臺灣博碩士論文加值系統

雖然已經有許多隨意視訊系統被發展出來，但是絕大部分的研究都著重於網路傳輸架構與媒體伺服器的設計以提昇整體系統效能。在本篇論文裡，我們以現代密碼學為基礎，設計出一個適合隨意視訊系統的安全協定，並針對隨意視訊系統內媒體的特性作選擇性加密動作。
我們的隨意視訊系統是建立在Java平台上的一套系統，因此這套系統具有跨平台、分散式、安全性等等特性。在設計上我們將系統分成三個子系統：系統管理站、媒體伺服器、以及使用者播放端。
今日，雖然已經存在一些一般用途的安全協定，但是他們並不適用於隨意視訊系統。於是我們設定一個符合隨意視訊系統需求的安全協定，具有隱密性、完整性、確認性、以及不可否認性等特性。
目前常見的媒體格式在設計時並沒有考慮到安全性的問題，但這並不表示說這些媒體資料不需要被保護。實際上，以隨意視訊系統而言，如何讓非法用戶無法觀看系統所提供的媒體是相當重要的。對媒體加密雖可以達到上述的功能，但卻會造成系統效率急速下降，這是因為加解密動作都是相當耗CPU資源的。根據媒體的資料結構及特性，在此我們提出一種兼具安全性與效率性的階層式加密方式 (hierarchical encryption scheme) 以用來保護隨意視訊系統裡的媒體資料。
本篇論文中我們分析了隨意視訊系統的安全需求，並指出現有的安全協定不合適於隨意視訊系統之處。我們提出一個適合隨意視訊系統的安全協定及階層式加密方法，最後將整套系統實作在Java平台上。

Video-On-Demand (VOD) systems provide video services to users on broadband networks. Most of proposed VOD systems are primarily designed for improving their performance. However, it is important to prevent unauthorized users from viewing the videos, provide secure communication and protect private information of each system component from attackers for service providers.
In this thesis, a distributed VOD system is designed and implemented on Java platform. The proposed system mainly consists of the VOD manager, the VOD server, and the VOD client. We analyzed the security requirements of VOD systems, discussed several secure protocols, and showed they are not suitable to VOD environments. A secure VOD protocol using cryptography is provided to integrate security features into the system. For the performance of the VOD system, a hierarchical encryption scheme basing on selective encryption is proposed to guarantee real time media transmission.

CHAPTER 1 INTRODUCTION1
1.1 Cryptography2
1.2 The Java Platform6
1.3 Organization of this Thesis7
CHAPTER 2 SYSTEM OVERVIEW8
2.1 System Architecture9
2.2 The VOD Manager10
2.3 The VOD Server12
2.4 The VOD Client13
2.5 The VOD Security Management System15
CHAPTER 3 THE SECURE VOD PROTOCOL16
3.1 Security Requirement for the Proposed VOD17
3.2 Implementing Consideration18
3.3 The Proposed Protocol19
3.3.1 Signals Between the VOD Client and the VOD Manager21
3.3.2 Signals Between the VOD Server and the VOD Manager27
3.3.3 Signals Between the VOD Client and the VOD Server28
CHAPTER 4 SECURITY FOR REAL TIME MPEG TRANSMISSION30
4.1 MPEG Structure31
4.2 The Security Enhanced MPEG34
4.2.1 Previous Works34
4.2.2 The Proposed Encryption Scheme for VOD Systems35
CHAPTER 5 CONCLUSION38
REFERENCE.39

[AA96]Kevin C. Almeroth and Mostafa H. Ammar, "The Use of Multicast Delivery to Provide a Scalable and Interactive Video-on-Demand Service," IEEE J. Select. Areas Commun., vol. 14, no. 6, pp. 1110-1122, Aug. 1996
[BA96]Scott A. Barnett and Gary J. Anido, "A Cost Comparision of Distributed and Centralized Approaches to Video-on-Demand," IEEE J. Select. Areas Commun., vol. 14, no. 6, pp. 1173-1182, Aug. 1996
[BXZ95]T. M. Bachtiar, Y. Xu , and C. N. Zhang, "A Secure Video On Demand System," IEEE Pacific Rim Conference on Communications, Computers, and Signal Processing, Proceedings, pp. 304-307, 1995
[BZLS94]Weiqiang Bai, Panagiotis Zarros, Myung Lee, and Tarek Saadawi, "Design, Implemention and Analysis of a Multimedia Conference System Using TCP/UDP", IEEE International Conference on Communications, ICC '94, SUPERCOMM/ICC '94, Conference Record, 'Serving Humanity Through Communications.' pp. 1749-1753, vol.3, 1994
[CJRS89]David D. Clark, Van Jacobson, John Romkey, and Howard Salwen, "An Analysis of TCP Processing Overhead", IEEE Communication Magazine, pp. 23-29, Jun. 1989
[DSS94]FIPS PUB 186: U.S. Department of Commerce, Digital Signature Standard (DSS), Federal Information Standards Publication 186, 1994
[DVH94]Daniel Deloddere, Willem Verbiest, and Henri Verhille, "Interactive Video On Demand," IEEE Communications Magazine, pp. 82-88, May 1994
[F98]Jim Farley, Java Distributed Computing, O'Reilly & Associates, inc. Jan. 1998
[FKK96]A. Freier, P. Karlton and P. Kocher, "The SSL Protocl, Version 3.0, draft-freier-ssl-version3-02.txt," Nov. 1996, <http://home.netscape.com/eng/ssl3/draft302.txt>
[HC98]Jason Hunter and William Crawford, Java Servlet Programming, O'Reilly & Associates, inc. Dec. 1998
[IPSEC]IP Security Protocol working group (IETF), <http://www.ietf.org/html.charters/ipsec-charter.html>
[ISO11172]ISO/IEC 11172
[JAVA]Java Platform Documentation, <http://java.sun.com/docs/index.html>
[K97]Hoyt L. Kesterson II, "Digital Signatures - Whom Do You Trust?" IEEE Aerospace Conference, Proceedings, Volume: 4, pp. 159-170, vol.4, 1997
[KC99]Youne-Kyoung Kang and Ki-Dong Chung, "Design and Analysis for Clustered Multimedia News on Demand System," The 13th International Conference on Information Networking (ICOIN-13), vol. 2, pp. 2c-2.1-2c-2.6, Jan. 1999
[KR97]T. Kunkelmann and R. Reinema, " A scalable security architecture for multimedia communication standards," Proceedings, IEEE International Conference on Multimedia Computing and Systems, pp. 660 -661, 1997
[AG96]I. Agi and Li Gong, "An empirical study of secure MPEG video transmissions ", Proceedings of the Symposium on Network and Distributed System Security, pp. 137-144 1996
[MG95]J. Meyer and F. Gadegast, "Security Mechanisms for Multimedia-Data with the example MPEG-I-Video," Project description of SECMPEG, Technical University of Berlin, Germay, May 1995
[NPSS95]J. P. Nussbaumer, B. V. Patel, F. Schaffa, and J. P. G. Sterbenz, "Networking requirements for interactive video-on-demand," IEEE J. Select. Areas Commun., vol. 13, no. 5, pp. 779-787, 1995
[O97]R. Oppliger, "Internet Security - Firewalls and Beyond," In Communications of ACM, vol. 40, no. 5, May 1997
[O98]Scott Oaks, Java Security, First ed., O'Reilly & Associates, inc. May 1998
[PMKD97]Peter Parnes, Mattias Mattsson, Kare Synnes, and Dick Schefstrom, "mMOD: the multicast Media-on-Demand system," <http://www.cdt.luth.se/~peppar/progs/mMOD/>
[RS97]E. Rescorla and A. Schiffman, "The secure HyperText Transfer Protocol, draft-ietf-wts-shttp-06.txt", Mar. 1997, <http://search.ietf.org/internet-drafts/draft-ietf-wts-shttp-06.txt>
[RSA78]R.L. Rivist, A. Shamir, and L. Adleman, "A Methmod for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21, no.2, pp.120-126, Feb. 1978
[S90]W. D. Sincoskie, "Video On Demand: Is It Feasible?" Proc. of IEEE Globecom, vol. 1, pp. 201-205. 1990
[S96]B. Schneier, Applied Cryptography, 2nd ed., John Wiley & Sons, New York, 1996
[SM96]G. A. Spanos and T. B. Maples, "Security for real-time MPEG compressed video in distributed multimedia applications ", Conference Proceedings of the 1996 IEEE Fifteenth Annual International Phoenix Conference on Computers and Communications, pp. 72-78, 1996
[T96]Andrew S. Tanenbaum, Computer Networks, third ed., Prentice-Hall, Inc. 1996
[TLS]Transport Layer Security working group (IETF), <http://www.ietf.org/html.charters/tls-charter.html>
[X.509]ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8:1997, Information technology - Open Systems Interconnection - The Directory: Authentication framework