| It has been more than ten years since IP multicast technology was introduced. During these years, IP multicast related technologies have been intensively researched by the academic and engineering circles. Most researches are focused on IP multicast routing, reliable IP multicast and congestion control and so on. In recent years, as the security problems of open networks gain more and more regards, people begin to give more attentions to the security problems of IP multicast. Up to now, a plenty of research results have been obtained. But there still remain many pressing problem areas on IP multicast security to be solved. Contrasted to mature technology of IP unicast security, the technical problems of IP multicast security are more complex and difficult. Many problems cannot be solved simply through extending techniques of IP unicast security to IP multicast in a straightforward way. In the field of IP multicast security, we still have a long way to go.This dissertation is focused on providing the end-to-end security services for upper-layer IP multicast applications. The main original contributions of this dissertation include:* Constructing an Overlay Network consisting of GSC (Group Security Controller) and multiple SGSCs (SubGroup Security Controller) and proposing a key management scheme named MKEM (Multicast KEy Management), which is applicable for large dynamic multicast groups. MKEM improved and solved some problems in Iolus and WGL scheme. It is more scalable. Proposing a robust and fault-Tolerant key management protocol suit named RMKEM to solve the problem of SPOF (Single Point Of Failure) remaining in MKEM. Because the group session key is generated through the execution of key agreement algorithm by the GSCs in upper layer, once any GSC is compromised , subgroups controlled by other GSCs will not be influenced. So the robustness and fault-tolerance of system are achieved.Proposing a scheme of RMKEM (or MKEM) +FEC+Re-Synchronization Mechanism to guarantee the reliably receiving of the rekey messages transmitted on the UDP/IP multicast in MKEM and RMKEM. The scheme can realize the scalable, robust, fault-tolerant and reliable key management in large dynamic multicast groups. Up to the present, there are few key* management solutions capable of achieving the above four properties.* Based on SPKI technology, proposing multicast distributed access control system: MDAC, as wall as, proposing a delegation certificate path(DCP) searching algorithm based on binary tree. Through the emulational comparison with other schemes including Gothic [Judge02], schemes presented by papers: [Hardjono00], [Ballardie95] and [HeDraft01], we show that MDAC possesses not only superior performance, but also distribution, support for all kinds of multicast modes, authorization delegation and privacy protection which are properties lacked by the other schemes. So far, in the field of multicast security, there are few solutions for secure access control of large dynamic multicast groups.* Proposing the multicast NRR service: MNORS based on the mobile agent security scheme: MABCM [Zhou 02]. Under the protection of mobile agent blackbox, NRR mobile agent can generate trusted NRR evidence in untrusted computing environment of receivers. MNORS can be implemented by pure software and has high-level security and scalability. As to the problem of multicast NRR, there is only one result: Nark [Briscoe99], whose implementation must be based on smart card. And the security of the method of generating pseudo-random key in Nark has not been strictly analyzed and proved.* Proposing a positioning-enable multicast digital fingerprinting system: MFinger. Utilizing the Overlay Networks, distributed watermarking algorithm and digital fingerprinting algorithm based on encryption, MFinger realized the traitor-tracing and copyright protection for multicast media steams; MFinger has excellent scalability; Making a strict analysis of collision attack to the digital fingerprinting algorithm based on encryption and pointing out...
|
PDF Full Text Request