| The next generation passive optical network faces users directly, and it's open and accessible, so it is vulnerable to be attacked. With more and more extensive networking applications, the optical access network is getting higher and higher regarding user's importance, and attacks are becoming more and more serious consequences. Moreover, the next generation passive optical network uses the way of sharing physics network mostly, and the network security problem is more prominent. Therefore, the security of optical access network has become the question which urgent needs to solve. However, there are not many researches on the security issues of the next generation PON, especially on the key management aspect. The research on key management security is a very important aspect of next generation PON security issues. Therefor it is of great importance that to ensure the key security is significant for the security of the whole PON system.This article has mainly done the following work based on the above question:1. Sum-up and analyze the security requirements and threats of next generation passive optical network at all network levels, pointing out that eavesdropping, denial of service,masquerading and theft of service are major threats the network facing. Sum-up and discuss the existing security technology of next generation PON, including MACSec and GCM(Galois Counter Mode).2. Research on the key management security mechanism of EPON, sum-up and analyze the existing key management scheme of EPON,focus on the key management scheme based on GCM, and discuss the process of key distribution and updating. 3. Research on the key management security mechanism of 10GEPON, focus on MKA (MACSec Key Agreement) protocol, and analyze its advantages for 10GEPON, involving disadvantages of MKA.4. Design a key management scheme for 10GEPON, which uses MKA protocol, but improve and supplements to the protocol. This scheme focuses on the process of key generation, distribution, updating and synchronization. This approach does not use special secure channel and has no effect on the normal data transmission. This key management scheme has already been used on 10GEPON security system.Base on above work, this paper design a key management scheme for 10GEPON, involving the process of key generation, distribution, updating and synchronization. This key management scheme can be applied to GCM encryption and authentication technologies and MACSec to provide key management security policy. Currently there is little research on 10GEPON key management method home and abroad, the key management scheme proposed in this paper to some extent make up for the gap of the domestic research on 10GEPON key management.The full text is as follows:The 1st part discussed the research background and pointed out the development trends of next generation PON and the research progress of its security issues. There are few researches on the key management issues of the next generation PON, needing for a suitable key management scheme of 10GEPON.The 2nd part analyzed the security requirements and threats of next-generation passive optical network at all network levels. This part also sum-up the existing encryption and authentication techniques, including theory of MACSec and GCM.The 3rd part researched and analyzed the key security mechanism of the next generation PON, focus on MKA(MACSec Key Agreement) protocol,which is suitable for 10GEPON, and analyzed its advantages and disadvantages.The 4th part designed a key management scheme for 10GEPON, which adopted MKA (MACSec Key Agreement) protocol. This scheme improved MKA, focused on the process of key generation, distribution, updating and synchronization. This key management scheme has already been used on 10GEPON security system based on MACSec.The 5th part Conclusion summarized research results of the paper, and forecasted the future. |
PDF Full Text Request