| 摘要 |
As described in ATM Forum’s Security 1.1 Specification [1], cryptographic synchronization for confidentiality
algorithms using counter mode and all Key Update operations are maintained though the use of User OAM (Operation
and Maintenance) cells. Without taking care during call establishment of a Constant Bit Rate (CBR) connection,
however, a User OAM cell introduced by the security device on behalf of the users will likely cause a non-compliant cell
to be detected and policed. Either the User OAM cell or the subsequent data cell will be lost depending on where the
cell is inserted with respect to the traffic flow. This data loss may result in undecipherable user traffic until the next
synchronization cell is successfully passed.
Starting in User-Network Interface Signaling Specification (UNI) 4.1 [2], and Private Network to Network Interface
(PNNI) 1.1 [3], support for the OAM Traffic Descriptor Information Element (IE) was introduced to facilitate separate
policing of user and OAM traffic. This supports a robust implementation of ATM Security in a CBR environment. The
OAM Traffic Descriptor IE was developed to allow up to an additional 1% of the requested user traffic to be dedicated
to User OAM cells. This allows the UNI or PNNI interfaces to identify and to police separately the user data and the
User OAM cell. |
