A Study of Network Security Technologies
| Autor: | Chi-Hsiang Hung, 洪吉祥 |
|---|---|
| Rok vydání: | 2013 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 101 As the rapid progress in network technology, people can communicate efficiently and easily via internet. However, there are various malicious activities to sabotage the network usage. That makes people to concern seriously about the network security. It is well known that applying only one network security technology to protect a system is inadequate. In this dissertation, we focus on designing three network security technologies: network intrusion detection, IP traceback scheme and group key management. Today most enterprises and organizations deploy intrusion detection system (IDS) to detect the known attacks. We apply the data mining technique to extract intrusion pattern, and design an intrusion behavior detection engine to real-time analyze the packets to detect possible attacks. It is difficult to find out the real source of an attack since “IP spoof” is easy. We also design an IP traceback scheme based on the Chinese Remainder Theorem (CRT) to require routers to probabilistically mark packets with partial path information when packets through the Internet. After detecting attacks, our scheme will reconstruct the attack paths from the marked packets to trace the real source of the attacks. Besides, group key generation and management is becoming increasingly important since more and more applications transmit their data by IP multicast to reduce the bandwidth consumption of network. Many group applications require certain security mechanisms to protect the integrity of the group traffic from modification, guard for confidentiality of data from eavesdrop, and validate both message and user’s authenticity. To provide the above security-enhanced services, we design an authenticated group key management protocol based on (2, 2) secret sharing scheme to provide the following security services: confidentiality, integrity, forward secrecy, backward secrecy and mutual authentication. The proposed group key management also can resist against the replay attack, the impersonating attack, group key disclosing attack and the malicious insider attack. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|