标题: | 群体通讯中身份认证与保护机制之设计 Designing Authentication and Protection Schemes for Group Communications |
作者: | 杨文和 Wen-Her Yang 谢续平 Shiuh-Pyng Shieh 资讯科学与工程研究所 |
关键字: | 群体通讯;安全性;身份认证;金匙认同;多址传输;流向控制;Group communication;security;authentication;key agreement;multicast;flow control |
公开日期: | 1999 |
摘要: | 随着网际网路的快速发展,越来越多的人们利用网际网路来互通讯息,在过去大部分的网路应用程式都是单点对单点(point-to-point)的连线,然而最近人们对于多点通讯(point-to-multipoint)的需求越来越高。例如说,一群人可能想要透过网际网路来共同完成一件工作或者是举行一场网路会议,近几年来群体通讯相关的应用程式已有相当多被发展,例如视讯会议(teleconference)、多人游戏(multi-player game)、群体计算(group computing)等等。在如此多样化的群体环境中安全通讯是一个很重要的考量,然而要提出一个完全的解决方案来因应各种不同的群体通讯环境是很难做到的,因此在论文中我们将研究三个重要的安全课题并提出解决方案,首先我们探讨在建立安全群体通讯中身份认证(authentication)与金匙认同(key agreement)的问题,接着设计在 MBone 网路中进行安全多址传输(multicast)的机制,最后我们探讨在群体计算(group computing)环境中如何侦测并保护电脑免于遭受攻击。 为了建构一个安全的群体通讯管道,身份认证与金匙认同的机制必须考虑不同的环境限制来设计,对于区域网路(local area networks)环境,我们提出了一个有效率的金匙认同协定,在此协定中采用了ID-based 的概念来达成身份认证与金匙建立(key establishment)而不需要借助群体会员的公开或私有金钥(public or private keys)的帮忙,此外也不需设立一个专用的伺服器来维护协定的运作而且金匙认同运算的负担也平均分摊到每位群体会员身上。而对于广域网路(wide area networks)环境,我们考量了现实环境中多址传输网路的状况之后提出一个安全多址传输协定,这个协定配合 MBone 网路环境而设计因此兼顾了扩展性(scalability)与效率。在此协定中金匙更新(key renewing)的动作只须在子群体中即可完成,因此大为减少了更新所需的负担。此外为了让身份认证机制更具弹性,我们也提出了两个密码认证的方法,在这两个方法中认证者不需要知道密码或者是凭证(certificate)就可以验证对方的身份,这种特性很适合用在跨网域大群体的通讯认证上。 最后为了保护网路电脑在群体计算环境中免于遭受攻击,我们提出了一个保护模型(protection model)来追踪资料与权利在群体会员之前的流向。藉由此模型,我们可以定义出各种不同的分法存取模式,进而保护电脑免于遭受这些分法存取行为可以造成的破坏。所提出的流向控制模型(flow control model) 可与传统的存取控制机制相互搭配以达到更好的安全保护。 整体而言,本篇论文主要探讨群体通讯中重要的安全课题,而所提出的解决方案希望能贡献于群体通讯的安全发展。 With rapid growth of the Internet, more and more people communicate with others through the Internet. In the past, most of the Internet applications were point-to-point connections. In recent years, the demand of the point-to-multipoint connections is increasing. People wish to collaborate with others or to hold a group discussion through the Internet. Recently, an increasing number of network applications relied on group communications have been developed (e.g., teleconference, multi-player game, distributed computing and so on). In such group communication environments, security is then an important issue. It is difficult to provide a total solution to all security problems in various group communication environments. In this dissertation, we consider three critical security issues and propose the solutions. First, we discuss the authentication and key agreement problems of establishing secure group sessions. Then, the mechanism to securely multicast messages on MBone is studied. Finally, we investigate the protection of network hosts in group computing environments. To establish a secure session for group communications, the design of authentication and key agreement schemes must take into consideration the restrictions of different environments. For local area networks, we propose an efficient key agreement protocol. In the protocol, the idea of ID-based schemes is used for mutual authentication and key establishment, hence neither secret nor public keys need be exchanged for group members. The protocol does not need a dedicated central server, and the overhead of key agreement is balanced among group members. For wide area networks, we consider the topology of multicast networks and design a secure multicast protocol. The protocol takes advantage of MBone topology to keep scalability and efficiency at the same time. The key renewing process is confined to a local group. When users join or leave a group, only the subgroup key needs to be renewed and the keys of other subgroups remain unchanged. To have better performance, the proposed protocol contains two operation modes that can easily adapt to different group behaviors. To provide the flexibility of authentication, we also proposed two password authentication schemes, in which the remote user does not need the verification tables or certificates to authenticate participants. Thus, the scheme is suitable for the authentication of group communications in wide area networks. Finally, in order to protect network hosts in group computing environments, we propose a protection model which tracks data and privilege flows among group members. It can uniformly define various types of illegal access patterns and has the advantage of preventing context-dependent illegal accesses such as those caused by inadvertent execution of remote code containing viruses or Trojan Horses. The proposed flow control model is expected to complement the conventional model for access control. In summary, this dissertation studies the critical security issues in group communications and proposes some schemes for enhancement. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#NT880392082 http://hdl.handle.net/11536/65482 |
显示于类别: | Thesis |