第1页共17页编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第1页共17页MulticastreceiveraccesscontrolbyIGMP-ACOriginalResearchArticleComputerNetworksIPmulticastisbest-knownforitsbandwidthconservationandlowerresourceutilization.ThepresentservicemodelofmulticastmakesitdifficulttorestrictaccesstoauthorizedEndUsers(EUs)orpayingcustomers.Withoutaneffectivereceiveraccesscontrol,anadversarymayexploittheexistingIPmulticastmodel,whereahostorEUcanjoinanymulticastgroupbysendinganInternetGroupManagementProtocol(IGMP)joinmessagewithoutpriorauthenticationandauthorization.Wehavedevelopedanovel,scalableandsecuredaccesscontrolarchitectureforIPmulticastthatdeploysAuthenticationAuthorizationandAccounting(AAA)protocolstocontrolgroupmembership.Theprincipalfeatureoftheaccesscontrolarchitecture,receiveraccesscontrol,isaddressedinthispaper.TheEUorhostinformsthemulticastAccessRouter(AR)ofitsinterestinreceivingmulticasttrafficusingtheIGMPprotocol.WeproposethenecessaryextensionsofIGMPv3tocarryAAAinformation,calledIGMPwithAccessControl(IGMP-AC).ForEUauthentication,IGMP-ACencapsulatesExtensibleAuthenticationProtocol(EAP)packets.EAPisanauthenticationframeworktoprovidesomecommonfunctionsandanegotiationofthedesiredauthenticationmechanism.Thus,IGMP-ACcansupportavarietyofauthenticationsbyencapsulatingdifferentEAPmethods.Furthermore,wehavemodeledtheIGMP-ACprotocolinPROMELA,andalsoverifiedthemodelusingSPIN.WehaveillustratedtheEAPencapsulationmethodwithanexampleEAPmethod,EAPInternetKeyExchange(EAP-IKEv2).WehaveusedAVISPAtovalidatethesecuritypropertiesoftheEAP-IKEv2methodinpass-throughmode,whichfitswithintheIGMP-ACarchitecture.Finally,wehaveextendedourpreviouslydevelopedaccesscontrolarchitecturetoaccomplishinter-domainreceiveraccesscontrolanddemonstratedtheapplicabilityofIGMP-ACinamulti-domainenvironment.ArticleOutline1.Introduction2.Backgroundwork2.1.InternetGroupManagementProtocol(IGMP)第2页共17页第1页共17页编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第2页共17页2.2.AAAprotocols2.3.Accesscontrolarchitecturewithe-commercecommunication2.3.1.Participantaccesscontrol2.3.2.e-Commercecommunication2.3.3.Policyenforcement2.3.4.Limitationofthearchitecture3.Problemdefinition3.1.EffectsofforgedIGMPreportmessages3.2.Goalsofreceiveraccesscontrol3.3.Groupkeymanagementvs.receiveraccesscontrol3.4.Relationshipofreceiveraccesscontroltokeymanagementandaccounting3.5.ReceiveraccesscontrolthroughextendedIGMP3.5.1.CouplingaccesscontrolwithIGMP3.5.2.ExtendingtheIGMPv3protocol4.Relatedwork5.IGMPwithAccessControl(IGMP-AC)5.1.Requirements5.2.Protocoldescriptions5.2.1.Hostbehavior5.2.2.RoleofAAAServer(AAAS)5.2.3.RoleofAccessRouter(AR)5.3.Additionalmessages5.4.Requiredreceptionstates5.4.1.Receptionstatesmaintainedbythehost5.4.2.ReceptionstatesmaintainedbytheAR5.5.SecuringIGMP-ACmessages6.VerificationofIGMP-ACusingSPIN6.1.Modeldescription6.2.Verificationresults7.AuthenticationusingEAP7.1.EAPencapsulationoverIGMP-AC7.2.EAP-IKEv2protocol第3页共17页第2页共17页编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第3页共17页7.3.EnhancedsecurityforIGMP-ACmessages8.ValidationofEAP-IKEv2methodusingAVISPA8.1.SecuritypropertiesoftheEAP-IKEv2method8.2.Thepeer-to-peermodel8.2.1.Limitationsofthepeer-to-peermodel8.2.2.Securitygoals8.2.3.Findingtheattack8.2.4.Securingthepeer-to-peermodel8.3.Thepass-throughmodel9.Inte...
