| H.323 recommendation is a standard of multimedia communication system in packet-based networks. The security analysis of H.323 communication exposes potential security problems in the process of identity authentication and RAS(Registration,Admission and Status protocol)communication. SecGK-IPSec (Security GateKeeper and IPSec Association) is a H.323 multimedia communication system, which provides an enhanced security mechanism. Based on the security requirements of H.323 framework, SecGK-IPSec implements the security mechanism by an enhanced identity authentication protocol and an interaction with IPSec.As an Internet protocol located in the 3rd layer?of the TCP/IP model, IPSec has the advantages such as anti-attack, identity authorization, data integrity and confidentiality and perfect forward security. In the H.323 framework with multi-protocol, IPSec can avoid the complexity of protocol multiplexing and supplies a general and scalable protection.The Security Remote Password protocol is an identity authentication protocol based on verifier, which has the security property with Zero-knowledge password proofs. The SecGK-IPSec system provides identity authentication mechanism by the enhanced Security Remote Password protocol. The enhanced SRP protocol matches the RAS communication process by merging the negotiation phases. The technology of verifier Hash code is used to defense Denial of Service attack.Based on traditional statistics evaluation method, a new algorithm named DelayAMA is produced to evaluate network delays by statistical value of past-sampling and error adjustment. Delay evaluation feedback mechanism based on DelayAMA algorithm supplies feedback accommodation for the requirement of system Quality of Service by the interaction between IPSec VPN and Gatekeeper module.Based on performance testing, the performance influence of H.323 multimedia communication system by IPSec protection process is analyzed.
|
PDF Full Text Request