具有安全性考量的動態路由機制

Sheng-Kun Chan; 詹勝

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/38179

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	逄愛君(Ai-Chun Pang)
dc.contributor.author	Sheng-Kun Chan	en
dc.contributor.author	詹勝	zh_TW
dc.date.accessioned	2021-06-13T16:27:31Z	-
dc.date.available	2005-07-20
dc.date.copyright	2005-07-20
dc.date.issued	2005
dc.date.submitted	2005-07-14
dc.identifier.citation	Bibliography [1] G. Apostolopoulos, V. Peris, P. Pradhan, and D. Saha. Securing Electronic Commerce: Reducing the SSL Overhead. In IEEE Network, 2000. [2] S. Bohacek, J. P. Hespanha, K. Obraczka, J. Lee, and C. Lim. Enhancing Security via Stochastic Routing. In International Conference on Computer Communications and Networks (ICCCN), 2002. [3] D. Collins. Carrier Grade Voice Over IP. McGraw-Hill, 2003. [4] T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. MIT Press, 1990. [5] J. Daemen and V. Rijmen. The design of Rijndael: AES \| the Advanced Encryption Standard. Springer-Verlag, 2002. [6] S. Frankel, R. Glenn, and S. Kelly. The AES-CBC Cipher Algorithm and Its Use with IPSec, Request for comments (RFC 3602). September 2003. [7] FreeS/WAN. http://www.freeswan.org. [8] I. Gojmerac, T. Ziegler, F. Ricciato, and P. Reichl. Adaptive Multipath Routing for Dynamic Tra±c Engineering. In IEEE Global Telecommunications Conference, 2003. [9] D. Harkins and D. Carrel. Internet Key Exahange (IKE), Request for comments (RFC 2409). November 1998. [10] C. Hopps. Analysis of an Equal-Cost Multi-Path Algorithm, Request for comments (RFC 2992). November 2000. [11] C. Kaufman, R. Perlman, and M. Speciner. Network Security - PRIVATE Communication in a PUBLIC World, 2nd Edition. Prentice Hall PTR, 2002. [12] J. F. Kurose and K. W. Ross. Computer Networking - A Top-Down Approach Featuring the Internet. Addison Wesley, 2003. [13] S.-H. Liu, Y.-F. Lu, C.-F. Kuo, A.-C. Pang, and T.-W. Kuo. The Performance Evaluation of a Dynamic Con‾guration Method over IPSEC. In IEEE Real-Time Systems Symposium: Works in Progress Session, 2003. [14] W. Lou and Y. Fang. A Multipath Routing Approach for Secure Data Delivery. In IEEE Military Communications Conference (MilCom'2001), 2001. [15] W. Lou, W. Liu, and Y. Fang. SPREAD: Improving network security by multipath routing. In IEEE Military Communications Conference (MilCom'2003), 2003. [16] G. Malkin. Routing Information Protocol (RIP) Version 2 Carrying Additional Information, Request for comments (RFC 1723). November 1994. [17] October 2004 Map poster of the GEANT topology. http://www.geant.net/upload/pdf/topology oct 2004.pdf. [18] D. L. Mills. DCN Local-Network Protocols, Request for comments (RFC 891). December 1983. [19] J. Moy. Open Shortest Path First (OSPF) Version 2, Request for comments (RFC 1247). July 1991. [20] C. Perkins and P. Bhagwat. Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. In ACM SIGCOMM'94 Conference on Com- munications Architectures, Protocols and Applications, pages 234-244, 1994. [21] Secure Sockets Layer (SSL). http://www.openssl.org/. [22] Cisco Systems. White Paper: EIGRP. September 2002. [23] R. Thayer, N. Doraswamy, and R. Glenn. IP Security Document Roadmap, Request for comments (RFC 2411). November 1998. [24] The Network Simulator-ns2. http://www.isi.edu/nsnam/ns/. [25] J. Yang and S. Papavassiliou. Improving Network Security by Multipath Traffic Dispersion. In IEEE Military Communications Conference (MilCom'2001), 2001.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/38179	-
dc.description.abstract	資訊安全已經成為在無線網路及有線網路上傳輸資料的重要議題。過去的研究主要是在加解密演算法的設計以及系統架構上的整合。我們則是針對利用網路上的路由機制，來達到增加資訊安全性的目的。我們提出了一個動態路由機制，能夠隨機的挑選傳送封包的路徑、減少路徑相似度（連續兩個封包傳送路徑的相同連結數）。所提出的機制容易實作，而且可以與目前現存的網路路由機制相容，像是有線網路上的Routing Information Protocol (RIP) 或是無線網路上的 Destination-Sequenced Distance Vector (DSDV) 路由機制，且沒有增加控制封包的數量。我們也在數學分析上做了相關的研究，並使用了相關的實驗方法來驗證所提出的機制。	zh_TW
dc.description.abstract	Security has become one of the major issues for data communication over wired and wireless networks. In the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. The common objectives of the aforementioned methods are often to defeat various threats over the network, including eavesdropping, spoofing, session hijacking, etc. Different from the past work on the designs of cryptography algorithms and system infrastructures, we aim at the proposing of a dynamic routing algorithm that could randomize delivery paths for data transmission. Based on distance-vector exchanges, the algorithm can be easily implemented over the existing popular routing protocol, such as Routing Information Protocol (RIP) in wired networks and Destination-Sequenced Distance Vector (DSDV) Protocol in wireless networks, without introducing extra control messages. A proper integration of dynamic routing and cryptography-based system designs would further and significantly enhance the security of data transmission over the networks. For example, the security level could be increased when the feedback cipher mode of block ciphering algorithms (e.g., DES and AES), such as Cipher Block Chaining (CBC) and Cipher Feedback (CFB), is adopted. Furthermore, if a key-exchange mechanism (e.g., the Internet Key Exchange (IKE)) is used during data transmission, less packets encrypted by some specific key can be obtained by attackers, which makes it more difficult to derive the original plain text. An analytic study on the proposed algorithm is presented, and a series of performance evaluation is conducted to verify the analytic results and the capability of the proposed algorithm. Analytic and experimental results show that our proposed algorithm introduces a considerably small emph{path similarity} (i.e., the number of common links between two paths) of two consecutive packets transmitted and greatly outperforms the standard shortest-path and equal-cost routing algorithms.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T16:27:31Z (GMT). No. of bitstreams: 1 ntu-94-R92922002-1.pdf: 361053 bytes, checksum: 1d75360642c139e7dede34ee1a394332 (MD5) Previous issue date: 2005	en
dc.description.tableofcontents	Contents List of Tables I List of Figures II 1 Introduction 1 2 Problem Statement 5 3 Security-Enhanced Dynamic Routing 8 3.1 Notations and Data Structures 8 3.2 A Distributed Dynamic Routing Algorithm 10 3.3 An Analytic Study 17 3.4 Implementation Remarks 20 4 Performance Evaluation 21 4.1 Effect of l on E[SimPSl] 23 4.2 Effect of l on Single-Trip Time and Jitter 26 5 Conclusion and Future Work 29 5.1 Conclusion 29 5.2 Future Work 30 Bibliography 31
dc.language.iso	en
dc.subject	路由機制	zh_TW
dc.subject	網路安全	zh_TW
dc.subject	security	en
dc.subject	routing	en
dc.title	具有安全性考量的動態路由機制	zh_TW
dc.title	Dynamic Routing with Security Considerations	en
dc.type	Thesis
dc.date.schoolyear	93-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	郭大維(Tei-Wei Kuo),施吉昇(Chi-Sheng Shih)
dc.subject.keyword	路由機制,網路安全,	zh_TW
dc.subject.keyword	routing,security,	en
dc.relation.page	33
dc.rights.note	有償授權
dc.date.accepted	2005-07-14
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-94-1.pdf 未授權公開取用	352.59 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。