Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Video Conferencing Authentication : A Key Management Protocol Design for safety

화상상담 인증 : 안전한 키 관리 프로토콜 설계

  • 정용득 (한세대학교 정보통신학부)
  • Received : 2010.09.27
  • Accepted : 2010.10.11
  • Published : 2010.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

There is an authentication method for participants with an encrypted ID and password as a symmetric-key in multilateral video conferencing. It is hard to manage when the security-keys makes many while the transportation processing for the encryption and decryption get complicated when the video conferencing involves a number of participants and the third party as an attackers to gain unauthorized symmetric-key to access video conference which makes a problem less secrecy. This study suggests three ways to enhance security in video conference: first, we present PKI-based X.509 certificate for authenticating the participants of multilateral conferencing and we suggest to encode and decode the video conference media data using a secrecy key created by each of the conference participants; second, a more secured multilateral video conferencing can be expected in a group communication by using the participants secrecy key in creating and distributing group keys, where the group key will be renewed whenever there is change in the group member; and finally, we suggest to encode the RTP payload of the media data before transmission.

다자간 화상상담에서 회의 참여자의 인증을 위해 참여자의 ID와 패스워드를 대칭키로 암호화하여 전송하는 방식은 비밀키의 수가 많아지게 되어 암호화와 복호화를 위한 키의 관리가 어렵다는 것과, 제3자가 대칭키를 스니핑 할 수 있어서 화상상담의 보안성이 떨어지는 문제점이 있다. 본 논문에서는 화상상담에서 보안성을 높이기 위해, 첫째, 다수의 회의 참여자를 PKI 기반의 X.509 인증서로 인증하고, 둘째, 영상통신에서 참여자의 개인키를 교환하여 세션공유키로 만들고 세션공유키의 조합을 통해 키를 만들어 참여자가 바뀔 때마다 키를 갱신하였다. 셋째, 화상회의시 전송되는 미디어 데이터의 RTP 페이로드를 암호화하여 전송함으로써 보안성을 높였다.

Keywords

References

  1. ITU-T Online site http:/ /www.itu.int/ rec/ recomm-endation.asp?type=folders &lang=e&parent=T-REC -H.323
  2. E. Rescorla, "Diffie-Hellman Key Agreement Method", IETF RFC 2631, 1999.
  3. L. Berc, W. Fenner, R. Frederick, and S. McCanne, "RTP Payload Format for JPEG-compressed Video," RFC 2035, October, 1996.
  4. L.Lo Iacono and C.Ruland, "Confidential Multimedia Communication in IP Networks", Proceedings of 8th IEEE International Conference on communication Systems, Singapore, 2002.
  5. M. Baugher, D.McGrew, D.Oran, R. Blom, E.Carrara, M,Naslund, and K.Norrman, "The Secure Real-time Transport Protocol", IETF RFC 3711, 2004.
  6. M.Handley, H.Schulzrinne, E.Schooler, and J.Rosenberg, "SIP : Session Initiation Protocol", IETF RFC 3261, 2002.
  7. Giuseppe Ateniese, Michael Steiner, and Gene Tsudik, "New Multiparty Authentication Services and Key Agreement Protocols". IEEE Journal on selected areas in communication, Vol. 18,No.4, April 2000.
  8. R. Rivest, A Description of the RC2(r), "Encryption Algorithm", IETF RFC 2268, 1998.
  9. Radha Poovendran and John S.Baras, "An Information Theoretic Approach for Design and Analysis of Rooted Tree Based Multicast key Management Schemes", IEEE Transaction on Information Theory, Vol.47, No.7, November 2001.
  10. Richard J,Spillman, "Classical and Contemporary Cryptology", Pearson PrenticeHall, 2005.
  11. Sandra Rafaeli and David Hutchison, "A Survey of Key Management for Secure Group Commu nication" ACM Computing Surveys, Vol. 35, No.3, September 2003, pp.309-329. https://doi.org/10.1145/937503.937506
  12. William stallings, "Cryptography and Network security", Prentice Hall, 1998.
  13. Yong-Deug Jung, Dae-Woo Park, and Moon-Seog Jun, "The Analysis of New Video Conference System for Secure Communications", GESTS International Trans-action on Computer Science and Engineering Volume 2, Number 1, March 2005.
  14. O.Rodeh, K.P.Birman, and D.Dolev, "Optimized Group Rekey for Group Communication Systems", Network and Distributed Systems Security, 2000.