ImageVerifierCode 换一换
格式:PDF , 页数:64 ,大小:388.90KB ,
资源ID:797435      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-797435.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T H 235 0-2014 H 323 security Framework for security in ITU-T H-series (ITU-T H 323 and other ITU-T H 245-based) multimedia systems (Study Group 16)《H 323安全 国际电信联盟-电信标准局的H系列的安全.pdf)为本站会员(周芸)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T H 235 0-2014 H 323 security Framework for security in ITU-T H-series (ITU-T H 323 and other ITU-T H 245-based) multimedia systems (Study Group 16)《H 323安全 国际电信联盟-电信标准局的H系列的安全.pdf

1、 International Telecommunication Union ITU-T H.235.0TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2014) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Systems aspects H.323 security: Framework for security in ITU-T H-series (ITU-T H.323 and other ITU-T H.245

2、-based) multimedia systems Recommendation ITU-T H.235.0 ITU-T H-SERIES RECOMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems

3、aspects H.230H.239Communication procedures H.240H.259 Coding of moving video H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Quality of service architec

4、ture for audiovisual and multimedia services H.360H.369 Supplementary services for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mob

5、ile multimedia collaboration applications and services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking procedures H.550H.559 Mobile multimedia collaboration inter-working

6、 procedures H.560H.569 BROADBAND, TRIPLE-PLAY AND ADVANCED MULTIMEDIA SERVICES Broadband multimedia services over VDSL H.610H.619 Advanced multimedia services and applications H.620H.629 Ubiquitous sensor network applications and Internet of Things H.640H.649 IPTV MULTIMEDIA SERVICES AND APPLICATION

7、S FOR IPTV General aspects H.700H.719 IPTV terminal devices H.720H.729 IPTV middleware H.730H.739 IPTV application event handling H.740H.749 IPTV metadata H.750H.759 IPTV multimedia application frameworks H.760H.769 IPTV service discovery up to consumption H.770H.779 Digital Signage H.780H.789 E-HEA

8、LTH MULTIMEDIA SERVICES AND APPLICATIONS Interoperability compliance testing of personal health systems (HRN, PAN, LAN and WAN) H.820H.849 Multimedia e-health data exchange services H.860H.869 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T H.235.0 (01/2014) i Reco

9、mmendation ITU-T H.235.0 H.323 security: Framework for security in ITU-T H-series (ITU-T H.323 and other ITU-T H.245-based) multimedia systems Summary Recommendation ITU-T H.235.0 describes enhancements within the framework of the ITU-T H.3xx-series of Recommendations to incorporate security service

10、s such as authentication and privacy (data encryption). The proposed scheme is applicable to both simple point-to-point and multipoint conferences for any terminals which utilize Recommendation ITU-T H.245 as a control protocol and also to ITU-T H.323 systems that use the ITU-T H.225.0 RAS and/or ca

11、ll signalling protocol. For example, ITU-T H.323 systems operate over packet-based networks which do not provide a guaranteed quality of service (QoS). For the same technical reasons that the base network does not provide QoS, the network does not provide a secure service. Secure real-time communica

12、tion over insecure networks generally involves two major areas of concern authentication and privacy. This Recommendation describes the security infrastructure and specific privacy techniques to be employed by the ITU-T H.3xx-series of multimedia systems. This Recommendation covers areas of concern

13、for interactive conferencing. These areas include, but are not strictly limited to, authentication and privacy of all real-time media streams that are exchanged in the conference. This Recommendation provides the protocol and algorithms needed between the ITU-T H.323 entities. This Recommendation ut

14、ilizes the general facilities supported in Recommendation ITU-T H.245 and as such, any standard which operates in conjunction with this control protocol may use this security framework. It is expected that wherever possible, other ITU-T H-series terminals may interoperate and directly utilize the me

15、thods described in this Recommendation. This Recommendation will not initially provide for complete implementation in all areas and will specifically highlight end-point authentication and media privacy. This Recommendation includes the ability to negotiate services and functionality in a generic ma

16、nner and to be selective concerning cryptographic techniques and capabilities utilized. The specific manner in which they are used relates to systems capabilities, application requirements and specific security policy constraints. This Recommendation supports varied cryptographic algorithms, with va

17、ried options appropriate for different purposes (e.g., key lengths). Certain cryptographic algorithms may be allocated to specific security services (e.g., one for fast media stream encryption and another for signalling encryption). It should also be noted that some of the available cryptographic al

18、gorithms or mechanisms may be reserved for export or other national issues (e.g., with restricted key lengths). This Recommendation supports signalling of well-known algorithms in addition to signalling non-standardized or proprietary cryptographic algorithms. There are no specifically mandated algo

19、rithms; however, it is strongly suggested that end points support as many of the applicable algorithms as possible in order to achieve interoperability. This parallels the concept that the support of Recommendation ITU-T H.245 does not guarantee the interoperability between two entities codecs. Vers

20、ion 4 of Recommendation ITU-T H.235 broke up Recommendation ITU-T H.235 version 3 into a suite of ITU-T H.235.x sub-series Recommendations, and restructures the sub-series. Recommendations ITU-T H.235.8 and ITU-T H.235.9 were added to the suite, other sub-series Recommendations have been extended wi

21、th new functionality (Recommendations ITU-T H.235.3 and ITU-T H.235.5). Recommendation ITU-T H.235.0 contains the ITU-T H.323 security framework with common text and useful general information for all ITU-T H.235.x sub-series Recommendations. ii Rec. ITU-T H.235.0 (01/2014) Appendices IV, V and VI p

22、rovide a mapping of text, figures and tables from Recommendation ITU-T H.235 version 3 (2003), including the subsequent Corrigendum 1 and amendments to the new structure. This revision of Recommendation ITU-T H.235.0 is an enhancement to version 4 to add support for key material with lengths exceedi

23、ng 2048 bits. History Edition Recommendation Approval Study Group Unique ID*1.0 ITU-T H.235.0 2005-09-13 16 11.1002/1000/8592-en 2.0 ITU-T H.235.0 2014-01-13 16 11.1002/1000/12058-en Keywords Authentication, certificate, digital signature, encryption, integrity, key management, multimedia security,

24、security profile. _ *To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. Rec. ITU-T H.235.0 (01/2014) iii FOREWORD The International Telecommunic

25、ation Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff qu

26、estions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendati

27、ons on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation

28、, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability o

29、r applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance

30、 with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or a

31、pplicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to i

32、mplement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2014 All rights reserved. No part of this publication may be reproduced, by an

33、y means whatsoever, without the prior written permission of ITU. iv Rec. ITU-T H.235.0 (01/2014) Table of Contents Page 1 Scope 1 1.1 Structure of ITU-T H.235.x sub-series Recommendations 2 2 References. 2 3 Terms and definitions . 4 3.1 Terms defined elsewhere 4 3.2 Terms defined in this Recommenda

34、tion . 5 4 Abbreviations and acronyms 6 5 Conventions 7 6 System introduction 8 6.1 Summary . 9 6.2 Authentication 9 6.3 Call establishment security . 10 6.4 Call control (ITU-T H.245) security 10 6.5 Media stream privacy . 10 6.6 Trusted elements . 11 6.7 Non-repudiation 11 6.8 Mobility security 11

35、 6.9 Security profiles 12 6.10 Secured NAT/firewall traversal 12 7 Connection establishment procedures 13 8 Authentication signalling and procedures 13 8.1 Diffie-Hellman with optional authentication 13 8.2 Subscription-based authentication 14 8.3 RAS signalling/procedures for authentication 18 8.4

36、Key management on the RAS channel . 21 9 Asymmetric authentication and key exchange using elliptic curve crypto systems . 21 9.1 Key management 22 9.2 Digital signature . 22 10 Pseudo-random function (PRF) 22 11 Security error recovery . 23 11.1 Error signalling . 23 Annex A ITU-T H.235 ASN.1 25 Ann

37、ex B ITU-T H.324-specific topics 31 Appendix I ITU-T H.323 implementation details . 32 I.1 Implementation examples . 32 Appendix II ITU-T H.324 implementation details . 38 Rec. ITU-T H.235.0 (01/2014) v Page Appendix III Other ITU-T H-series implementation details 39 Appendix IV Section mapping of I

38、TU-T H.235v3Amd1Cor1 to ITU-T H.235v4 sub-series Recommendations 40 Appendix V Figure mapping of ITU-T H.235v3Amd1Cor1 to ITU-T H.235v4 sub-series Recommendations 49 Appendix VI Table mapping of ITU-T H.235v3Amd1Cor1 to ITU-T H.235v4 sub-series Recommendations 52 Bibliography. 53 Rec. ITU-T H.235.0

39、(01/2014) 1 Recommendation ITU-T H.235.0 ITU-T H.323 security: Framework for security in ITU-T H-series (ITU-T H.323 and other ITU-T H.245-based) multimedia systems 1 Scope The primary purpose of Recommendation ITU-T H.235.0 is to provide a security framework for authentication, privacy and integrit

40、y within the current ITU-T H-series protocol framework. The current text of this Recommendation provides details on implementation with ITU-T H.323. This framework is expected to operate in conjunction with other ITU-T H-series protocols that utilize ITU-T H.245 as their control protocol and/or use

41、the ITU-T H.225.0 RAS and/or call signalling protocol. Additional goals in this Recommendation include: 1) Security architecture should be developed as an extensible and flexible framework for implementing a security system for ITU-T H-series terminals and other ITU-T H.323-based systems. This shoul

42、d be provided through flexible and independent services and the functionality that they supply. This includes the ability to negotiate and to be selective concerning the cryptographic techniques utilized and the manner in which they are used. 2) Provide security for all communications occurring as a

43、 result of ITU-T H.3xx protocol usage. This includes aspects of connection establishment, call control and media exchange between all entities. This requirement includes the use of confidential communication (privacy) and may exploit functions for peer authentication, as well as protection of the us

44、ers environment from attacks. 3) This Recommendation should not preclude integration of other security functions in ITU-T H.3xx entities which may protect them against attacks from the network. 4) This Recommendation should not limit the ability for any ITU-T H.3xx-series Recommendation to scale as

45、appropriate. This may include both the number of secured users and the levels of security provided. 5) Where appropriate, all mechanisms and facilities should be provided independent of any underlying transport or topologies. Other means that are outside the scope of this Recommendation may be requi

46、red to counter such threats. 6) Provisions are made for operation in a mixed environment (secured and unsecured entities). 7) This Recommendation should provide facilities for distributing session keys associated with the cryptography utilized. (This does not imply that public-key-based certificate

47、management must be part of this Recommendation.) 8) This Recommendation provides two security profiles that facilitate interoperability. ITU-T H.235.1 describes a simple, yet secure password-based security profile while ITU-T H.235.2 is a signature security profile deploying digital signatures, cert

48、ificates and a public-key infrastructure that overcomes the limitations of ITU-T H.235.1. The security architecture described in this Recommendation, does not assume that the participants are familiar with each other. It does, however, assume that appropriate precautions have been taken to physicall

49、y secure the ITU-T H-series end points. The principal security threat to communications therefore is assumed to be eavesdropping on the network, or some other method of diverting media streams. ITU-T H.323 provides the means to conduct an audio, video and data conference between two or more parties, but does not provide the mechanism to allow each participant to authenticate the 2 Rec. ITU-T H.235.0 (01/2014) identity of the other participants, nor provide the means to make the c

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1