IP网络组播技术的新发展

本文综述了IP网络中组播实现体制和技术的新发展。首先．对在IP层实现组播的体系结构——IP组播进行了深入的探讨，分析、比较了IP组播两种业务模型——标准业务模型和确定源节点业务模型，讨论了IP组播存在的问题和发展趋势。接着，对应用层实现组播的体系结构进行了讨论，描述了应用层组播体制的主要功能和机制，对主要的几个应用层组播方案进行了比较，探讨了应用层组播体制的优缺点。最后对未来Internet中组播业务的实现提出了一些看法。     

基于IPv6的特定源组播的组播侦听发现技术

随着组播技术的发展,特定源组播已经作为一种切实可行的通信模型.本文在探讨特定源组播和组播侦听发现协议的工作原理和体系结构的基础上,研究了基于组播侦听者的组播侦听发现协议的实现机制和内核流程,并针对现存的组播接口状态转换问题,给出了解决方案.     

信息与网络安全防范技术

介绍了信息与网络安全的含义，分析了当前网络安全问题及其成因，给出了网络安全体系结构和安全防范的关键技术，提出了解决网络安全的具体对策和发展方向。     

信息与因特网络安全防范技术

介绍了信息与网络安全的含义，分析了当前网络安全问题及其成因，给出了网络安全体系结构和安全防范了的关键技术，提出了解决网络安全的具体对策和发展方向。     

基于GBA的MBMS终端安全体系研究

给出了3GPP中基于GBA的多媒体广播组播业务（MBMS）安全体系结构,分析了MBMS基于GBA的终端密钥管理体系及实现流程。     

有扰信道下基于门限密码的链式组播源认证技术

组播是一种被广泛应用的通信技术.组播源认证是组播安全中的重要问题,特别是在有扰信道中实现组播源认证具有很大的挑战性.该文提出一种基于门限密码的链式组播源认证技术,以解决有扰信道上的组播源认证问题.基于组播源认证的安全需求和Dolev-Yao模型,该文首先给出链式组播源认证的安全假设和安全模型;然后结合Shamir的门限秘密共享技术,设计一种适合于有扰信道的组播源认证协议并进行了安全性分析.对协议的仿真结果表明,该文设计的组播源认证在保证较好的通信性能前提下具有良好的抗丢包能力.     

IP组播密钥管理技术研究

为了在IP组播中实现用户身份认证等安全管理,避免IP组播中的不安全因素,提出了一种运用门限技术和椭圆曲线密钥体制相结合的方案,构建一个IP组播服务系统并在其上分层实现了组播密钥的分发与恢复。最后通过实验测试给出了此方案的管理代价,证明了此方案可以很好地实现IP组播应用中的密钥管理,有效地解决了用户身份认证和授权管理问题,实现了安全IP组播。     

门限技术在组播密钥管理中的应用

目前组播协议以其节省带宽等优点被广泛认可,但在安全性和可靠性方面存在着一些问题。针对组播应用中所涉及到的密钥管理问题,提出一种运用动态门限技术和组播安全代理结合的方案,通过构建一个IP组播安全管理系统来实现组播密钥的分发和恢复,进而讨论了由成员加入和退出引起的密钥更新问题,最后针对该系统给出实验测试并讨论了采用此方案引起的更新代价,说明采用该方案可以较好地解决组播应用中的授权管理问题,实现安全组播。     

基于CERNET 2的安全组播体系设计

随着Internet的迅速发展,组播应用越来越广泛,组播安全问题也更为重要;IPv6也会在不久的将来得到广泛应用,研究IPv6下的组播安全体系是很有必要的.基于IPv6的宽组播地址空间,针对CERNET 2网络的特性及其纯IPv6的环境,将IKAM与Iolus体系比较结合,设计出一个CERNET 2上的、IPv6环境下的IP组播安全体系结构(简称为CDMSA),并对该结构进行了分析和评价.     

一种基于混合策略的动态组播密钥管理方案

组播密钥管理是当前组播安全研究的热点问题。在分析现有方案的基础上，考虑一种混合策略：将基于组的层次结构机制Iolus与基于密钥层次结构机制LKH的优点结合起来，提出了一种适合大型动态组播的可扩展的分层分组方式的密钥管理方案。该方案有效地降低了密钥更新的代价，具有较高的效率与较好的可扩展性．适合于解决大型动态组播的密钥管理问题。     

Improving Satellite Multicast Security Scalability by Reducing Rekeying Requirements

As multicasting technologies grow in popularity, so does the need for scalable security architectures to support the user base. Significant research efforts are ongoing in the areas of group-key distribution and management. However, little research has addressed the security of very large, distributed groups communicating via low-earth orbit satellite networks. In this article, we review the requirements common to most secure, multicast networking environments; discuss existing scalable multicast security architectures; and present a novel modular scalable architecture for secure multicast, adapted to a low-earth orbit satellite system. Simulated results reveal a twelve-fold reduction in average user rekeying and an order of magnitude reduction in required key distribution versus the baseline architecture.     

IP multicast security: Issues and directions

Security represents one of the major current obstacles to the wider deployment of IP multicast. The present work identifies and discusses various concepts and issues underlying multicast security. A classification of the current issues is provided, covering some core problems, infrastructure problems, and certain complex applications that might be built atop secure ip multicast. Three broad core problems are defined, namely fast and efficient source authentication for high data-rate applications, secure and scalable group key management techniques and the need for methods to express and implement policies specific to multicast security. The infrastructure problem areas cover the issues related to the security of multicast routing protocols and reliable multicast protocols. The topic of complex application covers more advanced issues, typically relating to secure group communication at (or above) the session layer which may be built using an eventual secure multicast infrastructure. A brief summary of the relevant developments, including those in the ietf, is provided.     

一种集中式的组播授权策略

集中式的组播授权策略采用组控制器加强对安全组成员的管理,并通过授权表实现对组成员的统一授权,使得只有通过授权的参与者才能具有与安全组成员的安全通信能力,授权表和安全组的动态更新与分发,有效地支持前向加密、后向加密和抗同谋破解。     

Secure Multicast in Wireless Networks of Mobile Hosts: Protocols and Issues

Multicast services and wireless interconnection networks are among the emerging technologies of the last decade. A significant amount of research has been separately performed in the areas of secure multicast and wireless interconnection networks. In this paper we investigate the issues of designing secure multicast services in wireless mobile environments for dynamic groups and propose protocols for key management for a variety of scenarios. Our solution decouples mobility management from group dynamics management, by taking into account the level of trust in the support stations. In particular, we show that protocol efficiency on the mobile host side can be traded-off with the level of trust in the support stations.     

基于数字证书的树型结构安全多播方案

该文提出一种基于数字证书的安全多播方案，采用树型的多播拓扑结构。多播树中的每个节点都有一个标识其身份的数字证书，除了成员身份认证外，还可以安全地分发会话密钥和实现会话数据的认证，因而减少了多播群密钥管理的复杂度；由于采用分层的树型多播结构，成员加入和退出有了更大的可扩展性。     

Cost analysis of multicast transport architectures in multiservicenetworks

The paper provides a cost analysis of multicast channels in terms of transport resources allocated by the network. The analysis takes into account the diverse transport requirements of applications in multiservice networks such as multisource broadcasting of data to a common set of destinations, bidirectional/unidirectional data transfers among entities, and variable transfer rates of data. The cost model consists of mapping the transport attributes to resource demands and computing the network-wide resource consumptions for data transport. The cost analysis is independent of the specifics of the backbone network transporting the multicast data and, hence, can provide a network-independent measure of the cost-effectiveness of various multicast architectures. The usefulness of the cost model is illustrated by analyzing multicast data transport costs in “group shared tree” (GST) and “source-specific tree” (SST) architectures, with both empirical and simulation studies. The cost analysis methodology can be useful in the design and/or evaluation of multiservice data transport architectures. It can also offer a basis for the network provider to implement customer billing functions in a “pay-for-service” type of network management environment envisaged for multiservice networks     

Multicast security and its extension to a mobile environment

Multicast is rapidly becoming an important mode of communication and a good platform for building group-oriented services. To be used for trusted communication, however, current multicast schemes must be supplemented by mechanisms for protecting traffic, controlling participation, and restricting access of unauthorized users to data exchanged by the participants. In this paper, we consider fundamental security issues in building a trusted multicast facility. We discuss techniques for group-based data encryption, authentication of participants, and preventing unauthorized transmissions and receptions. We also describe the application of these principles and techniques in designing an architecture for secure multicast in a mobile environment.     

移动智能平台的可信计算体系结构与应用研究

在分析移动智能平台安全需求基础上,从逻辑原理、硬件组成、软件系统三个层面提出了移动智能平台的可信计算体系结构,之后提出了包含十种可信计算应用功能的全景图。