指导
网站地图
返回首页

认证服务:多播安全

论文价格: 免费 时间:2016-04-11 17:01:50 来源:www.ukassignment.org 作者:留学作业网
多播安全
 
多播安全问题是其中的一个重要问题。多播服务要求比单播服务更安全。在多播过程中,多个实体在没有任何信任关系的过程中相互参与。威胁包括未经授权的创建、更改、销毁和不合法的使用数据。多播会话的范围是广泛的,因此相比于单播会话,这就是为什么它更容易受到安全攻击的原因。
 
为了减少多播安全问题,我们可以实现许多安全服务。这些服务可以进一步分为四个领域,如认证、授权、加密和数据完整性等方面的定义。为了最大限度地减少安全问题,多播通信可以使用全部或一些服务来获得所需的安全级别。在特定的需求和需求下,一个安全级别所需要的服务将被定义为特定的策略。
 
认证服务是提供参与的主机身份验证过程,因此它们可以被允许创建、发送或接收数据并执行特定的任务。在认证的帮助下,只允许授权的主机加入一个安全的多播组。
 
多播安全---Security in multicasting
 
Security in multicasting is one of the main and important issues. Multicast services require more security than the unicast services. In multicasting process more entities participate with each other without any trusted relationship. Threats include the unauthorized creation, alteration, destruction, and illegitimate use of data.The scope of multicast session is broad as compared to unicast session that's why it is much vulnerable to security attacks.
 
To reduce multicast security issues we can implement many security services. These services can be further categories into four areas such as authentication, authorization, encryption and data integrity as defined .To minimize security issues multicast communication may use all or some of the services to get a required level of security. The services needed for a security level will be defined by a certain policy under the specific requirements and needs of the session.
 
Authentication service is process of providing assurance of the participating host identity, so they may be allowed to create, send or receive data and to execute specific tasks. With help of authentication only Authorized hosts are permitted to join a secure multicast group.
 
More over authentication is a vital part in offering control to key material. If cryptographic techniques like as encryption for confidentiality are applied then authentication may offer a method to control access to keys used to secure group communication. For the establishment of session availability and distribution of keys only authorized group members should access those keys. In order to identify the source of multicast traffic, authentication mechanisms may be applied by the traffic source.
 
This application serves to further define group membership by positively identifying group members along with their data being sourced to the group. Protocols such as the IP Authentication Header (AH) can provide authentication for IP datagrams and may be used for host authentication . Authentication is also an essential part of any key distribution protocol .
 
To counter various masquerades and replay attacks that may be conducted against a secure multicast session keying material is used because it can identify the source of the key material. By applying authentication pattern to multicast groups data can achieve strong level of integrity.
 
Integrity services provide assurance that multicast traffic is not changed during transmission. Integrity is not inherent to IP datagram traffic payloads and is usually reserved for transport layer protocols. The lack or weakness of integrity services in IP can lead to spoofing attacks .
 
Strong integrity mechanisms can be applied indirectly at the network layer with security protocols such as the Encapsulating Security Payload (ESP) and AH . The applications having key management protocols, integrity services are necessary against spoofing attacks.
 
Confidentiality services are important in creating a private multicast session. Normally encryption is used for establishment of private multicast sessions. With time/-to/-live (TTL) setting we can get a weaker form confidentiality by restricting data distribution of routed session.
 
On different layers of protocol stack encryption can be applied to end services. At network layer, ESP provides confidentiality services for IP datagrams through encryption. Key management protocols such as the Internet Security Association and Key Management Protocol (ISAKMP) support confidentiality services for key exchanges.
 
关键管理问题---Issues of key management:
 
We can accomplish required levels of confidentiality, integrity and authentication for multicast session by use of encryption and digital signatures. By having a robust security mechanism which cannot be easily defeated by cryptanalytic attacks, our concentration is now on key management, key distribution and access control for protecting key material. For this reason, secure multicast session has class D IP address and essential keying material. The encryption mechanism, enforced security policy and key structure dictate size, type and number of keys to guard multicast session.
 
In order to maintain the security of session access to these keys must restricted. So, strong authentication mechanism should be applied during the registration process before distributing key material to each device. When these personal attributes are bound to a signed digital certificate, the certificate's digital signature and its relationship in a certificate hierarchy may verify the identity of a participant and their assigned permissions.
 
In a multicast session it may be required to issue a new key or rekey depending on the security policy and traffic flow encrypted under a certain key. A rekey can also be done in case suspected event is detected. Rekey is sometime performed to deny the access to compromised site for future communication, without heavily affecting the other devices.
 
Depending on the implemented security mechanism, voluntary exit of a device from a session is also included in compromise category. Rekey is required sometimes to prevent the previous device from joining the session without re registration. The need of rekey is dependent upon policy issues as well as practical tradeoffs. Policy of "flat or hierarchical" group trust is efficient in some scenarios greatly decreasing complexity required for dynamic key management.
 
{ Computer Communications Security: Principles, Standard Protocols and Techniques, W. Ford, Prentice Hall, 1994.}.
Security Architecture for the Internet Protocol, R. Atkinson, RFC-1825, Naval Research Laboratory, August 1995.
IP Encapsulating Security Payload (ESP), R. Atkinson, RFC-1827, Naval Research Laboratory, August 1995.
IP Authentication Header, R. Atkinson, RFC-1826, Naval Research Laboratory, August 1995.
Internet Security Association and Key Management Protocol (ISAKMP), D. Maughan, M. Schertler, M. Schneider, J. Turner, Internet-Draft, draft-ietf-ipsecisakmp- 07.txt, 21 February 1997.
Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACM Computer Communications Review, Vol. 19, No. 2, March 1989.
Applied Cryptography, Second Edition: Protocols, Algorithms and Source Code in C, B. Schneier, John Wiley & Sons, Inc., 1996.
此论文免费


如果您有论文代写需求,可以通过下面的方式联系我们
点击联系客服
如果发起不了聊天 请直接添加QQ 923678151
923678151
推荐内容
  • Term paper写作格式...

    term paper写作格式参考-直接税对消费者均衡的影响。本学期论文旨在检验和确定影响消费者均衡的各种直接税因素的影响。主要供各位参考国外大学的termpap......

  • Termpaper格式范文A...

    本文是一篇termpaper范文节选,主要内容是关于全球化与社会福利通过研究分析全球化作为经济、社会和政治力量的一体化和相互关联的进程,产生了各种结果。...

  • 英国coursework指导...

    惠普是美国著名的跨国信息技术公司。它在1934年由比尔•休利特和戴维•帕卡德创立。公司名字就是从两位创造者的名字中来的。惠普已经发展成世界上最大的信息技术公司之......

  • 计算机联锁的发展要求及发展方...

    文章主要提出一种全电子、模块化的计算机联锁系统,并对计算机联锁以后的发展趋势进行了分析,希望随着计算机技术和电子制造技术的发展,全电子模块化的计算机联锁系统成为......

  • 澳洲艺术业论文范文:联合的即...

    历史发展到21世纪,为世人展现出一幅多元的文化图景。很多原有的文化局面在新世纪新观念的冲击下重组再生;同时,随着这一文化格局的改变,人们对多元文化现象的思考日趋......

  • 澳洲经济类term pape...

    本文首先介绍了公司股票回购制度的概况,并对该项制度进行利弊评析,然后在介绍分析境外若干个国家或地区有关股票回购市场准入等相关规定的基础上,剖析了我国股票回购的发......

923678151