EB/OL]. IETF RFC3329, January2003.
[50] Bremler-Barr A., Halachmi-Bekel R., Kangasharju K. Unregister Attacks in SIP [A]. InProceedings of2nd IEEE Workshop on Secure Network Protocols [C]. Washington:IEEE,2006:32–37.
[51] Keromytis AD. Voice over IP: Risks, Threats and Vulnerabilities [EB/OL]. InProceedings of Cyber Infrastructure Protection (CIP) Conference, June2009.
[52] Geneiatakis D., Dagiuklas T., Kambourakis G., et al. Survey of Security Vulnerabilitiesin Session Initiation Protocol [J]. IEEE Communication Surveys Tutorials,2006,8(3):68–81.
[53] Zhang G., Ehlert S., Magedanz T., et al. Denial of Service Attack and Prevention on SIPVoIP Infrastructures Using DNS Flooding [A]. In Proceedings of1st InternationalConference on Principles, Systems and Applications of IP Telecommunications(IPTCOMM)[C]. New York: ACM,2007:57–66.
[54] Luo M., Peng T., Leckie C. CPU-based DoS Attacks Against SIP Servers [A]. InProceedings of IEEE Network Operations and Management Symposium (NOMS)[C],Washington: IEEE,2008:41–48.
[55]张兆心,方滨兴,张宏莉,等.基于改进SIP协议的SIP网络安全通信模型[J].通信学报,2007,28(12):39-47
[56] Geneiatakis D., Dagiuklas T., Kambourakis G., et al., Survey of Security Vulnerabilitiesin Session Initiation Protocol [J]. IEEE Communications Surveys&Tutorials,2006,8(3):68-81.
[57] David Endler, Mark Collier. Hacking Exposed VoIP: Voice Over IP Security Secrets&Solutions [M]. Osborne: McGraw-Hill,2007:389-482
[58] Sven Ehlerta, Dimitris Geneiatakisb, Thomas Magedanza. Survey of network securitysystems to counter SIP-based denial-of-service attacks [J]. Computers&Security,2010,29(2):225-243.
[59] Schulzrinne H., Casner S., Frederick R, et al. RTP: A Transport Protocol for Real-TimeApplications [EB/OL]. IETF RFC3550, July2003.
[60] Wieser C., R ning J., Takanen A. Security analysis and experiments for Voice over IPRTP media streams [EB/OL]. In Proceedings of8th International Symposium on Systemsand Information Security (SSI'2006), November08-10,2006.
[61] Baugher M., McGrew D., Naslund M., et al. The Secure Real-time Transport Protocol(SRTP)[EB/OL]. IETF RFC3711, March2004.
[62] Andreasen F., Baugher M., Wing D. Session Description Protocol (SDP) SecurityDescriptions for Media Streams [EB/OL]. IETF RFC4568, July2006.
[63] Zimmermann P., Johnston A., Callas J. ZRTP: Media Path Key Agreement for UnicastSecure RTP [EB/OL]. IETF RFC6189, April2011.
[64] Arkko J., Carrara E., Lindholm F., et al. MIKEY: Multimedia Internet KEYing [EB/OL].IETF RFC3830, August2004.
[65] McGrew D., Rescorla E. Datagram Transport Layer Security (DTLS) Extension toEstablish Keys for the Secure Real-time Transport Protocol (SRTP)[EB/OL]. IETF RFC5764, May2010.
[66] Petraschek M., Hoeher T., Jung O., et al. Security and Usability Aspects ofMan-in-the-Middle Attacks on ZRTP [J]. Journal of Universal Computer Science,2008,14(5):673–692.
[67] Gurbani VK., V Kolesnikov. A Survey and Analysis of Media Keying Techniques in theSession Initiation Protocol (SIP)[J]. IEEE Communications Surveys&Tutorials,2011,13(2):183-198.
[68] Gurbani VK., Kolesnikov V. Work in Progress: A secure and lightweight scheme formedia keying in the Session Initiation Protocol (SIP)[A]. In Proceedings of4th AnnualACM Conference on Principles, Systems and Applications of IP Telecommunications(IPTCOMM)[C]. New York: ACM,2010:32–41.
[69] Floroiu J., Sisalem D. A Comparative Analysis of the Security Aspects of theMultimedia Key Exchange Protocols [A]. In Proceedings of3rd International Conferenceon Principles, Systems and Applications of IP Telecommunications (IPTComm)[C],New York: ACM,2009:2:1–2:10.
[70] Shi C, Wang SY, Bhargava B. MPEG video encryption in real-time using secret keycryptography [A]. International conference on parallel and distributed processingtechniques and applications (PDPTA’99)[C]. Las Vegas:CSREA Press,1999:2822–2828.
[71] Xie D., Kuo C-CJ. Multimedia encryption with joint randomized entropy coding androtation in partitioned bitstream [J]. EURASIP Journal on Information Security,2007,2007(1):1-18.
[72] Qiao L., Nahrstedt K. Comparison of MPEG encryption algorithms [J]. Computer andGraphics,1998,22(4):437–48.
[73] Liu F., Koenig H. Puzzle-a novel video encryption algorithm [A]. IFIP CMS2005,LNCS3677[C]. Heidelberg: Springer,2005:88–97.
[74] Fuwen Liu, Hartmut Koenig. A survey of video encryption algorithms [J]. computers&security,2010,29(1):3–15.
[75] IETF Multicast Security (msec) Working Group [EB/OL].http://datatracker.ietf.org/wg/msec/charter/.[2012-03-15].
[76] IETF MBONE Deployment (mboned) Working Group [EB/OL].http://datatracker.ietf.org/wg/mboned/charter/.[2012-03-15].
[77] Group Security Research Group (GSEC)[EB/OL]. http://irtf.org/concluded/gsec/.
[2012-03-15].
[78] Hardjono T., Weis B. The Multicast Group Security Architecture [EB/OL]. IETF RFC3740, March2004.
[79] Baugher M., Canetti R., Dondeti L. Multicast Security (MSEC) Group KeyManagement Architecture [EB/OL]. IETF RFC4046, April2005.
[80] Ramachandran K., Almeroth K. MAFIA: A Multicast Management Solution for AccessControl and Packet Filtering [A].IEEE/IFIP Conference on Management of MultimediaNetworks and Services, LNCS2839[C]. Heidelberg: Springer,2003:64-77.
[81]周贤伟,杨军,薛楠等.IP组播与安全[M].北京:国防工业出版社,2006:1-64.
[82]刘海燕,张云峰,钱文光.基于组播的会议系统源认证安全方案[J].微处理机,2009,30(3):39-42
[83] Rosenberg J. A Framework for Conferencing with the Session Initiation Protocol (SIP)
[EB/OL]. IETF RFC4353, February2006.
[84] Barnes M., Boulton C., Levin O. A Framework for Centralized Conferencing [EB/OL].IETF RFC5239, June2008.
[85] Roach AB. Session Initiation Protocol (SIP)-Specific Event Notification [EB/OL]. IETFRFC RFC3265, June2002.
[86] Johnston A., Levin O. Session Initiation Protocol (SIP) Call Control-Conferencing forUser Agents [EB/OL]. IETF RFC4579, August2006.
[87] Levin O., Even R. High-Level Requirements for Tightly Coupled SIP Conferencing
[EB/OL]. IETF RFC4245, November2005.
[88] Koskelainen P., Ott J., Schulzrinne H., et al. Requirements for Floor Control Protocols
[EB/OL]. IETF RFC4376, February2006.
[89] Even R., Ismail N. Conferencing Scenarios [EB/OL]. IETF RFC4597, July2006.
[90] Camarillo G., Ott J., Drage K. The Binary Floor Control Protocol (BFCP)[EB/OL].IETF RFC4582,November2006.
[91] Knapp KJ., Morris RF., Marshall TE., et al. Information security policy: Anorganizational-level process model [J]. COMPUTERS and SECURITY,2009,28(7):493-508.
[92] Condell M. Multidimensional Security Policy Management and Enhancements for IPSecurity Policy [EB/OL]. IETF draft-ietf-ipsp-msme-00, November14,2001.
[93] Dan York. Seven Deadliest Unified Communications Attacks [M]. Burlington: SyngressMedia Inc,2010:17-136.
[94] Sangster P., Khosravi H., Mani M., et al. Network Endpoint Assessment (NEA):Overview and Requirements [EB/OL]. IETF RFC5209, June2008.
[95] Trusted Computing Group. TCG Specification Architecture Overview Specification
[EB/OL].http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14,August2007.
[96] Trusted Computing Group. TPM Main Specification Level2Version1.2, Revision116
[EB/OL]. http://www.trustedcomputinggroup.org, March2011.
[97] Trusted Computing Group. TCG Trusted Network Connect, TNC IF-TNCCS: TLVBinding, Specification Vision2.0, Revision16[EB/OL].http://www.trustedcomputinggroup.org, January2010.
[98] Gallery E, Mitchell CJ. Trusted Computing: Security and Applications [J], Cryptologia,2009,33(3):217-245.
[99] Song Z., Molina J., Lee S., et al. Trustcube: An infrastructure that builds trust in client
[A]. In Proceedings of the First International Conference Future of Trust in Computing
[C]. Heidelberg: Springer,2009:68-79.
[100] Song Zhexuan, Kotani Seigo, Masuoka Ryusuke. Building an Independent IntegratedAuthentication Service [A]. The9th International Conference for Young ComputerScientists [C]. New York: IEEE computer society,2008:2254-2259.
[101] Briekell Ernie, Camenisch Jan, Chen Liqun. Direct Anonymous Attestation [A]. InCCS’04Proceedings of the11th ACM conference on Computer and communicationssecurity [C], New York: ACM,2004:132-145.
[102] Canetti R. Universal composable security: A new paradigm for cryptographic protocols
[A]. In42nd Annual Symposium on Foundations of Computer Science (FOCS2001)[C].New York: IEEE Computer Society,2001:136-145.
[103] Canetti R. Universally composable signature, certification, and authentication [A]. InProceedings of the17th IEEE Computer Security Foundations Workshop (CSFW16)[C].New York: IEEE Computer Society,2004:219-233.
[104] Wu, J., Ren, G., Li X. Source Address Validation: Architecture and Protocol Design
[A]. In Proceedings of the IEEE International Conference on Network Protocols2007(ICNP2007)[C]. Washington: IEEE,2007:276-283.
[105] Wu J., Bi J., Li X., et al. A Source Address Validation Architecture (SAVA) Testbedand Deployment Experience [EB/OL]. IETF RFC5210, June2008.
[106] Ferguson P., Senie D. Network Ingress Filtering: Defeating Denial of Service Attackswhich employ IP Source Address Spoofing [EB/OL]. IETF RFC2827, May2000.
[107] Baker F., Savola P. Ingress Filtering for Multihomed Networks [EB/OL]. IETF RFC3704, March2004.
[108] Li J., Mirkovic J., Wang M., et al. SAVE: Source Address Validity EnforcementProtocol [A]. In Proceedings of INFOCOM2002[C], Washington: IEEE,2002:1557-1566.
[109] Massey Dan, Mankin Allison,Wu CL., et al. Intention-Driven ICMP Trace-Back
[EB/OL]. IETF draft-ietf-itrace-intention-00, November2001.
[110] Source Address Validation Improvements (SAVI)[EB/OL].https://datatracker.ietf.org/wg/savi/charter/,[2012-03-15].
[111] McPherson D., Baker F., Halpern J. SAVI Threat Scope [EB/OL]. IETFdraft-ietf-savi-threat-scope-05, April2011.
[112] Bi J., Wu J., Yao G., et al. SAVI Solution for DHCP [EB/OL]. IETFdraft-ietf-savi-dhcp-12, February2012.
[113] Nordmark E., Bagnulo M., Levy-Abegnoli E. FCFS SAVI: First-Come First-ServeSource-Address Validation for Locally Assigned IPv6Addresses [EB/OL]. IETFdraft-ieft-savi-fcfs-14, February2012.
[114] Wu J., Bi J., Bagnulo M., et al. Source Address Validation Improvement Framework[EB/OL]. IETF draft-ietf-savi-framework-06, December2011.
[115] Watson M. Short Term Requirements for Network Asserted Identity [EB/OL]. IETFRFC3324, November2002.
[116] Abdelnur H., Avanesov T., Rusinowitch M., et al. Abusing SIP Authentication [A], InProccedings of the Fourth International Conference on Information Assurance andSecurity [C], Washington: IEEE,2008:237-242.
[117] Peterson J., Jennings C. Enhancements for Authenticated Identity Management in theSession Initiation Protocol (SIP)[EB/OL]. IETF RFC4474, August2006.
[118] Shamir A. Identity-based Cryptosystems and Signature Schemes [A]. Advances inCryptology: Proceedings of CRYPTO84, LNCS196[C], Heidelberg: Springer,1985:47-53.
[119] Boneh D., Franklin MK. Identity-Based Encryption from the Weil Pairing [A].Advances in Cryptology-CRYPTO2001, LNCS2139[C]. Heidelberg: Springer,2001:213–229.
[120] Paterson KG., Schuldt JCN. Efficient identity based signatures secure in the standardmodel [A]. Information Security and Privacy-ACISP2006, LNCS4058[C]. Heidelberg:Springer,2006:207–222.
[121]胡亮,赵阔,袁巍等,基于身份的密码学[M].北京:高等教育出版社,2011:1-33.
[122] Gentry C, Silverbery A. Hierarchical ID-based cryptography [A]. Advances inCryptology-ASIACRYPT2002, LNCS2501[C]. Heidelberg: Springer,2002:149-155.
[123] Goyal V. Reducing Trust in the PKG in Identity Based Cryptosystems [A]. Advancesin Cryptology-Crypto2007, LNCS4622[C]. Heidelberg: Springer,2007:430-447.
[124] SIP Express Router (SER) Version0.9.6[EB/OL]. http://www.iptel.org/. January11,2006.
[125] SIPp Version3.1.2[EB/OL]. http://sipp.sourceforge.net/. November16,2010.
[126] Deering S. Host Extensions for IP Multicasting [EB/OL]. IETF RFC1112, August1989.
[127] Metz C., Tatipamula M. A Look at Native IPv6Multicast [J]. IEEE Internet Computing,2004,8(4):48-53.
[128] Bhattacharyya S. An Overview of Source-Specific Multicast (SSM)[EB/OL]. IETFRFC3569, July2003.
[129] Weis B., Gross G., Ignjatic D. Multicast Extensions to the Security Architecture for theInternet Protocol, IETF RFC5374, November2008.
[130] Savola P., Lehtonen R., Meyer D. Protocol Independent Multicast-Sparse Mode(PIM-SM) Multicast Routing Security Issues and Enhancements [EB/OL]. IETF RFC4609, August2006.
[131] Hayashi T., Satou H., Ohta H., et al. Requirements for Multicast AAA coordinatedbetween Content Provider(s) and Network Service Provider(s)[EB/OL]. IETFdraft-ietf-mboned-maccnt-req-10, August2010.
[132] Satou H., Ohta H., Hayashi T., et al. AAA and Admission Control Framework forMulticasting [EB/OL]. IETF draft-ietf-mboned-multiaaa-framework-12, August2010.
[133] Reuther B., Müller P. Future Internet Architecture–A Service Oriented Approach [J].Information Technology,2008,50(6):383-389.
[134] Braun T., Hilt V., Hofmann M., et al. Service-Centric Networking [A].2011IEEEInternational Conference on Communications Workshops (ICC)[C]. Washington: IEEE,2011:1-6.
[135] Cisco System Corporation. Service Oriented Network Architecture (SONA)[EB/OL].http://www.cisco.com/en/US/netsol/ns629/index.html.[2012-03-15].
[136] Baldine I., Vellala M., Wang A., et al. A unified software architecture to enablecross-layer design in the future internet [A]. In Proceedings of Sixteenth IEEEInternational Conference on Computer Communications and Networks (ICCCN)[C].Washington: IEEE,2007:26-32.
[137] Dutta R., Rouskas GN., Baldine I., et al. The SILO architecture for services integration,control, and optimization for the future internet [A]. In Proceedings of IEEE InternationalConference on Communications (ICC)[C]. Washington: IEEE,2007:1899–1904.
[138] Keller R., Ramamirtham J., Wolf T., et al. Active pipes: Program composition forprogrammable networks [A]. In Proceedings of the2001IEEE Conference on MilitaryCommunications (MILCOM)[C]. Washington: IEEE,2001:962-966.
[139] Shanbhag S., Wolf T. Implementation of end-to-end abstractions in a network servicearchitecture [A]. In Fourth Conference on emerging Networking EXperiments andTechnologies (CoNEXT)[C]. New York: ACM,2008:1-12.
[140] Michael Bell. Service-Oriented Modeling: Service Analysis, Design, and Architecture
[M]. New Jersey: John Wiley and Sons.2008:1-27
[141] Josuttis NM. SOA实践指南—分布式系统设计的艺术[M].程桦译.北京:电子工业出版社,2008:11-46.
[142] W3C Working Group. Web Services Glossary [EB/OL].http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/. February2004.
[143] W3C. SOAP Version1.2Part1: Messaging Framework [EB/OL].http://www.w3.org/TR/soap12-part1/. April2007.
[144] W3C. Web Services Description Language (WSDL) Version2.0Part1: CoreLanguage [EB/OL]. http://www.w3.org/TR/wsdl20/. June2007.
[145] OASIS. OASIS UDDI Specifications TC-Committee Specifications [EB/OL].http://www.oasis-open.org/committees/uddi-spec/doc/tcspecs.htm/.[2012-03-15].
[146] Enns R., Bjorklund M., Schoenwaelder J., et al. Network Configuration Protocol(NETCONF)[EB/OL]. IETF RFC6241,June2011.
[147] Enns R. NETCONF Configuration Protocol [EB/OL]. IETF RFC4741, December2006.
[148] Deering S., Fenner W., Haberman B. Multicast Listener Discovery (MLD) for IPv6[EB/OL]. IETF RFC2710, October1999.
[149] Vida R., Costa L. Multicast Listener Discovery Version2(MLDv2) for IPv6[EB/OL].IETF RFC3810, June2004.
[150] IEEE Std802.1D-2004, IEEE Standard for Local and metropolitan area networks,Media Access Control (MAC) Bridges [S]. New York: IEEE Computer Society,2004
[151] Christensen M., Kimball K., Solensky F. Considerations for Internet GroupManagement Protocol (IGMP) and Multicast Listener Discovery (MLD) SnoopingSwitches [EB/OL]. IETF RFC4541, May2006.
[152] Hinden R., Deering S. IP Version6Addressing Architecture [EB/OL]. IETF RFC4291,February2006.
[153] VLC (Version1.1.9)[EB/OL]. http://www.videolan.org/.[2012-3-15].
[154] Wiresharp: network protocol analyzer [EB/OL]. http://www.wireshark.org/.[2012-3-15].