IP电话安全技术研究与实现
摘要
本文课题来源于中国国家信息安全测评认证中心重点项目,目前,该项目已
经完成,并已通过测试及初步鉴定,将于2001年4月正式鉴定。
本文详细分析了在大型企业环境中使用IP电话时面临的安全问题,论文按如
下思路展开:首先提出IP电话应用的安全要求,然后分析安全漏洞,根据安全
要求,针对安全漏洞提出需要提供的安全服务,然后选取合适的加密算法和协议
构建出一个安全模型,经过分析这个安全模型的脆弱性,证明其安全性之后,给
出了这个安全模型的实现,最后,将提出的模型和传统的方法做了优劣比较,并
对进一步的研究做了一个展望。
本文提出了如下H.323 IP电话安全解决方案;使用SRP认证协议实现用户身
份鉴别,用IDEA加密算法加密IP电话应用中各类控制信息及语音信息,用对
称密码学密钥交换协议实现密钥交换。并通过一组模块化的安全套件实现了该安
全方案。
This project is from CNISTEC (China National Information Secure Testing and
Evaluation Center) .Now , the project has been completed, and will be authenticated
in April ,2001.
In this paper I analyzed the kcure problems of H323 LP phone application when
used in enterprise enviroment in detail : First 71 bringed up the secure requirements to
the IP Phone application ;then ,I analyzed the secure loophole ;according to the secure
requirement ,I presented the secure service which was needed to solve the secure
leak .Then to chose the appropriate cryptographic algorithm and protocol to construct
a secure model After analyzing the vulnerability of the secure model and proving its
security ,I gave the implement of the secure model in the end ,I compared my secure
model with the custom scheme and presented what needed to be done the next step.
In this paper ,I bringed up a secure scheme which used SRP protocol as the
authentication protocol ,used IDEA to encipher the control information and voice data
of the IP Phone application ,and used symmetrical cryptographic key exchange
protocol as my key exchange protocol . And I gave the implement of the secure
scheme which used a group of secure set.
经完成,并已通过测试及初步鉴定,将于2001年4月正式鉴定。
本文详细分析了在大型企业环境中使用IP电话时面临的安全问题,论文按如
下思路展开:首先提出IP电话应用的安全要求,然后分析安全漏洞,根据安全
要求,针对安全漏洞提出需要提供的安全服务,然后选取合适的加密算法和协议
构建出一个安全模型,经过分析这个安全模型的脆弱性,证明其安全性之后,给
出了这个安全模型的实现,最后,将提出的模型和传统的方法做了优劣比较,并
对进一步的研究做了一个展望。
本文提出了如下H.323 IP电话安全解决方案;使用SRP认证协议实现用户身
份鉴别,用IDEA加密算法加密IP电话应用中各类控制信息及语音信息,用对
称密码学密钥交换协议实现密钥交换。并通过一组模块化的安全套件实现了该安
全方案。
This project is from CNISTEC (China National Information Secure Testing and
Evaluation Center) .Now , the project has been completed, and will be authenticated
in April ,2001.
In this paper I analyzed the kcure problems of H323 LP phone application when
used in enterprise enviroment in detail : First 71 bringed up the secure requirements to
the IP Phone application ;then ,I analyzed the secure loophole ;according to the secure
requirement ,I presented the secure service which was needed to solve the secure
leak .Then to chose the appropriate cryptographic algorithm and protocol to construct
a secure model After analyzing the vulnerability of the secure model and proving its
security ,I gave the implement of the secure model in the end ,I compared my secure
model with the custom scheme and presented what needed to be done the next step.
In this paper ,I bringed up a secure scheme which used SRP protocol as the
authentication protocol ,used IDEA to encipher the control information and voice data
of the IP Phone application ,and used symmetrical cryptographic key exchange
protocol as my key exchange protocol . And I gave the implement of the secure
scheme which used a group of secure set.
引文
[1] Thomas Wu. The Secure Remote Password Protocol. http://www.integritysciences.com/.
[2] David Wagner, Bruce Schneier . Analysis of the SSL 3. 0 protocol. AT&T Reserch. 1997 年10月.
[3] Steven M. Bellovin . Problem Areas for the IP Security Protocols. http: // www . integritvsciences.com/ links.html.
[4] Bruce Schneier. Applied Cryptography. John Wiley & Sons, Inc., New York. 1996.
[5] B.A.LaMacchia and A.M.Odlyzko. Computation of discrete logarithms in prime fields. http://wwwintegritysciences.com/links.html.
[6] D.Jablon. Extended password methods immune to dictionary attack, WETICE '97 Enterprise Security Workshop, Cambridge, MA. 1997年7月.
[7] S.M.Bellvovin and M.Merritt. Encrypt ed key exchange: Password-based protocols secure against dictionary attacks. Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy 72页-84页.1992.
[8] ITU-T. H.323 标准. http://www.packetizer.com/iptel/h323/.
[9] 甘杰夫。用IPSec 实现安全IP电话.中国计算机协会信息保密专业委员会第十届年会会 议论文集。2000年9月。
[2] David Wagner, Bruce Schneier . Analysis of the SSL 3. 0 protocol. AT&T Reserch. 1997 年10月.
[3] Steven M. Bellovin . Problem Areas for the IP Security Protocols. http: // www . integritvsciences.com/ links.html.
[4] Bruce Schneier. Applied Cryptography. John Wiley & Sons, Inc., New York. 1996.
[5] B.A.LaMacchia and A.M.Odlyzko. Computation of discrete logarithms in prime fields. http://wwwintegritysciences.com/links.html.
[6] D.Jablon. Extended password methods immune to dictionary attack, WETICE '97 Enterprise Security Workshop, Cambridge, MA. 1997年7月.
[7] S.M.Bellvovin and M.Merritt. Encrypt ed key exchange: Password-based protocols secure against dictionary attacks. Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy 72页-84页.1992.
[8] ITU-T. H.323 标准. http://www.packetizer.com/iptel/h323/.
[9] 甘杰夫。用IPSec 实现安全IP电话.中国计算机协会信息保密专业委员会第十届年会会 议论文集。2000年9月。