| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 95 === With the advancement of information technology, many novel functions have been provided, and Internet capable information appliances are referred to as networked appliances (NA). Currently, the architecture of communication among NAs can be classified into two categories. One is focusing on that NAs communicate with each other within an LAN, while the other is accessing NAs through a residential gateway (RGW). The former has a limitation that users can only access their appliances within an LAN; the latter is that any communication message among NAs has to be sent to the RGW, and the RGW forwards the message to the destination, which raises the overhead of the RGW.
We propose a platform which enables user’s NAs to communicate with each other on the Internet, and manage NAs into groups. We use dual-connection device authentication to authenticate user’s NAs, and a Kerberos-like architecture for service request authorization. The platform accommodates Personal Device Groups (PDG) and User Groups (UG). A PDG includes a user’s own NAs such that a user can access his/her NAs conveniently and securely. A UG involves NAs of different users, providing resources sharing, such as file sharing and streaming service to others.
For group access control, each member maintains an identical group key. The group key can be used for the message authentication and to ensure the message is indeed from a group member. In addition, we take the backward and forward secrecy into account; therefore, the group key has to be refreshed when a user joins or leaves a group. We are based on Diffie-Hellman key exchange algorithm for key agreement and distributing the group key using multicast for efficiency.
|
|---|
