跳到主要內容

臺灣博碩士論文加值系統

(34.226.244.254) 您好!臺灣時間:2021/08/01 06:46
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:林秀靜
研究生(外文):Shiou-Jing Lin
論文名稱:一個基於Kerberos之SIP伺服端與客戶端單一簽入系統
論文名稱(外文):A single sign-on system based on Kerberos for both SIP servers and clients
指導教授:李忠憲李忠憲引用關係
指導教授(外文):Jung-Shian Li
學位類別:碩士
校院名稱:國立成功大學
系所名稱:電腦與通信工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:英文
論文頁數:72
中文關鍵詞:終端移動性
外文關鍵詞:application-layer anycastingterminal mobilityKerberosSIP-based VoIP
相關次數:
  • 被引用被引用:0
  • 點閱點閱:140
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在最近幾年,網路電話因為技術成熟的關係,越來越受到了重視,同時對網路電話移動性的需求也越來越多。SIP是網路電話的其中一種協定並且對於各種移動性支援良好,在我們的研究中,我們關注在終端移動性。終端移動性可以讓使用者在通話前或通話中移動到其他網域,但通話的情形卻不受影響。

但是,SIP本身並不是非常適合用於終端移動性,原因在於其所使用的認證方法HTTP digest需要事先在home network的SIP伺服端儲存使用者的資訊,這樣的情形會使得一個移動的使用者無法使用其所移動到network的SIP伺服端來傳遞SIP資訊。為了解決這個問題,我們把Kerberos的認證架構加到SIP環境中,改成使用tickets而不是使用者的帳號密碼來確認使用者的身分。而且這個方法可以帶來其他的好處,像是單一簽入,而且可以讓SIP伺服端和客戶端互相認證。

另外,為了根據performance以及path security來選擇一台Kerberos伺服器,或稱為KDC,我們設計application-layer
anycasting的機制:經由測量round-trip time以及path security來選擇最佳的KDC,這裡最佳的定義是我們可以選擇到最符合這兩項要求的KDC。

實驗結果顯示我們所提出的單一簽入系統可以在SIP伺服端和客戶端達成有效而安全的認證。
In the recent years, VoIP is gaining more and more attention since the VoIP related techniques have become mature.Meanwhile, the requirement of mobile management capability for VoIP is paid much attention as well. SIP is one of the protocols in VoIP and supports mobile management well. In our research, we focus on terminal mobility, which is the capability of moving to another domain while in session or before session but maintains the session unaffected.

However, SIP itself is not very suitable for terminal mobility since its authentication method HTTP digest requires that the user’s information should be stored in its home network’s SIP server in advance. The requirement causes the moving SIP client can’t utilize the local SIP server in the visited network to transmit the SIP messages. To solve the problem, we add the Kerberos authentication architecture in the SIP environment. We use tickets instead of username and password to prove a user’s identity, and the method can bring other benefits like single sign-on, mutual authentication between SIP
server and client, etc.

In addition, we want to select a Kerberos server, which is called a KDC, to provide service according to its performance and path security. We design the application-layer anycasting mechanism to choose the best KDC by measuring the round-trip time and path security between the KDCs and the user. The “best” in our system means that to meet performance and path security as possible.

Experiments show that our proposed single sign-on system could achieve efficient authentication for both SIP servers and clients in a secured manner.
ABSTRACT.....IV
摘 要.....VI
誌 謝.....VIII
CONTENTS.....IX
LIST OF FIGURES.....XI
LIST OF TABLES.....XIII
CHAPTER 1 INTRODUCTION.....1
1.1 MOTIVATION AND SYSTEM OVERVIEW.....1
1.1.1 Authentication Using Kerberos in SIP Mobile Environment.....1
1.1.2 Application-layer Anycasting for the Best KDC.....3
1.2 THESIS ORGANIZATION.....4
CHAPTER 2 BACKGROUND.....5
2.1 SESSION INITIATION PROTOCOL.....5
2.1.1 SIP Basics.....5
2.1.2 SIP Mobility.....9
2.2 KERBEROS.....11
2.2.1 Authentication Protocol.....11
2.2.2 Contents of Exchanged Messages.....12
2.3 INTERNET PROTOCOL VERSION 6.....15
2.3.1 IPv6 Basics.....15
2.4 ANYCASTING MECHANISM.....18
2.4.1 IPv6 Network-layer Anycasting.....18
2.4.2 Application-layer Anycasting.....20
CHAPTER 3 RELATED WORK.....22
3.1 MOBILE IP AND SIP.....22
3.2 KERBEROS AND OTHER SERVER-BASED AUTHENTICATION TECHNOLOGIES.....24
3.2.1 LDAP.....24
3.2.2 RADIUS.....24
3.2.3 CAS.....25
CHAPTER 4 SYSTEM ARCHITECTURE.....26
4.1 SYSTEM ARCHITECTURE DIAGRAM AND SEQUENCE CHART.....26
4.2 AUTHENTICATION USING KERBEROS IN SIP MOBILE ENVIRONMENT.....28
4.2.1 Kerberized-SIP.....28
4.2.2 SIP Terminal Mobility.....29
4.3 APPLICATION-LAYER ANYCASTING DESIGN.....33
4.3.1 Performance Measure.....33
4.3.2 Path Security Measure.....34
CHAPTER 5 SYSTEM IMPLEMENTATION.....36
5.1 IPV6 KERBERIZD-SIP TESTBED ENVIRONMENT.....36
5.2 SIP TERMINAL MOBILITY IMPLEMENTATION.....38
5.3 KERBERIZED-SIP IMPLEMENTATION.....40
5.4 ANYCASTING MECHANISM IMPLEMENTATION.....42
5.4.1 The Client Side.....42
5.4.2 The Server Side.....43
CHAPTER 6 EXPERIMENTAL RESULT AND ANALYSIS.....46
6.1 THE PICTURES OF EXPERIMENTAL RESULT.....46
6.2 THE ANALYSIS OF MEASURE TIME.....50
6.2.1 Measure Time in Kerberized-SIP Environment.....50
6.2.2 Measure Time in Application-layer Anycasting.....53
CHAPTER 7 CONCLUSION.....55
BIBLIOGRAPHY.....57
[1] J. Rosenberg et al.,” SIP: Session Initiation Protocol,” IETF RFC 3261, June 2002.

[2] SIP會談起始協議操典,賈文康編著,松崗出版社2006

[3] N. Banerjee, Sajal K. Dan, A. Acharya, “SIP-based Mobility Architecture for Next Generation Wireless Networks”, 3rd IEEE Int’l. Conf. Pervasive Comp. and Commun., Mar. 2005, pp. 181–90.

[4] Shun-Chao Huang, Zong-Hua Liu, Jyh-Cheng Chen, “SIP-Based Mobile VPN for Real-Time Applications”, IEEE Wireless Communications and Networking Conference 2005

[5] N. Nakajima, A. Dutta, S. Das, H. Schulzrinne, “Handoff Delay Analysis and Measurement for SIP based mobility in IPv6”, in Proc. of IEEE International Conference on Communications (ICC) 2003, vol. 2, pp. 1085-1089, 2003.

[6] Chen-Hua Yeh, Quincy Wu, Yi-Bing Lin, “SIP Terminal Mobility for both IPv4 and IPv6”, Proceedings of the 26th IEEE International, 2006

[7] N. Banerjee, K. Basu, S. K. Das, “Hand-off Delay Analysis in SIP-based Mobility Management in Wireless Networks”, IEEE Parallel and Distributed Processing Symposium, 2003

[8] 林秀靜、李忠憲, ”終端移動性與安全機制在SIP-based環境下的研究與實作”, 全國電信2007

[9] 郭嘉明、李忠憲,”行動會議系統上可適性安全機制的研究與實作”, 全國電信2006

[10] J. Kohl, ” The Kerberos Network Authentication Service (V5)”, IETF RFC1510, September 1993


[11] 密碼學與網路安全原理與實務, page 440-460, William Stallings著, ��?出版社

[12] S. Deering and R. Hinden, “Internet Protocol version 6”, RFC 1883

[13] Whai-en Chen, Chia-Yung Su, Jui-Hung Weng, “Development of IPv6-IPv4 Translation Mechanisms for SIP-based VoIP Applications ”, IEEE Information Networking and Applications (AINA'05) Volume 2, 2005

[14] T. Hoeher, S. Tomic, “SIP collides with IPv6”, IEEE Proceedings of the International conference on Networking, 2006

[15] T. Robles, R. Ortiz, “Porting the Session Initiation Protocol to IPv6”, IEEE Internet Computing, vol. 07, no. 3, pp. 43-50, May/Jun, 2003

[16] IPv6新世代網際網路協定暨整合技術, 張瑞雄等著

[17] Chung-Ming Huang, Chao-Hsien Lee, “Layer 7 Multimedia Proxy Handoff Using Anycast/Multicast in Mobile Networks”, IEEE Transactions on Mobile Computing, vol. 6, no. 4, pp. 411-422, Apr., 2007

[18] Ellen W. Zegura, Mostafa H. Ammar,“Application-Layer Anycasting : A Server Selection Architecture and Use in a Replicated Web Service”, IEEE/ACM TRANSACTIONS ON NETWORKING, 2000

[19] S Zeadally, F Siddiqui, “An Empirical Analysis of Handoff Performance for SIP, Mobile IP, and SCTP Protocols”, Wireless Personal Communications Springer 2007

[20] H. Schulzrinne, E. Wedlund, “Application-layer mobility using SIP”, Mobile Computing and Communications Review, vol. 4, no.3, pp. 47-57, July 2000.

[21] A. Gulbrandsen, P. Vixie, L. Esibov, “A DNS RR for specifying the location of services (DNS SRV)”, RFC2782

[22] J. Garman, Kerberos: The Definitive Guide, O’Reilly 2003

[23] Minisip, http:://www.minisip.org

[24] SIP Express Router, http://www.iptel.org/ser

[25] MIT Kerberos Distribution, http://web.mit.edu/kerberos/dist/index.html

[26] Linux IPv6 Router Advertisement Daemon (radvd), http://www.litech.org/radvd

[27] Kerberos V5 API: Table of Contents, http://cryptnet.net/mirrors/docs/krb5api.html
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top