《电信与移动互联网行业市场企业产品应用与无线网民的特点、行业发展》由会员分享,可在线阅读,更多相关《电信与移动互联网行业市场企业产品应用与无线网民的特点、行业发展(19页珍藏版)》请在金锄头文库上搜索。
1、Multicast receiver access control by IGMP-ACOriginal Research ArticleComputer NetworksIP multicast is best-known for its bandwidth conservation and lower resource utilization. The present service model of multicast makes it difficult to restrict access to authorized End Users (EUs) or paying custome
2、rs. Without an effective receiver access control, an adversary may exploit the existing IP multicast model, where a host or EU can join any multicast group by sending an Internet Group Management Protocol (IGMP) join message without prior authentication and authorization. We have developed a novel,
3、scalable and secured access control architecture for IP multicast that deploys Authentication Authorization and Accounting (AAA) protocols to control group membership. The principal feature of the access control architecture, receiver access control, is addressed in this paper. The EU or host inform
4、s the multicast Access Router (AR) of its interest in receiving multicast traffic using the IGMP protocol. We propose the necessary extensions of IGMPv3 to carry AAA information, called IGMP with Access Control (IGMP-AC). For EU authentication, IGMP-AC encapsulates Extensible Authentication Protocol
5、 (EAP) packets. EAP is an authentication framework to provide some common functions and a negotiation of the desired authentication mechanism. Thus, IGMP-AC can support a variety of authentications by encapsulating different EAP methods. Furthermore, we have modeled the IGMP-AC protocol in PROMELA,
6、and also verified the model using SPIN. We have illustrated the EAP encapsulation method with an example EAP method, EAP Internet Key Exchange (EAP-IKEv2). We have used AVISPA to validate the security properties of the EAP-IKEv2 method in pass-through mode, which fits within the IGMP-AC architecture
7、. Finally, we have extended our previously developed access control architecture to accomplish inter-domain receiver access control and demonstrated the applicability of IGMP-AC in a multi-domain environment.Article Outline1. Introduction2. Background work 2.1. Internet Group Management Protocol (IG
8、MP)2.2. AAA protocols2.3. Access control architecture with e-commerce communication 2.3.1. Participant access control2.3.2. e-Commerce communication2.3.3. Policy enforcement2.3.4. Limitation of the architecture3. Problem definition 3.1. Effects of forged IGMP report messages3.2. Goals of receiver ac
9、cess control3.3. Group key management vs. receiver access control3.4. Relationship of receiver access control to key management and accounting3.5. Receiver access control through extended IGMP 3.5.1. Coupling access control with IGMP3.5.2. Extending the IGMPv3 protocol4. Related work5. IGMP with Acc
10、ess Control (IGMP-AC) 5.1. Requirements5.2. Protocol descriptions 5.2.1. Host behavior5.2.2. Role of AAA Server (AAAS)5.2.3. Role of Access Router (AR)5.3. Additional messages5.4. Required reception states 5.4.1. Reception states maintained by the host5.4.2. Reception states maintained by the AR5.5.
11、 Securing IGMP-AC messages6. Verification of IGMP-AC using SPIN 6.1. Model description6.2. Verification results7. Authentication using EAP 7.1. EAP encapsulation over IGMP-AC7.2. EAP-IKEv2 protocol7.3. Enhanced security for IGMP-AC messages8. Validation of EAP-IKEv2 method using AVISPA 8.1. Security
12、 properties of the EAP-IKEv2 method8.2. The peer-to-peer model 8.2.1. Limitations of the peer-to-peer model8.2.2. Security goals8.2.3. Finding the attack8.2.4. Securing the peer-to-peer model8.3. The pass-through model9. Inter-domain receiver access control 9.1. Diameter agents9.2. Proposed inter-do
13、main architecture 9.2.1. Enforcing secured-group status for inter-domain groups9.2.2. IGMP-AC behavior9.2.3. Distributed vs. centralized database10. Discussion 10.1. Scalability10.2. Delay in packet delivery10.3. Message complexity10.4. Mobility of End Users11. Conclusion and future workAcknowledgem
14、entsReferencesZone-based virtual backbone formation in wireless ad hoc networksOriginal Research ArticleAd Hoc NetworksEfficient protocol for clustering and backbone formation is one of the most important issues in wireless ad hoc networks. Connected dominating set (CDS) formation is a promising app
15、roach for constructing virtual backbone. However, finding the minimum CDS in an arbitrary graph is a NP-Hard problem. In this paper, we present a novel zone-based distributed algorithm for CDS formation in wireless ad hoc networks. In this Zone algorithm, we combine the zone and level concepts to sp
16、arsify the CDS constructed by previous well-known approaches. Therefore, this proposed algorithm can significantly reduce the CDS size. Particularly, we partition the wireless network into different zones, construct a dominating tree for each zone and connect adjacent zones by inserting additional connectors into the final CDS (at the zone borders). Our
