以賽局分析網路通訊服務安全認證機制- 以VoIP為例

Abstract

大部分企業內部設置兩種網路：數位式 IP 網路及公眾交換電話網路 (PSTN)。目前已有許多企業開始將這兩種技術整合成單一網路，其產生的節省效益，不只限於長途語音服務，營運及管理成本也一併受益。但在數位網路上使用VoIP服務，會使整個語音訊息曝露公眾網路上，發生在傳統交換式語音網路不會發生的安全威脅。VoIP服務若遭受攻擊，可能會造成業務損、語音傳遞品質降低及機密資訊遺失。因此企業在採用 VoIP服務之前，總是因為這些威脅所衍生的各式資訊安全問題而猶豫不決。採用VoIP服務之後，為了讓資訊威脅降至最低，不得不採購各類的安全防護軟硬體設備，反而侵蝕了使用VoIP 服務低成本的效益。再者，目前VoIP之安全防護由各服務商與使用者執行，僅針對由外而內傳遞之訊息進行過濾，這種作法只是「點」的防護，面對網際網路上的攻擊，無法全面性進行安全防禦。 綜上所述，本論文提出VoIP服務安全認證機制。以兩階段依序賽局為分析基礎，從VoIP服務商營運的經濟面與管理面進行分析，證明服務商加入安全認證機制可有效提高收益，以吸引VoIP服務商保護它們的客戶以及整體VoIP 網路的安全。此外，VoIP認證機制會集合各服務商「點」的防護能力，升級成「面」的防護能力，讓服務商得以用相同的防護成本獲得更佳的防護效果。研究結果發現，VoIP 服務商加入認證機制之後會提升收益；加入認證機制的VoIP服務商比沒有加入認證機制的VoIP服務商的收益高；另外，全部的服務商加入認證機制之下，會具有最佳的防護效果。

Most companies have two kinds of networks the digital IP Network (DIPN) and Public Telephone Network (PSTN). Presently, many have integrate these two networks into single network: DIPN. The cost-saving benefits to not long-distance " telephony" services, but also the cost of operation and management. Using VoIP services on the DIPN would make the whole voice messages exposed to the public network; however, in the PSTN, it would not have security threats. If VoIP is under attack, it would cause the loss on business, lower-down on voice passing qualities, and loss of private information. Hence, before adopting VoIP services, these security issues derived always make enterprises hesitate. After adopting this, in order to lower down these issues, the companies have no choices but to purchase all kinds of security equipment, includeing hardware and software, which reduces the benefits of low costs on VoIP. Moreover, the security protection on VoIP is implemented by service providers and users. They only filter the messages passed from outside, which onlt provides partial protection that could not protects entirely against. To sum up, this paper propose the mechanism on VoIP service security suthentication based on Two-Stage and Sequential game, we analyze the VoIP Service Provider's economic and management part to prove that when these providers join the security certification mechanism, they would increase benefits to attract other providers to protect their customers and the whole VoIP security. Besiders, this mechanism would integrate every provider's partial capacity to full capacity. So that, the providers would gain better protection effects on the same cost. The research proves that after the VoIP Service Providers join for those who join the mechanism, they would gain more at length, all the service providers join in, it would have the best protection results.