Summary: | 碩士 === 國立臺灣大學 === 電機工程學系研究所 === 86 === Network security is an important fundamental building block of many Internetap
plications, such as electronic commerce and electronic voting. Althoughnetwork
security can be enforced in all OSI layers, providing securityservices at the
network layer has some advantages, such as uniformity andtransparency.IP Secu
rity (IPsec) is a working group of IETF, and its goal is to propose thearchite
cture to provide cryptographically-based security services for the IPprotocols
, both IPv4 and IPv6. Furthermore, key management plays animportant role in th
e IPsec architecture. ISAKMP (Internet SecurityAssociation and Key Management
Protocol) is one automated key managementprotocol of the IP Security protocol
suite, and it is used to negotiatesecurity parameters between entities, e.g.,
encryption algorithms, algorithmmodes, key length, etc. However, the current d
raft of ISAKMP is onlyapplicable under unicast environments, that is, it does
not supportmulticast communications.In this thesis, we propose some models by
which security parameters can benegotiated using ISAKMP under multicast enviro
nments. For each model, wealso suggest some corresponding key management mecha
nisms. Besides, ourmodels are independent of multicast routing protocols. More
over, our modelsare capable of supporting dynamic membership. Our models are e
asy toimplement, so little change is needed for implementations of ISAKMP to i
ncludeour models. Group members can choose security parameters according to th
eirdemands by our proposed models.
|