èŠ‚ç‚¹æ–‡çŒ®

ç»„å¯†é’¥ç®¡ç†æŠ€æœ¯ç ”ç©¶åŠå…¶åœ¨IPSec VPNä¸çš„åº”ç”¨

Research on Group Key Management System and Itâ€™s Application on IPSec VPN

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æŽæ¬£ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ æµ™æ±Ÿå¤§å¦ ï¼Œ è®¡ç®—æœºç§‘å¦ä¸ŽæŠ€æœ¯ï¼Œ 2006ï¼Œ åšå£«

ã€æ‘˜è¦ã€‘ è¿‘å¹´æ¥ï¼Œå®‰å…¨å¯é çš„ç»„é€šä¿¡å·²æˆä¸ºç ”ç©¶é¢†åŸŸçš„çƒç‚¹é—®é¢˜ï¼Œå°¤å…¶æ˜¯åœ¨åŸºäºŽç»„çš„åº”ç”¨å’Œåˆä½œé¢†åŸŸï¼Œç»„å®‰å…¨é€šä¿¡è¶Šæ¥è¶Šå—åˆ°äººä»¬çš„å…³æ³¨ã€‚ç»„å®‰å…¨é€šä¿¡çš„è®¾è®¡å…³é”®ç‚¹åœ¨äºŽå¦‚ä½•åœ¨ä¸å¯é çš„ç½‘ç»œçŽ¯å¢ƒç»´æŠ¤ç»„é€šä¿¡çš„æœºå¯†æ€§ã€‚æ•°æ®åŠ å¯†æ˜¯å®žçŽ°å®‰å…¨ç»„é€šä¿¡çš„å®žé™…é€”å¾„ï¼Œå³ä½¿æ˜¯IPåˆ†ç»„è¢«æ³„éœ²åˆ°æ•´ä¸ªç½‘ç»œï¼Œä¹Ÿèƒ½ä¿è¯åªæœ‰ç»è¿‡è®¤è¯çš„ç”¨æˆ·æ‰èƒ½è§£å¯†ç»„æ’æ•°æ®ã€‚ åœ¨å®‰å…¨ç»„é€šä¿¡ä¸ï¼Œæ•°æ®å‘é€è€…ç”¨ç»„å¯†é’¥æ¥åŠ å¯†ä¸šåŠ¡ï¼Œå¹¶ä¸”ç»„å†…æ¯ä¸ªæˆå‘˜éƒ½å…±äº«åŒæ ·çš„ç»„å¯†é’¥ç”¨äºŽè§£å¯†æ•°æ®ã€‚ä¸ºäº†ä¿è¯åŽå‘ä¸Žå‰å‘æœºå¯†æ€§ï¼Œåœ¨æ•´ä¸ªç»„æ’ä¼šè¯è¿‡ç¨‹ä¸ï¼Œæ¯å½“æœ‰ç”¨æˆ·åŠ å…¥æˆ–é€€å‡ºæ—¶éƒ½å¿…é¡»æ”¹å˜ç»„å¯†é’¥ã€‚è¿™ä¸€è¿‡ç¨‹ç§°ä¸ºå¯†é’¥æ›´æ–°(Rekey)ï¼Œå®ƒä¿è¯äº†ä¸€ä¸ªæ–°åŠ å…¥çš„ç”¨æˆ·æ— æ³•è®¿é—®ä¹‹å‰çš„ç»„æ’æ•°æ®ï¼Œå¹¶ä¸”ä¸€ä¸ªé€€å‡ºçš„ç”¨æˆ·æ— æ³•ç»§ç»è§£è¯»åœ¨å®ƒç¦»å¼€ä¹‹åŽç»„æ’çš„æ•°æ®ã€‚è¿™å°±æ˜¯å¯†é’¥ç®¡ç†é—®é¢˜ï¼Œè®¾è®¡å®‰å…¨é«˜æ•ˆçš„å¯†é’¥ç®¡ç†åè®®é¢ä¸´ç€è®¸å¤šæŒ‘æˆ˜ã€‚å…¶ä¸»è¦éš¾ç‚¹åœ¨äºŽç»„çš„åŠ¨æ€æ€§ï¼Œå³ç»„æˆå‘˜å¯ä»¥åœ¨ä»»æ„æ—¶åˆ»åŠ å…¥æˆ–é€€å‡ºç»„ã€‚ æœ¬æ–‡çš„ç ”ç©¶ä¸»è¦åŒ…æ‹¬ç»„å¯†é’¥ç®¡ç†çš„ç³»ç»Ÿç»“æž„ï¼ŒåŠ¨æ€å¯¹ç‰ç»„å¯†é’¥åå•†å’Œæ›´æ–°åè®®ï¼Œåœ¨æ¤åŸºç¡€ä¸Šå®žçŽ°äº†ä¸€ä¸ªç»„å¯†é’¥ç®¡ç†ç³»ç»Ÿå¹¶å°†å…¶åº”ç”¨äºŽIPSec VPNï¼Œå®žçŽ°ç½‘å…³ç»„çš„å®‰å…¨å…³è”ã€‚å…·ä½“åœ°è¯´ï¼Œæœ¬æ–‡çš„å·¥ä½œå†…å®¹åŒ…æ‹¬ä»¥ä¸‹å‡ ä¸ªæ–¹é¢ï¼š æ ¹æ®ç»„å¯†é’¥ç®¡ç†ç³»ç»Ÿçš„å¯†é’¥æŽ§åˆ¶æ¨¡åž‹çš„å·®å¼‚ï¼Œå°†å…¶åˆ†ä¸ºä¸‰ç±»ï¼šé›†ä¸å¼å¯†é’¥åˆ†å‘ï¼Œåˆ†æ•£å¼å¯†é’¥åˆ†å‘ï¼Œå¯¹ç‰å¯†é’¥åå•†ã€‚å…¶ä¸åŸºäºŽå¯¹ç‰ç»„å¯†é’¥åå•†çš„å¯†é’¥ç®¡ç†ç³»ç»Ÿå…·æœ‰ä»¥ä¸‹ç‰¹ç‚¹ï¼š(1)ç»„æˆå‘˜ä¸ºå¹³ç‰å…³ç³»ï¼Œæ— é€»è¾‘æˆ–ç‰©ç†çš„å±‚æ¬¡å…³ç³»ï¼Œå› æ¤ä¸å˜åœ¨æ€§èƒ½å’Œå®‰å…¨çš„ç“¶é¢ˆç»“ç‚¹ï¼Œæ²¡æœ‰å•ç‚¹å¤±æ•ˆé—®é¢˜ï¼Œå¯ç”¨æ€§é«˜ï¼›(2)ç»„å¯†é’¥ç”±ç»„å†…å„æˆå‘˜è´¡çŒ®çš„éšæœºæ•°ç”Ÿæˆï¼Œå› æ¤ç»„å¯†é’¥çš„éšæœºæ€§æ¯”å…¶å®ƒä¸¤ç±»ç³»ç»Ÿæ›´ä¸ºå¥å£®ã€‚è¯¥ç±»å¯†é’¥ç®¡ç†ç³»ç»Ÿæ˜¯æœ¬æ–‡ç ”ç©¶çš„é‡ç‚¹ã€‚çŽ°æœ‰çš„å¯¹ç‰ç»„å¯†é’¥ç®¡ç†ç³»ç»Ÿå»ºç«‹åœ¨ç»„é€šä¿¡åŸºç¡€ä¸Šï¼Œå˜åœ¨çš„ç»“æž„å¤æ‚ï¼Œæ•ˆçŽ‡ä½Žï¼Œé²æ£’æ€§ä½Žç‰é—®é¢˜ï¼Œåˆ¶çº¦äº†ç»„å¯†é’¥ç®¡ç†ç³»ç»Ÿçš„åº”ç”¨ã€‚æœ¬æ–‡é’ˆå¯¹IPSec VPNä¸ç»„å¯†é’¥ç®¡ç†çš„éœ€æ±‚ï¼Œæå‡ºäº†ä¸€ç§æ¨¡å—åŒ–å¯¹ç‰ç»„å¯†é’¥ç®¡ç†ç»“æž„ï¼Œåœ¨å¯é å¤šæ’æœåŠ¡å’ŒåŸºäºŽä¸å¿ƒèŠ‚ç‚¹çš„ç®€å•æˆå‘˜å…³ç³»æœåŠ¡ä¸Šå»ºç«‹ç»„å¯†é’¥åå•†ã€‚ å®‰å…¨æ€§å’Œåå•†æ•ˆçŽ‡æ˜¯è¯„ä»·ç»„å¯†é’¥ç®¡ç†åè®®çš„å…³é”®æŒ‡æ ‡ï¼Œåœ¨ä¿è¯ç›¸åŒå®‰å…¨æ€§çš„åŸºç¡€ä¸Šï¼Œå¦‚ä½•æé«˜åå•†æ•ˆçŽ‡æ˜¯ä¸€ä¸ªå…³é”®è¯¾é¢˜ï¼Œå¯¹ç»„å¯†é’¥çš„åº”ç”¨å…·æœ‰çŽ°å®žæ„ä¹‰ã€‚æœ¬æ–‡é¦–å…ˆå°±å®‰å…¨æ€§å’Œåå•†æ•ˆçŽ‡ä¸¤ä¸ªæŒ‡æ ‡å¯¹çŽ°æœ‰çš„åŠ¨æ€å¯¹ç‰ç»„å¯†é’¥ç®¡ç†åè®®è¿›è¡Œç³»ç»Ÿçš„åˆ†æžå’Œæ¯”è¾ƒã€‚åˆ©ç”¨é™ä½Žå¯†é’¥åå•†çš„è½®æ•°ã€é€šä¿¡é‡å’Œè®¡ç®—é‡ä½œä¸ºæé«˜åå•†æ•ˆçŽ‡çš„é€”å¾„ï¼Œæå‡ºäº†ä¸€ç³»åˆ—çš„é«˜æ•ˆåŠ¨æ€ç»„å¯†é’¥åå•†åè®®ã€‚è¯¥ç³»åˆ—åè®®å…·æœ‰ä»¥ä¸‹ç‰¹ç‚¹ï¼š(1)å¼•å…¥é…å¯¹(Pairing)è¿ç®—å’ŒåŸºäºŽèº«ä»½çš„å…¬é’¥åŸºç¡€è®¾æ–½(Identity Basedæ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ In recent years, the research on group communication has focused on the security and reliability of group communication. In particular, the fields of the application and cooperation based on group, the secure group communication has become more and more important. The confidentiality of communications is the key to design the secure group communication in unreliable networking environment. Data encryption is a practical means of achieving security group communications. Only authenticated user can be ensured to decrypt the multicast data, even if the data could be received by other users connected the multicast network.In the security group communication, data was encrypted by the group key. Each group member shared the same key for decrypting data. To ensure forward and backward security, the group key has to be updated whenever members joining or leaving the group. This process is known as rekeying. It guarantees that the new joining members can not decrypt the data which encrypted the earlier group key. It also guarantees the leaved members can not decrypt the group data received after it leaved the group. This is major challenge to design a secure and effective key agreement protocol. The difficulty lies in the dynamic group that the members can join or leave a group at any time.The structure of group key management system and dynamics group key agreement protocol was studied in this thesis. And this group key management system was implemented and it is applied to IPSec VPN. The group security association was implemented among VPN gateway. Specifically, this study includes the following contents:According to the differences among key control models, the group key management could be divided into three categories: centralized model, distributed model and combined model. The dynamic distributed key management system has the following features. (1) Each member of the group is equal. So there is no performance and security bottleneck, no single point of failure with high availability. (2)The group Key is produced by the random numbers which were shared by all members. So the randomicity of the group key in this model was stronger than other models. Therefore, such group key management system is the focus of this thesis.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ç»„å¯†é’¥ç®¡ç†ï¼› åŒçº¿æ€§é—®é¢˜BDHï¼› ID-Based PKIï¼› ç»„é€šä¿¡ï¼› IPsec VPNï¼›
ã€Key wordsã€‘ group key managementï¼› Bilinear Diffie Hellam (BDH)ï¼› ID-Based PKIï¼› Group communicationï¼› IPsec VPNï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ æµ™æ±Ÿå¤§å¦

ã€åˆ†ç±»å·ã€‘TN918.6
ã€è¢«å¼•é¢‘æ¬¡ã€‘4
ã€ä¸‹è½½é¢‘æ¬¡ã€‘651
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

ç»„å¯†é’¥ç®¡ç†æŠ€æœ¯ç ”ç©¶åŠå…¶åœ¨IPSec VPNä¸­çš„åº”ç”¨

Research on Group Key Management System and Itâ€™s Application on IPSec VPN

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

ç»„å¯†é’¥ç®¡ç†æŠ€æœ¯ç ”ç©¶åŠå…¶åœ¨IPSec VPNä¸çš„åº”ç”¨