(3.238.96.184) 您好!臺灣時間:2021/05/10 08:55
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:林冠佑
研究生(外文):LIN, GUAN-YOU
論文名稱:基於資料命名網路之存取控制
論文名稱(外文):Access Control in Named Data Networking
指導教授:蘇宗安
指導教授(外文):SU, TZONG-AN
口試委員:林甫俊李榮三
口試委員(外文):LIN, FU-CHUNLEE, JUNG-SAN
口試日期:2017-06-12
學位類別:碩士
校院名稱:逢甲大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:105
語文別:中文
論文頁數:42
中文關鍵詞:資料命名網路以角色為基礎的存取控制Merkel Hash Tree
外文關鍵詞:Named Data NetworkingRole-based Access ControlMerkel Hash Tree
相關次數:
  • 被引用被引用:0
  • 點閱點閱:96
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:16
  • 收藏至我的研究室書目清單書目收藏:0
現今網路依靠 以 IP 位址為主的傳輸架構, 位址為主的傳輸架構, 隨著 網路類型的增長,導致目前 網路系統複雜且難以維護。為了消除對於 IP位址的依賴,資料命名網路 (Named Data Networking,NDN)被提出以取代目前網路架構。 被提出以取代目前網路架構。 NDN是一種以資料內容為 是一種以資料內容為 中心的網路架構,適用於目前趨向 以資料導向的 分散 式網路 應用。
我們發現在原本 NDN架構中,並 架構中,並 架構中,並 不存在 任何存取控制機,導致 任何存取控制機,導致 任何存取控制機,導致 任何存取控制機,導致 無法驗證 無法驗證 請求者的身分與存取權限 ,進而造成隱密性資料 ,進而造成隱密性資料 遭受非法 存取。 存取。 為解決上述問題, 為解決上述問題, 本篇論文提出 以 Role-based Access Control (RBAC)存取控制的機,架構在 存取控制的機,架構在 存取控制的機,架構在 NDN網路上,為 網路上,為 網路上,為 NDN中的 資訊 內容設置安全存取政策, 設置安全存取政策, 並設置一 道驗證 程序,驗證 程序,驗證 程序,請
Nowadays, the transmission of Internet depends on IP address. With the expansion of network service, the architecture of current network system becomes more complicated and harder to maintain. In order to dismiss the reliance on IP address, Name Data Networking (NDN) was proposed to replace current network architecture.
We found that there is no access control mechanism in NDN architecture. Hence, it may lead to the incapable of verifying the identity and permission of the requester. The private content of NDN will be suffered from illegal access. For this reason, we propose an access control mechanism on NDN which is based on Role-based Access Control (RBAC). This mechanism determines a secure access policy and a procedure of permission verification to examine the authority of the data requester.
誌謝 i
摘要 ii
Abstract iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 論文架構 2
第二章 相關知識與研究 3
2.1 資料命名網路 (Named Data Networking, NDN) 3
2.2 以角色為基 礎的存取控制 (Role-based Access Control, RBAC) 6
2.2.1 Core RBAC Model 7
2.2.2 階層式RBAC (Hierarchical RBAC) 8
2.2.3 靜態權責分離 (SSD) 8
2.3 Merkel Hash Tree (MHT) 9
2.4 Access Control in Named Data Networking 10
2.4.1 LIVE 10
2.4.2 Role Based Content Access Control in NDN 11
第三章 問題定義與分析 14
3.1 問題定義 14
3.2 研究目標 15
第四章 研究方法 16
4.1 NDN存取控制之管理模型 存取控制之管理模型 16
4.1.1 NDN內容資料之RBAC關聯 17
4.1.2 RBAC屬性樹決策 19
4.1.3 MHT 21
4.2 Registration 22
4.3 Ticket request in NDN-CP 24
4.4 Access verification in NDN 28
4.5 Token delegation 29
第五章 實驗分析 30
5.1 實驗環境 30
5.2 實驗結果與分析 31
5.2.1 The computation overhead of token generation in consumer 31
5.2.2 The delay time of ticket request in NDN-CP 32
5.2.3 The delay time of access verification in NDN node 34
5.2.4 The computation overhead of processing data packet in consumer 37
5.2.5 The hop-by-hop delay time in NDN 38
第六章 結論 39
參考文獻 40
[1] V. Jacobson, “A New Way to Look at Networking,” Google Tech Talk, 2006, https://www.youtube.com/watch?v=8Z685OF-PS8
[2] V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard, “Networking Named Content,” Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pp. 1-12, 2009.
[3] L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. D. Thornton, D. K. Smetters, B. Zhang, G. Tsudik, k. claffy, D. Krioukov, D. Massey, Christos, Papadopoulos, T. Abdelzaher, L. Wang, P. Crowley, and E. Yeh, “Named Data Networking (NDN) Project,” NDN, Technical Report NDN-0001, 2010.
[4] L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, kc claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang, “Named Data Networking,” ACM SIGCOMM Computer Communication Review, Vol. 44, No.3, pp. 66-73, 2014.
[5] Named Data Networking, https://named-data.net/project/archoverview/
[6] R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120-126, 1978.
[7] D. F. Ferraiolo and D. R. Kuhn, “Role-Based Access Controls,” 15th National Computer Security Conference, pp. 554-563, 1992.
[8] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-Based Access Control Models,” IEEE Computer, Vol. 29, No.2, pp. 38-47, 1996.
[9] “Role Based Access Control,” American National Standard for Information Technology, INCITS 359, 2004.
[10] V. C. Hu, D. F. Ferraiolo, and D. R. Kuhn, “Assessment of Access Control Systems,” National Institute of Standards and Technology, Interagency Report 7316, pp.6, 2006.
[11] R. C. Merkel, “A Digital Signature based on a Conventional Encryption Function,” Advances in Cryptology-CRYPTO, LNCS 293, pp. 369-378, 1988.
[12] Q. Li, X. Zhang, Q. Zheng, R. Sandhu, and X. Fu, “LIVE: Lightweight Integrity Verification and Content Access Control for Named Data Networking,” IEEE Transactions on Information Forensics and Security, Vol. 10, No.2, pp. 308-320, 2015.
[13] V. Hemanathan and N. Anusha, “Role Based Content Access Control in NDN,” Journal of Innovative Technology and Education, Vol. 2, No.1, pp.65-73, 2015.
[14] M. U. Aftab, M. A. Habib, N. Mehmood, M. Aslam, and M. Irfan, “Attributed Role Based Access Control Model,” Proceeding of 2015 IEEE Conference on Information Assurance and Cyber Security (CIACS), pp. 83-89, 2015.
[15] V. Jacobson, D. K. Smetters, J. D. Thornton, M. Plass, N. Briggs, and R. Braynard, “Networking Named Content,” Communications of the ACM, vol. 55, no. 1, pp.117-124, 2012.
[16] Y. Yu, “Public Key Management in Named Data Networking,” NDN, Technical Report NDN-0029, 2015
[17] ndn-cxx: NDN C++ library with eXperimental eXtensions 0.5.1-30-ge78eeca5 documentation, http://named-data.net/doc/ndn-cxx/current/
[18] A. Afanasyev, J. Shi, B. Zhang, L. Zhang, I. Moiseenko, Y. Yu, W. Shang, Y. Li, S. Mastorakis, Y. Huang, J. P. Abraham, E. Newberry, S. DiBenedetto, C. Fan, C. Papadopoulos, D. Pesavento, G. Grassi, G. Pau, H. Zhang, T. Song, H. Yuan, H.B. Abraham, P. Crowley, S. O. Amin, V. Lehman, M. Chowdhury, and L. Wang, “NFD Developer’s Guide,” NDN, Technical Report NDN-0021, 2016.
[19] Crypto++ Library 5.6.5, https://www.cryptopp.com/index.html
[20] Type-Length-Value (TLV) Encoding, https://named-data.net/doc/ndn-tlv/tlv.html

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文
 
系統版面圖檔 系統版面圖檔