| With the development of high-speed Internet, more and more real-time services based on IP are provided. Cable operators and CabLabs its members developed a series of interface standards in a uniform, consistent, open, non-proprietary multi-vendor interoperability basis, which described the definition, design, development and deployment on the packet, called Packet Cable protocol.PacketCable2.0defines the structure of a multimedia network access via high-speed Cable Modem, and its goal is to realize a two-way voice, video and data communications over IP, in the HFC network defined by DOCSIS.In PacketCable2.0architecture, provisioning is the process to provide the IP configuration parameters for the UE, which has a crucial role. The architecture standards specify that SNMPv3and Kerberos are used to provide the security for the provisioning process.This program combined the SNMPv3and Kerberos together, designed and realized an expansion of SNMPv3, which replaced the default security User-based Security Model into Kerberos-based Security Model, and provide the security for the provisioning process.The article include:1) Study the feasibility of the subject, and design a plan to achieve that.2) Design the security fields of KSM, and replace the USM security fields into KSM security fields in SNMPv3message.3) Code the KSM sub modules and complete the inplementation the expansion of the KSM-based net-snmp system. The module includes security parameter parsing, encryption module, authentication modules, decryption modules, security parameter building module.Since KSM bases on the Key Distrubute Center, which manages all the identities of its users, SNMPv3based on KSM Greatly simplifies key management, reduces the burden on the device using the SNMPv3protocol, which creates a good condition for the promotion of SNMPv3protocol. At the same time, Kerberos is a certificate-based security protocol, and it provides the authentication between the two sides in communication, which makes it much safer. |
PDF Full Text Request