【作者】 杨超；

【导师】 张志鸿；

【作者基本信息】 郑州大学 ， 计算机软件与理论， 2012， 硕士

【摘要】 本课题系国家科技重大专项项目"TD-SCDMA行业信息化应用方案开发与产业化”。随着3G技术的不断成熟,3G视频应用变得越来越广泛。但是由于无线网络的开放性,给信息安全以及内网安全带来了潜在的安全隐患。同时3G视频的高实时性以及高带宽要求,对系统处理效率提出更高的要求。另外,由于3G视频业务的多样性,如何对视频访问进行统一的管理也是开发人员研究的重点。针对上述的问题,本文提出了一套全新的3GVSA(3GVSA,3G Video Access Security).该系统是基于用户身份信息,采用业务相关、属地化、角色管理的“白名单”机制,通过代理模式、报警阻断等手段,提供无法旁路的应用访问接口,通过身份认证后的用户只能进行授权范围内的操作,禁止非授权访问资源及系统操作,对视频内容进行识别,实现移动3G视频应用模式的统一访问控制。本文首先研究了系统实现使用的主要技术。详细分析和介绍了VPN技术、Netfilter/iptables框架以及iproute2技术的主要功能、实现原理以及应用场景,并针对Netfilte/iptables、 netlink进行了结合性应用研究。其次,从安全体系的角度,研究和分析了3GVSA的安全需求；在网络层、应用层等多层次安全需求的基础上,结合实际的应用需求,通过3GVSA的功能要求、整体架构、业务流程以及网络架构的具体设计,满足用户认证以及资源统一访问控制。最后,重点分析和研究了安全接入网关和视频接入网关的设计与实现。重点分析安全接入网关的用户认证、内存池管理、多进程、Qos控制等机制,同时也着重介绍和研究了视频接入网关的用户策略缓存、视频过滤以及视频传输通道的实现原理。更多还原

【Abstract】 This topic is of major projects of national science and technology project "TD-SCDMA industry, information technology applications development and industrialization."As3G technology continues to mature,3G video applications become more and more widely. However, due to the openness of wireless networks, the potential security risks to information security and internal network security.3G video real-time and high bandwidth requirements, and higher demands on system processing efficiency. In addition, due to the diversity of3G video services, how to carry out unified management is the focus of developers of the video access.To address the above issues, this paper proposes a new3G video security access system (3GVSA,3G Video the Access Security). The system is based on user identity information, the use of business-related localization of the "white list" of role management mechanism through a proxy mode, alarm blocking means can not bypass application access interface, only through the user authentication within the mandate of the operation, to prohibit unauthorized access to resources and system operation, and to identify the video content, unified access control model to mobile3G video applications.This paper studies the system. Detailed analysis and the VPN technology in the iptables, Netfilter/frameworks, and the iproute2the main function of the technology to achieve the principles and scenarios, and a combination of applied research for Netfilte/iptables, netlink.Secondly, from the perspective of the security system, research and analysis of the security needs of the3GVSA: on the basis of the network layer, application layer, multi-level security requirements, combined with the actual application requirements, functional requirements through3GVSA the overall architecture, business processes and the specific design of the network architecture to meet the user authentication and resources unified access control.Finally, the focus of analysis and research design and implementation of a secure access gateway and video access gateway.Focus on analysis of the Secure Access Gateway, user authentication, management of the memory pool, multi-process, udp multicast mechanism, but also highlights and Video Access Gateway user policy cache, video filtering and video transmission channel principle.更多还原