移動IPv6網(wǎng)絡(luò)安全移動性管理技術(shù)研究
發(fā)布時間:2018-09-12 19:19
【摘要】:近年來,Internet網(wǎng)絡(luò)互聯(lián)技術(shù)和移動通信技術(shù)的高速發(fā)展帶動了以IP技術(shù)為核心的移動互聯(lián)網(wǎng)的發(fā)展。移動IPv6技術(shù)以其出色的移動性支持成為移動互聯(lián)網(wǎng)首選組網(wǎng)協(xié)議。然而,移動網(wǎng)絡(luò)環(huán)境的開放性、拓撲的動態(tài)性使得移動IPv6網(wǎng)絡(luò)面臨諸如中間人攻擊、DoS攻擊等各種安全威脅,而且在移動切換、數(shù)據(jù)傳輸?shù)韧ㄐ胚^程中移動IPv6協(xié)議并未提供任何安全保護措施,移動IPv6網(wǎng)絡(luò)安全問題十分突出。此外與移動性相關(guān)的移動IPv6切換及注冊綁定更新等過程引發(fā)的延時問題嚴重影響了網(wǎng)絡(luò)的整體性能,進而影響了用戶獲取的服務(wù)質(zhì)量。因此,研究移動IPv6網(wǎng)絡(luò)環(huán)境下的安全移動性管理技術(shù)具有重要的理論意義和應(yīng)用價值。本文對此展開了深入研究。 本文首先深入分析了移動IPv6網(wǎng)絡(luò)安全管理機制、移動IPv6切換管理與性能優(yōu)化、移動IPv6子網(wǎng)安全與切換性能以及多宿移動子網(wǎng)的流量控制問題;然后設(shè)計了一套面向MIPv6網(wǎng)絡(luò)的IP層安全架構(gòu),并基于該安全架構(gòu)對MIPv6網(wǎng)絡(luò)、移動子網(wǎng)以及多宿移動子網(wǎng)中的安全移動性管理技術(shù)進行了深入研究,提出了解決方案。本文的主要研究內(nèi)容和成果如下: 1.針對MIPv6網(wǎng)絡(luò)移動性管理中的安全問題,基于對IPv6內(nèi)嵌的IPSec協(xié)議的擴展,提出了一套MIPv6網(wǎng)絡(luò)的IP層安全架構(gòu)——MIPSec協(xié)議。該協(xié)議主要從業(yè)務(wù)流協(xié)議安全增強、安全策略優(yōu)化、移動性的上下文支持、認證協(xié)議增強與擴展等幾個方面做了設(shè)計和改進,使改進的協(xié)議不僅能夠滿足MIPv6網(wǎng)絡(luò)移動性產(chǎn)生的安全需求,而且也為MIPv6通信提供了端到端的安全保護,有效抵抗各類網(wǎng)絡(luò)攻擊。 2.針對MIPv6切換過程引入安全機制導(dǎo)致的延時過大的問題,提出了一種融合認證機制的安全快速的MIPv6切換方法。該方法在MIPSec安全架構(gòu)下,利用FMIPv6切換信令,融合認證信息,實現(xiàn)切換與認證并發(fā)執(zhí)行,消減了安全切換過程的復(fù)雜性,大大降低了接入認證給移動切換過程帶來的延時開銷。 3.針對移動子網(wǎng)(NEMO)切換過程中的安全和性能問題,提出了安全異步切換方法。移動網(wǎng)絡(luò)基本協(xié)議中采用網(wǎng)絡(luò)嵌套結(jié)構(gòu)和隧道機制來處理移動切換問題,除了移動路由器本身的切換延時,網(wǎng)絡(luò)嵌套結(jié)構(gòu)帶來的迂回路由過程以及額外的認證過程使切換延時進一步增大,服務(wù)質(zhì)量下降。本文充分考慮了移動網(wǎng)絡(luò)特點,提出了移動子網(wǎng)移動路由器與移動網(wǎng)絡(luò)節(jié)點分離的安全異步切換方法。該方法利用融合認證機制的快速切換方法實現(xiàn)移動路由器切換,使用授權(quán)前綴機制實現(xiàn)路由優(yōu)化以及移動網(wǎng)絡(luò)內(nèi)節(jié)點切換。與基本NEMO協(xié)議相比,該方法不但實現(xiàn)了路由優(yōu)化,而且能夠保障安全性,并降低切換延時。 4.多宿移動子網(wǎng)是為了提高移動子網(wǎng)可靠性而提出的一種移動網(wǎng)絡(luò)結(jié)構(gòu),該網(wǎng)絡(luò)可以擁有多個移動路由器,本文針對此類網(wǎng)絡(luò)中路由器選擇存在單點失效而導(dǎo)致的安全及流量不均衡導(dǎo)致網(wǎng)絡(luò)擁堵問題,,提出了一種基于信任的多宿移動子網(wǎng)安全路由選擇方法。該方法基于多屬性決策理論建立節(jié)點主觀信任模型,并對每個移動路由器節(jié)點進行信任值評估,移動網(wǎng)絡(luò)節(jié)點在進行接入路由器選擇時,依據(jù)信任值最高者擇優(yōu)選擇,從而避免了單點失效問題,增強安全性,均衡了網(wǎng)絡(luò)流量,提高了網(wǎng)絡(luò)整體性能。
[Abstract]:In recent years, the rapid development of Internet interconnection technology and mobile communication technology has led to the development of mobile Internet with IP technology as its core. Mobile IPv6 technology with its excellent mobility support has become the preferred networking protocol for mobile Internet. However, the open mobile network environment and the dynamic topology make mobile IPv6 network face. There are many security threats such as man-in-the-middle attack, DoS attack and so on, and the mobile IPv6 protocol does not provide any security protection measures in the process of mobile handover and data transmission. The security problem of mobile IPv6 network is very prominent. In addition, the delay caused by mobile IPv6 handover and registration binding updating related to mobility is serious. Therefore, it is of great theoretical significance and application value to study the security mobility management technology in mobile IPv6 network environment.
Firstly, this paper analyzes the security management mechanism of mobile IPv6 network, the handoff management and performance optimization of mobile IPv6, the security and handoff performance of mobile IPv6 subnet, and the traffic control problem of multi-homing mobile subnet. Then, an IP layer security architecture for MIPv6 network is designed, and based on this security architecture, MIPv6 network and mobile subnet are implemented. And the security mobility management technology in multi-hosted mobile subnet is deeply studied, and the solution is proposed.
1. Aiming at the security problem in the mobility management of MIPv6 network, based on the extension of IPSec protocol embedded in IPv6, a new IP layer security architecture of MIPv6 network, MIPSec protocol, is proposed. This protocol mainly includes the security enhancement of service flow protocol, security policy optimization, mobility context support, authentication protocol enhancement and extension. The improved protocol can not only meet the security requirements of MIPv6 network mobility, but also provide end-to-end security protection for MIPv6 communication and effectively resist various network attacks.
2. Aiming at the problem of excessive delay caused by introducing security mechanism into MIPv6 handover process, a fast and secure MIPv6 handover method based on authentication mechanism is proposed. Under MIPSec security framework, FMIPv6 handover signaling is used to fuse authentication information to realize handover and authentication concurrent execution, which reduces the complexity of security handover process. Greatly reduces the delay cost of access authentication to mobile handover process.
3. Aiming at the security and performance problems in handoff process of mobile subnet (NEMO), a secure asynchronous handoff method is proposed. In the basic protocol of mobile network, network nesting structure and tunnel mechanism are used to deal with the handoff problem. In addition to handoff delay of mobile router itself, the roundabout loop caused by network nesting structure is processed and additional. Authentication process further increases handoff delay and decreases the quality of service. Considering the characteristics of mobile networks, this paper proposes a secure asynchronous handoff method for separating mobile routers from mobile nodes in mobile subnetworks. This method uses fast handoff method based on fusion authentication mechanism to implement handoff of mobile routers, and uses authorization prefix mechanism. Compared with the basic NEMO protocol, this method not only realizes routing optimization, but also ensures security and reduces handoff delay.
4. Multicast mobile subnet is a kind of mobile network structure proposed to improve the reliability of mobile subnet. The network can have multiple mobile routers. In this paper, we propose a trust-based multihop mobile network to solve the security and traffic congestion problems caused by single point failure of router selection in such networks. Subnet security routing method based on multi-attribute decision theory establishes a node subjective trust model and evaluates the trust value of each mobile router node. When choosing access router, the mobile network node chooses the best choice according to the highest trust value, so as to avoid single point failure, enhance security and balance. The network traffic improves the overall performance of the network.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級別】:博士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2239985
[Abstract]:In recent years, the rapid development of Internet interconnection technology and mobile communication technology has led to the development of mobile Internet with IP technology as its core. Mobile IPv6 technology with its excellent mobility support has become the preferred networking protocol for mobile Internet. However, the open mobile network environment and the dynamic topology make mobile IPv6 network face. There are many security threats such as man-in-the-middle attack, DoS attack and so on, and the mobile IPv6 protocol does not provide any security protection measures in the process of mobile handover and data transmission. The security problem of mobile IPv6 network is very prominent. In addition, the delay caused by mobile IPv6 handover and registration binding updating related to mobility is serious. Therefore, it is of great theoretical significance and application value to study the security mobility management technology in mobile IPv6 network environment.
Firstly, this paper analyzes the security management mechanism of mobile IPv6 network, the handoff management and performance optimization of mobile IPv6, the security and handoff performance of mobile IPv6 subnet, and the traffic control problem of multi-homing mobile subnet. Then, an IP layer security architecture for MIPv6 network is designed, and based on this security architecture, MIPv6 network and mobile subnet are implemented. And the security mobility management technology in multi-hosted mobile subnet is deeply studied, and the solution is proposed.
1. Aiming at the security problem in the mobility management of MIPv6 network, based on the extension of IPSec protocol embedded in IPv6, a new IP layer security architecture of MIPv6 network, MIPSec protocol, is proposed. This protocol mainly includes the security enhancement of service flow protocol, security policy optimization, mobility context support, authentication protocol enhancement and extension. The improved protocol can not only meet the security requirements of MIPv6 network mobility, but also provide end-to-end security protection for MIPv6 communication and effectively resist various network attacks.
2. Aiming at the problem of excessive delay caused by introducing security mechanism into MIPv6 handover process, a fast and secure MIPv6 handover method based on authentication mechanism is proposed. Under MIPSec security framework, FMIPv6 handover signaling is used to fuse authentication information to realize handover and authentication concurrent execution, which reduces the complexity of security handover process. Greatly reduces the delay cost of access authentication to mobile handover process.
3. Aiming at the security and performance problems in handoff process of mobile subnet (NEMO), a secure asynchronous handoff method is proposed. In the basic protocol of mobile network, network nesting structure and tunnel mechanism are used to deal with the handoff problem. In addition to handoff delay of mobile router itself, the roundabout loop caused by network nesting structure is processed and additional. Authentication process further increases handoff delay and decreases the quality of service. Considering the characteristics of mobile networks, this paper proposes a secure asynchronous handoff method for separating mobile routers from mobile nodes in mobile subnetworks. This method uses fast handoff method based on fusion authentication mechanism to implement handoff of mobile routers, and uses authorization prefix mechanism. Compared with the basic NEMO protocol, this method not only realizes routing optimization, but also ensures security and reduces handoff delay.
4. Multicast mobile subnet is a kind of mobile network structure proposed to improve the reliability of mobile subnet. The network can have multiple mobile routers. In this paper, we propose a trust-based multihop mobile network to solve the security and traffic congestion problems caused by single point failure of router selection in such networks. Subnet security routing method based on multi-attribute decision theory establishes a node subjective trust model and evaluates the trust value of each mobile router node. When choosing access router, the mobile network node chooses the best choice according to the highest trust value, so as to avoid single point failure, enhance security and balance. The network traffic improves the overall performance of the network.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級別】:博士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 黃松華;丁峰;黃皓;;支持負載均衡和路由優(yōu)化的網(wǎng)絡(luò)移動增強協(xié)議[J];東南大學(xué)學(xué)報(自然科學(xué)版);2010年01期
2 蘇偉;張宏科;;一種移動網(wǎng)絡(luò)中的路由優(yōu)化模型[J];電子學(xué)報;2007年07期
3 楊水根;秦雅娟;周華春;張宏科;;基于身份與位置分離的嵌套移動網(wǎng)絡(luò)路由優(yōu)化機制[J];電子學(xué)報;2008年07期
4 李俊;葛敬國;;NEMO移動網(wǎng)絡(luò)及其路由優(yōu)化技術(shù)[J];計算機科學(xué);2006年06期
5 田野;張玉軍;張瀚文;李忠誠;;移動IPv6網(wǎng)絡(luò)基于身份的層次化接入認證機制[J];計算機學(xué)報;2007年06期
6 黃松華;孫玉星;黃皓;陳貴海;;支持路徑選擇與快速切換的移動網(wǎng)絡(luò)接入路由器安全Mesh(英文)[J];計算機學(xué)報;2009年03期
7 高翔,李亞敏,郭玉東,馬紅途;IKEv2協(xié)議安全性分析與改進[J];計算機應(yīng)用;2005年03期
8 黃松華;梁維泰;;網(wǎng)絡(luò)移動無縫切換機理研究[J];中國電子科學(xué)研究院學(xué)報;2013年03期
9 陳煒,龍翔,高小鵬;一種用于移動IPv6的混合認證方法[J];軟件學(xué)報;2005年09期
10 韓旭東;湯雋;郭玉東;;新一代IPSec密鑰交換規(guī)范IKEv2的研究[J];計算機工程與設(shè)計;2007年11期
本文編號:2239985
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2239985.html
最近更新
教材專著
