基于kerberos的net-snmp系统拓展实现
发布时间:2018-11-08 12:38
【摘要】:随着高速Internet的发展,越来越多的基于IP的实时业务出现。有线运营商和CabLabs及其会员制定了Packet Cable协议对数据包进行统一的定义、设计、开发和部署。 PacketCable2.0定义了一种通过高速Cable Modem接入的多媒体网络结构。在PacketCable2.0的系统架构中规定,安全Provisioning是UE使用SNMPv3协议配合Kerberos协议,为UE安全地提供IP配置参数的过程。 本课题将SNMPv3协议与Kerberos协议相结合,设计并实现了一种基于KSM的net-snmp拓展,共同为Provisioning过程提供安全性保证。论文主要工作如下: 1)研究基于KSM的SNMPv3协议的可行性,设计一种将SNMPv3默认安全模块USM替换为KSM的方法; 2)设计KSM的安全字段,将SNMPv3消息中USM的安全字段完全用KSM的安全字段替换; 3)完成KSM的分模块实现,主要分为安全参数解析模块,加密模块,认证模块,解密模块,安全参数构建模块等五个模块;完成基于KSM的net-snmp系统拓展实现; 4)用snmpget命令测试基于KSM的net-snmp系统效率,与基于USM的net-snmp系统的效率进行对比分析。 由于KSM基于第三方认证系统KDC,因此,基于Kerberos的SNMP系统大大简化了密钥管理,降低了使用SNMPv3协议设备的负担,使用户设备能承担安全性所耗费的性能,为SNMPv3的推广创造了条件;并且Kerberos基于证书安全,对通信双方进行认证,为SNMPv3的通信安全提供了强有力的保障。
[Abstract]:With the development of high-speed Internet, more and more real-time services based on IP appear. Cable operators and CabLabs and their members have developed a unified definition, design, development and deployment of data packets under the Packet Cable protocol. PacketCable2.0 defines a multimedia network structure via high-speed Cable Modem access. It is stipulated in the system architecture of PacketCable2.0 that secure Provisioning is a process in which UE uses SNMPv3 protocol to cooperate with Kerberos protocol to provide IP configuration parameters safely for UE. This paper combines SNMPv3 protocol with Kerberos protocol, designs and implements a kind of net-snmp extension based on KSM, which provides security guarantee for Provisioning process. The main work of this paper is as follows: 1) the feasibility of SNMPv3 protocol based on KSM is studied and a method of replacing SNMPv3 default security module USM with KSM is designed. 2) designing the security field of KSM, replacing the security field of USM in SNMPv3 message with the secure field of KSM; 3) the implementation of KSM is divided into five modules: security parameter analysis module, encryption module, authentication module, decryption module, security parameter construction module, etc. 4) the efficiency of net-snmp system based on KSM is tested with snmpget command, and the efficiency of net-snmp system based on USM is compared with that of net-snmp system based on USM. Because KSM is based on the third party authentication system KDC, the SNMP system based on Kerberos greatly simplifies the key management, reduces the burden of using SNMPv3 protocol devices, enables the user equipment to bear the performance of the security cost, and creates the conditions for the popularization of SNMPv3. Based on the certificate security, Kerberos authenticates the two sides of the communication, which provides a strong guarantee for the communication security of SNMPv3.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP311.52
本文编号:2318531
[Abstract]:With the development of high-speed Internet, more and more real-time services based on IP appear. Cable operators and CabLabs and their members have developed a unified definition, design, development and deployment of data packets under the Packet Cable protocol. PacketCable2.0 defines a multimedia network structure via high-speed Cable Modem access. It is stipulated in the system architecture of PacketCable2.0 that secure Provisioning is a process in which UE uses SNMPv3 protocol to cooperate with Kerberos protocol to provide IP configuration parameters safely for UE. This paper combines SNMPv3 protocol with Kerberos protocol, designs and implements a kind of net-snmp extension based on KSM, which provides security guarantee for Provisioning process. The main work of this paper is as follows: 1) the feasibility of SNMPv3 protocol based on KSM is studied and a method of replacing SNMPv3 default security module USM with KSM is designed. 2) designing the security field of KSM, replacing the security field of USM in SNMPv3 message with the secure field of KSM; 3) the implementation of KSM is divided into five modules: security parameter analysis module, encryption module, authentication module, decryption module, security parameter construction module, etc. 4) the efficiency of net-snmp system based on KSM is tested with snmpget command, and the efficiency of net-snmp system based on USM is compared with that of net-snmp system based on USM. Because KSM is based on the third party authentication system KDC, the SNMP system based on Kerberos greatly simplifies the key management, reduces the burden of using SNMPv3 protocol devices, enables the user equipment to bear the performance of the security cost, and creates the conditions for the popularization of SNMPv3. Based on the certificate security, Kerberos authenticates the two sides of the communication, which provides a strong guarantee for the communication security of SNMPv3.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP311.52
【参考文献】
相关期刊论文 前5条
1 刘洋;季仲梅;刘其锋;;SNMPv3协议安全机制的研究[J];计算机安全;2010年01期
2 应伟锋,段小东,沈金龙;SNMPv1、SNMPv2和SNMPv3的安全性协议分析与比较[J];计算机工程;2002年10期
3 赖旭军;王庆生;;浅析SNMPv3的安全性[J];科技情报开发与经济;2008年01期
4 姚春华;江泓;;基于角色的动态访问控制在SNMPv3中的应用[J];通信技术;2008年05期
5 华丕焕;;基于软交换技术的VoIP over HFC[J];有线电视技术;2007年01期
,本文编号:2318531
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2318531.html
