發(fā)布訂閱系統(tǒng)安全關(guān)鍵技術(shù)研究
發(fā)布時(shí)間:2018-10-31 07:34
【摘要】:不斷增長(zhǎng)的對(duì)于以內(nèi)容為中心的應(yīng)用需求已經(jīng)促使研究人員開(kāi)始重新思考,并且重新設(shè)計(jì)在互聯(lián)網(wǎng)上信息存儲(chǔ)和傳遞的方式。越來(lái)越多的網(wǎng)絡(luò)負(fù)載包含的內(nèi)容具有多個(gè)收件人。然而,互聯(lián)網(wǎng)中以主機(jī)為中心的架構(gòu)是為兩個(gè)固定端之間的點(diǎn)對(duì)點(diǎn)通信設(shè)計(jì)的。這樣做的結(jié)果是,當(dāng)前的互聯(lián)網(wǎng)架構(gòu)與當(dāng)前的數(shù)據(jù)以及以內(nèi)容為中心的應(yīng)用之間不相互匹配,無(wú)論信息的來(lái)源是什么,用戶需要的數(shù)據(jù)在很多情況下是未知的;趦(nèi)容的網(wǎng)絡(luò)已經(jīng)被提出來(lái)應(yīng)對(duì)這樣的要求,這是因?yàn)榛趦?nèi)容的網(wǎng)絡(luò)有著高效率,低網(wǎng)絡(luò)負(fù)載,低延遲和高能源效率的優(yōu)勢(shì)。發(fā)布訂閱通信范式就是這種網(wǎng)絡(luò)中最復(fù)雜和成熟的例子。本論文針對(duì)發(fā)布訂閱系統(tǒng)中的安全關(guān)鍵技術(shù)進(jìn)行研究,實(shí)現(xiàn)高效、安全的信息分發(fā)和管理,保證信息的完整性、保密性和可用性。本文的主要研究成果如下: (1)為了保證發(fā)布訂閱系統(tǒng)在非完全可信網(wǎng)絡(luò)環(huán)境下的信息安全,本文針對(duì)多域發(fā)布訂閱系統(tǒng)模型,提出了一種基于冗余屬性的發(fā)布訂閱系統(tǒng)加密算法,該算法利用事件的冗余屬性構(gòu)成一個(gè)向量空間模型,并將冗余屬性應(yīng)用于事件加密過(guò)程。事件在發(fā)送過(guò)程中時(shí),事件的冗余屬性按照預(yù)先建立的規(guī)則以不同的組合形式出現(xiàn)在路由中。所以一旦發(fā)現(xiàn)信息泄露給未授權(quán)的用戶,系統(tǒng)可以通過(guò)被泄露信息中的冗余屬性組合來(lái)確認(rèn)存在線路嗅探的鏈接,并撤銷相關(guān)的授權(quán)證書(shū)。這種方式不會(huì)增加匹配過(guò)程的開(kāi)銷和訂閱過(guò)程的開(kāi)銷。因此,當(dāng)線路嗅探不可忽視時(shí),本文的方案有助于提高發(fā)布訂閱系統(tǒng)的安全性。通過(guò)仿真證明提出的方案在沒(méi)有完全信任代理連接的支持下,可以有效地提高系統(tǒng)的安全性能。 (2)為了實(shí)現(xiàn)發(fā)布訂閱系統(tǒng)中訪問(wèn)控制的三個(gè)目標(biāo):保密性控制、完整性控制和可用性控制,針對(duì)目前大多數(shù)研究只對(duì)事件內(nèi)容和訂閱條件進(jìn)行加密,而將訪問(wèn)控制策略公開(kāi)的現(xiàn)狀,本文提出了一種基于廣告信息加密的發(fā)布訂閱系統(tǒng)訪問(wèn)控制機(jī)制。這個(gè)方案不僅能夠控制信息的安全傳送,而且保留了發(fā)布訂閱通信的優(yōu)勢(shì),如客戶端的解耦性和系統(tǒng)的可擴(kuò)展性。在網(wǎng)絡(luò)中,訂閱信息與廣告信息相遇的同時(shí)建立發(fā)布事件的事件傳播樹(shù)。在此基礎(chǔ)上,將含敏感信息的訪問(wèn)策略添加到廣告信息中,像加密發(fā)布信息一樣對(duì)廣告信息進(jìn)行加密。訪問(wèn)控制策略的安全性在訂閱信息與廣告信息的匹配過(guò)程中得以實(shí)現(xiàn)。這種方式在實(shí)現(xiàn)信息加密的同時(shí)仍然可以完成基于內(nèi)容的路由,并且不會(huì)增加事件發(fā)布過(guò)程的開(kāi)銷。通過(guò)仿真表明提出的方案實(shí)現(xiàn)了對(duì)信息細(xì)粒度的訪問(wèn)控制,并且提高了發(fā)布訂閱系統(tǒng)訪問(wèn)控制策略的安全性能,而只增加少量系統(tǒng)的信息開(kāi)銷。 (3)在基于內(nèi)容的發(fā)布訂閱系統(tǒng)中,通常有數(shù)以千計(jì)的訂閱者,使用集中式機(jī)制處理安全需求是不可行的。由于對(duì)一個(gè)服務(wù)/實(shí)體感興趣的訂閱者數(shù)量時(shí)刻都可能發(fā)生變化,因此建立一個(gè)靜態(tài)安全群組是不現(xiàn)實(shí)的。針對(duì)這個(gè)問(wèn)題,本文提出了一種混合模式的密鑰管理機(jī)制來(lái)管理事件的加密密鑰,它利用分散機(jī)制對(duì)代理進(jìn)行高效分組,并且提供了包括注冊(cè)、密鑰生成和動(dòng)態(tài)成員管理在內(nèi)的密鑰管理方案。最后通過(guò)仿真證明了在發(fā)布訂閱系統(tǒng)中,混合模式的密鑰管理機(jī)制與其他密鑰管理方法相比,能夠有效地減少系統(tǒng)的密鑰更新開(kāi)銷和密鑰存儲(chǔ)開(kāi)銷。
[Abstract]:Growing demand for content-centric applications has prompted researchers to rethink and redesign information storage and delivery on the Internet. More and more network loads contain multiple recipients. However, the host-centric architecture in the Internet is designed for point-to-point communications between two fixed ends. As a result, the current Internet architecture does not match the current data and applications centered on content, regardless of the source of the information, and the data required by the user is unknown in many cases. content-based networks have been proposed to address such requirements because content-based networks have the advantages of high efficiency, low network load, low latency, and high energy efficiency. Publishing a subscription communication paradigm is the most complex and mature example of such a network. This paper focuses on the research of key technology in publishing subscription system, realizes efficient and secure information distribution and management, and ensures the integrity, confidentiality and availability of information. The main achievements of this thesis are as follows: (1) In order to ensure the information security of the publishing and subscribing system in the non-completely trusted network environment, this paper proposes a publishing subscription system encryption based on redundant attributes, aiming at the multi-domain publishing subscription system model. The algorithm uses the redundant attributes of the event to form a vector space model and applies the redundant attributes to the event encryption process. When an event is in the sending process, the redundant attributes of the event appear in different combinations in different combinations according to the pre-established rules once the discovery information is revealed to an unauthorized user, the system can confirm the presence of a link to the line sniffing by combining the redundancy attribute in the leaked information and revoke the associated authorization certificate. This way does not increase the cost of the matching process and the subscription process overhead. Therefore, when the line sniffing is not ignored, the scheme in this paper helps to improve the security of the publishing subscription system Through simulation, the proposed scheme can effectively improve the security of the system without the support of the fully trusted agent connection. Performance. (2) In order to achieve three objectives of access control in a publishing subscription system: confidentiality control, integrity control, and availability control, for most studies, only the event content and subscription conditions are encrypted, and access control policies will be accessed In this paper, a publishing subscription system based on advertisement information encryption is proposed in this paper. Ask the control mechanism. This scheme not only can control the security delivery of information, but also retains the advantages of publishing subscription communication, such as the decoupling and system of clients. Scalability. In a network, subscription information meets advertisement information while setting up a publishing event The event propagation tree. On this basis, the access policy containing sensitive information is added to the advertisement information, The interest rate is encrypted. The security of the access control policy is in the matching process of subscription information and advertisement information in this way, the content-based route can still be completed while the information encryption is achieved, The simulation results show that the proposed scheme realizes the fine-grained access control, improves the security performance of the access control strategy of the publishing subscription system, and only adds a small amount of system. Information overhead. (3) In a content-based publishing subscription system, there are typically thousands of subscribers using a centralized mechanism to process an installation Full demand is not feasible. Since the number of subscribers interested in a service/ entity may change, a static security is established In view of this problem, this paper proposes a key management mechanism of mixed mode to manage the encryption key of the event, which uses the decentralized mechanism to efficiently group the agent, and provides the method including registration, key generation and dynamic member management. Finally, it proves that the key management mechanism of hybrid mode can effectively reduce the key updating of the system compared with other key management methods.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2301395
[Abstract]:Growing demand for content-centric applications has prompted researchers to rethink and redesign information storage and delivery on the Internet. More and more network loads contain multiple recipients. However, the host-centric architecture in the Internet is designed for point-to-point communications between two fixed ends. As a result, the current Internet architecture does not match the current data and applications centered on content, regardless of the source of the information, and the data required by the user is unknown in many cases. content-based networks have been proposed to address such requirements because content-based networks have the advantages of high efficiency, low network load, low latency, and high energy efficiency. Publishing a subscription communication paradigm is the most complex and mature example of such a network. This paper focuses on the research of key technology in publishing subscription system, realizes efficient and secure information distribution and management, and ensures the integrity, confidentiality and availability of information. The main achievements of this thesis are as follows: (1) In order to ensure the information security of the publishing and subscribing system in the non-completely trusted network environment, this paper proposes a publishing subscription system encryption based on redundant attributes, aiming at the multi-domain publishing subscription system model. The algorithm uses the redundant attributes of the event to form a vector space model and applies the redundant attributes to the event encryption process. When an event is in the sending process, the redundant attributes of the event appear in different combinations in different combinations according to the pre-established rules once the discovery information is revealed to an unauthorized user, the system can confirm the presence of a link to the line sniffing by combining the redundancy attribute in the leaked information and revoke the associated authorization certificate. This way does not increase the cost of the matching process and the subscription process overhead. Therefore, when the line sniffing is not ignored, the scheme in this paper helps to improve the security of the publishing subscription system Through simulation, the proposed scheme can effectively improve the security of the system without the support of the fully trusted agent connection. Performance. (2) In order to achieve three objectives of access control in a publishing subscription system: confidentiality control, integrity control, and availability control, for most studies, only the event content and subscription conditions are encrypted, and access control policies will be accessed In this paper, a publishing subscription system based on advertisement information encryption is proposed in this paper. Ask the control mechanism. This scheme not only can control the security delivery of information, but also retains the advantages of publishing subscription communication, such as the decoupling and system of clients. Scalability. In a network, subscription information meets advertisement information while setting up a publishing event The event propagation tree. On this basis, the access policy containing sensitive information is added to the advertisement information, The interest rate is encrypted. The security of the access control policy is in the matching process of subscription information and advertisement information in this way, the content-based route can still be completed while the information encryption is achieved, The simulation results show that the proposed scheme realizes the fine-grained access control, improves the security performance of the access control strategy of the publishing subscription system, and only adds a small amount of system. Information overhead. (3) In a content-based publishing subscription system, there are typically thousands of subscribers using a centralized mechanism to process an installation Full demand is not feasible. Since the number of subscribers interested in a service/ entity may change, a static security is established In view of this problem, this paper proposes a key management mechanism of mixed mode to manage the encryption key of the event, which uses the decentralized mechanism to efficiently group the agent, and provides the method including registration, key generation and dynamic member management. Finally, it proves that the key management mechanism of hybrid mode can effectively reduce the key updating of the system compared with other key management methods.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前8條
1 張繼德;屈爾慶;賀志芳;;基于發(fā)布/訂閱系統(tǒng)的安全管理平臺(tái)設(shè)計(jì)[J];計(jì)算機(jī)科學(xué);2008年04期
2 苑洪亮;張捷;郭長(zhǎng)國(guó);史殿習(xí);;內(nèi)容發(fā)布訂閱系統(tǒng)中事件可靠傳遞的研究[J];計(jì)算機(jī)工程與科學(xué);2007年09期
3 董飚;陳金輝;孫亞民;;大規(guī)模發(fā)布/訂閱系統(tǒng)中的可靠性模型[J];計(jì)算機(jī)科學(xué);2008年09期
4 馬建剛;黃濤;汪錦嶺;徐罡;葉丹;;面向大規(guī)模分布式計(jì)算發(fā)布訂閱系統(tǒng)核心技術(shù)[J];軟件學(xué)報(bào);2006年01期
5 鄒吉昌;段斌;李晶;;基于內(nèi)容的發(fā)布/訂閱系統(tǒng)安全框架設(shè)計(jì)[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年19期
6 王曦;肖曉麗;;基于移動(dòng)代理和密鑰共享的發(fā)布/訂閱系統(tǒng)的研究與設(shè)計(jì)[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年18期
7 姚剛;鄧江沙;;基于JMS的消息過(guò)濾改進(jìn)算法[J];計(jì)算機(jī)技術(shù)與發(fā)展;2006年07期
8 薛濤;馮博琴;李波;董劍;;基于內(nèi)容的發(fā)布訂閱系統(tǒng)中快速匹配算法的研究[J];小型微型計(jì)算機(jī)系統(tǒng);2006年03期
相關(guān)博士學(xué)位論文 前1條
1 王青龍;廣播加密中的叛逆者追蹤研究[D];北京交通大學(xué);2009年
,本文編號(hào):2301395
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2301395.html
最近更新
教材專著
