Designing Authentication and Protection Schemes for Group Communications

Autor: Wen-Her Yang, 楊文和
Rok vydání: 2000
Druh dokumentu: 學位論文 ; thesis
Popis: 88
With rapid growth of the Internet, more and more people communicate with others through the Internet. In the past, most of the Internet applications were point-to-point connections. In recent years, the demand of the point-to-multipoint connections is increasing. People wish to collaborate with others or to hold a group discussion through the Internet. Recently, an increasing number of network applications relied on group communications have been developed (e.g., teleconference, multi-player game, distributed computing and so on). In such group communication environments, security is then an important issue. It is difficult to provide a total solution to all security problems in various group communication environments. In this dissertation, we consider three critical security issues and propose the solutions. First, we discuss the authentication and key agreement problems of establishing secure group sessions. Then, the mechanism to securely multicast messages on MBone is studied. Finally, we investigate the protection of network hosts in group computing environments. To establish a secure session for group communications, the design of authentication and key agreement schemes must take into consideration the restrictions of different environments. For local area networks, we propose an efficient key agreement protocol. In the protocol, the idea of ID-based schemes is used for mutual authentication and key establishment, hence neither secret nor public keys need be exchanged for group members. The protocol does not need a dedicated central server, and the overhead of key agreement is balanced among group members. For wide area networks, we consider the topology of multicast networks and design a secure multicast protocol. The protocol takes advantage of MBone topology to keep scalability and efficiency at the same time. The key renewing process is confined to a local group. When users join or leave a group, only the subgroup key needs to be renewed and the keys of other subgroups remain unchanged. To have better performance, the proposed protocol contains two operation modes that can easily adapt to different group behaviors. To provide the flexibility of authentication, we also proposed two password authentication schemes, in which the remote user does not need the verification tables or certificates to authenticate participants. Thus, the scheme is suitable for the authentication of group communications in wide area networks. Finally, in order to protect network hosts in group computing environments, we propose a protection model which tracks data and privilege flows among group members. It can uniformly define various types of illegal access patterns and has the advantage of preventing context-dependent illegal accesses such as those caused by inadvertent execution of remote code containing viruses or Trojan Horses. The proposed flow control model is expected to complement the conventional model for access control. In summary, this dissertation studies the critical security issues in group communications and proposes some schemes for enhancement.
Databáze: Networked Digital Library of Theses & Dissertations