电信与移动互联网行业 市场 企业 产品应用及无线网民的特点、行业发展

MulticastreceiveraccesscontrolbyIGMP-ACOriginalResearchArticleComputerNetworksIPmulticastisbest-knownforitsbandwidthconservationandlowerresourceutilization.ThepresentservicemodelofmulticastmakesitdifficulttorestrictaccesstoauthorizedEndUsers(EUs)orpayingcustomers.Withoutaneffectivereceiveraccesscontrol,anadversarymayexploittheexistingIPmulticastmodel,whereahostorEUcanjoinanymulticastgroupbysendinganInternetGroupManagementProtocol(IGMP)joinmessagewithoutpriorauthenticationandauthorization.Wehavedevelopedanovel,scalableandsecuredaccesscontrolarchitectureforIPmulticastthatdeploysAuthenticationAuthorizationandAccounting(AAA)protocolstocontrolgroupmembership.Theprincipalfeatureoftheaccesscontrolarchitecture,receiveraccesscontrol,isaddressedinthispaper.TheEUorhostinformsthemulticastAccessRouter(AR)ofitsinterestinreceivingmulticasttrafficusingtheIGMPprotocol.WeproposethenecessaryextensionsofIGMPv3tocarryAAAinformation,calledIGMPwithAccessControl(IGMP-AC).ForEUauthentication,IGMP-ACencapsulatesExtensibleAuthenticationProtocol(EAP)packets.EAPisanauthenticationframeworktoprovidesomecommonfunctionsandanegotiationofthedesiredauthenticationmechanism.Thus,IGMP-ACcansupportavarietyofauthenticationsbyencapsulatingdifferentEAPmethods.Furthermore,wehavemodeledtheIGMP-ACprotocolinPROMELA,andalsoverifiedthemodelusingSPIN.WehaveillustratedtheEAPencapsulationmethodwithanexampleEAPmethod,EAPInternetKeyExchange(EAP-IKEv2).WehaveusedAVISPAtovalidatethesecuritypropertiesoftheEAP-IKEv2methodinpass-throughmode,whichfitswithintheIGMP-ACarchitecture.Finally,wehaveextendedourpreviouslydevelopedaccesscontrolarchitecturetoaccomplishinter-domainreceiveraccesscontrolanddemonstratedtheapplicabilityofIGMP-ACinamulti-domainenvironment.ArticleOutline1.Introduction2.Backgroundwork2.1.InternetGroupManagementProtocol(IGMP)2.2.AAAprotocols2.3.Accesscontrolarchitecturewithe-commercecommunication2.3.1.Participantaccesscontrol2.3.2.e-Commercecommunication2.3.3.Policyenforcement2.3.4.Limitationofthearchitecture3.Problemdefinition3.1.EffectsofforgedIGMPreportmessages3.2.Goalsofreceiveraccesscontrol3.3.Groupkeymanagementvs.receiveraccesscontrol3.4.Relationshipofreceiveraccesscontroltokeymanagementandaccounting3.5.ReceiveraccesscontrolthroughextendedIGMP3.5.1.CouplingaccesscontrolwithIGMP3.5.2.ExtendingtheIGMPv3protocol4.Relatedwork5.IGMPwithAccessControl(IGMP-AC)5.1.Requirements5.2.Protocoldescriptions5.2.1.Hostbehavior5.2.2.RoleofAAAServer(AAAS)5.2.3.RoleofAccessRouter(AR)5.3.Additionalmessages5.4.Requiredreceptionstates5.4.1.Receptionstatesmaintainedbythehost5.4.2.ReceptionstatesmaintainedbytheAR5.5.SecuringIGMP-ACmessages6.VerificationofIGMP-ACusingSPIN6.1.Modeldescription6.2.Verificationresults7.AuthenticationusingEAP7.1.EAPencapsulationoverIGMP-AC7.2.EAP-IKEv2protocol7.3.EnhancedsecurityforIGMP-ACmessages8.ValidationofEAP-IKEv2methodusingAVISPA8.1.SecuritypropertiesoftheEAP-IKEv2method8.2.Thepeer-to-peermodel8.2.1.Limitationsofthepeer-to-peermodel8.2.2.Securitygoals8.2.3.Findingtheattack8.2.4.Securingthepeer-to-peermodel8.3.Thepass-throughmodel9.Inter-domainreceiveraccesscontrol9.1.Diameteragents9.2.Proposedinter-domainarchitecture9.2.1.Enforcingsecured-groupstatusforinter-domaingroups9.2.2.IGMP-ACbehavior9.2.3.Distributedvs.centralizeddatabase10.Discussion10.1.Scalability10.2.Delayinpacketdelivery10.3.Messagecomplexity10.4.MobilityofEndUsers11.ConclusionandfutureworkAcknowledgementsReferencesZone-basedvirtualbackboneformationinwirelessadhocnetworksOriginalResearchArticleAdHocNetworksEfficientprotocolforclusteringandbackboneformationisoneofthemostimportantissuesinwirelessadhocnetworks.Connecteddominatingset(CDS)formationisapromisingapproachforconstructingvirtualbackbone.However,findingtheminimumCDSinanarbitrarygraphisaNP-Hardproblem.Inthispaper,wepresentanovelzone-baseddistributedalgorithmforCDSformationinwirelessadhocnetworks.InthisZonealgorithm,wecombinethezoneandlevelconceptstosparsifytheCDSconstructedbypreviouswell-knownapproaches.Therefore,thisproposedalgorithmcansignificantlyreducetheCDSsize.Particularly,wepartitionthewirelessnetworkintodifferentzones,constructadominatingtreeforeachzoneandconnectadjacentzonesbyinsertingadditionalconnectorsintothefinalCDS(atthezoneborders).Ourcomprehensivesimulationstudyusingacustomsimulatorshowsthatthiszone-basedalgorithmismoreeffectivethanpreviousapproaches.ThenumberofnodesintheCDSformedbythisZonealgorithmisuptoaround66%lessthanthatconstructedbyothers.Moreover,wealsocomparetheperformanceofZonealgorithmwithsomerecentlyproposedCDSformationprotocolsinns2simulator.ArticleOutline1.Introduction2.Relatedwork3.Networkassumptionsandpreliminaries4.Zone-basedCDSformationalgorithm4.1.Overview4.2.Degreebasedalgorithm4.2.1.Zonepartition4.2.2.Dominatingtreeformation4.2.3.Adjustmentalongthezoneborders4.2.4.Example5.Performanceanalysis6.Discussions6.1.Approximationratioandnetworkmodel6.2.Implementationissues6.3.Backbonemaintenance7.Experimentalresults7.1.Simulationinidealnetworks7.1.1.SizeofCDS7.1.2.NodedegreeintheCDS7.1.3.Hop