Research On Key Technology Of Security For New Generation Video Conferencing

With the development of network technology and multimedia technology, people areincreasingly not satisfied with the text and voice communication based on network,multimedia applications, such as video conferencing, are developing rapidly and increasinglybecome an important means of remote communication and collaboration for people.Security is one of the key issues to build the new generation video conferencing systems,and carry out the safe and reliable video conferencing services. This paper studies theframework of the new generation video conferencing, the trusted computing based securityarchitecture of video conferencing, the security of signaling of video conferencing, and thecontrollable multicast of the new generation video conferencing. The specific research is asfollows.Firstly, based on the next generation Internet with IPv6protocol, combining with theSIPPING Conference Framework and the XCON conferencing framework, we design a newgeneration video conferencing architecture, which has QoS assurance and scalability, anddevelope the system. This paper focuses on the security part of the system. And this paperproposes a security functional model for the new generation video conferencing, whichdefines the security functional areas, the elements of video conferencing securtiy, and therelationship between them in this model.Secondly, as the traditional software-based traditional video conferencing securitysolutions are vulnerable to theft, deception and invasion, combining with trusted computingtechnology, this paper proposes a Dual-layer Authentication Framework (DAF) for theconference entity and the user identity. With the DAF, this paper proposes a trusted computingbased security architecture of video conferencing. With the Trusted Platform Module (TPM)and Direct Anonymous Attestation, this paper designs a new SIP registration protocol toachieve a kind of security for video conferencing, which the TPM chip is as the trustedstarting point. This paper proves the security of the new protocol, and analyzes the securityand efficiency of the entire scheme.Thirdly, signaling protocols and media transport protocols play important roles in themultimedia communication systems. Session Initial Protocol (SIP) is an important signalingprotocol for video conferencing. To against the forged source address that leads to a variety ofmalicious attacks, based on the thinking of Trusted Network Connect (TNC) architecture, thispaper combines the source address validation of the Source Address Validation Architectureand the SIP application framework, and proposes the SIP security services model based on source address validation and the relevant definitions. Combining with the source addressvalidation, this paper designs the SIP two-way digest authentication algorithm to against theidentity deception of the client and proxy server in SIP authentication. To the SIP identitysecurity issues, this paper designs the identity-based signature based SIP identity scheme.These model, algorithm and scheme improve the authenticity and security of the SIPapplication, and would help to carry out traceable, safe and trusted SIP signaling service in thenext generation Internet. According to the relevant draft of the Internet Engineering TaskForce (IETF) and the IPv6protocol new features, we devolope an IPv6source addressvalidation switch based on the embedded Linux development environment. This paper carriesout the SIP security experiments with the switch in the CNGI-CERNET2campus network,and the experiment results show that the proposed shceme is effective.Fourthly, for the controllable and security issue of large-scale multicast service, thispaper proposes a Service-Oriented Controllable Multicast Model (SOCMM), whichintroduces the Service-Oriented Architecture (SOA) in software realm to the multicastservices. The model defines the hierarchy of the multicast service system, the mutualrelationship between the layers and the services of each layer in this model. With the opennetwork protocols, this paper proposes the reference implementation scheme for SOCMM,including the framework, the components, the communication protocols and the interfaces.According to the SOCMM and the IPv6multicast enviornment, we develope a controllablemulticast switch based on the embedded Linux development environment. This paper carriesout the IPv6controllable multicast experiments in the CNGI-CERNET2campus network, andthe experiment results show that the proposed shceme is effective.In summary, based on the framework research of the new generation of videoconferencing systems, this paper focuses on the security part of the system. And this paperproposes a video conferencing security functional model. Combining with the trustedcomputing technology, this paper designs a Dual-Layer authentication structure and a trustedcomputing based security architecture of video conferencing. Based on the TNC architecture,this paper combines the source address validation and the SIP application framework; andproposes a source address verification based SIP security model, two-way digestauthentication algorithm and Identity-based Signature based SIP security identificationscheme. This paper introduces the SOA architecture to the large-scale multicast services ofvideo conferencing, and designs a service-oriented controllable multicast model and thereference implementation. And this paper developes a security access control switch for thevideo conferencing system.