移動(dòng)IPv6網(wǎng)絡(luò)安全移動(dòng)性管理技術(shù)研究
發(fā)布時(shí)間:2018-09-12 19:19
【摘要】:近年來(lái),Internet網(wǎng)絡(luò)互聯(lián)技術(shù)和移動(dòng)通信技術(shù)的高速發(fā)展帶動(dòng)了以IP技術(shù)為核心的移動(dòng)互聯(lián)網(wǎng)的發(fā)展。移動(dòng)IPv6技術(shù)以其出色的移動(dòng)性支持成為移動(dòng)互聯(lián)網(wǎng)首選組網(wǎng)協(xié)議。然而,移動(dòng)網(wǎng)絡(luò)環(huán)境的開(kāi)放性、拓?fù)涞膭?dòng)態(tài)性使得移動(dòng)IPv6網(wǎng)絡(luò)面臨諸如中間人攻擊、DoS攻擊等各種安全威脅,而且在移動(dòng)切換、數(shù)據(jù)傳輸?shù)韧ㄐ胚^(guò)程中移動(dòng)IPv6協(xié)議并未提供任何安全保護(hù)措施,移動(dòng)IPv6網(wǎng)絡(luò)安全問(wèn)題十分突出。此外與移動(dòng)性相關(guān)的移動(dòng)IPv6切換及注冊(cè)綁定更新等過(guò)程引發(fā)的延時(shí)問(wèn)題嚴(yán)重影響了網(wǎng)絡(luò)的整體性能,進(jìn)而影響了用戶獲取的服務(wù)質(zhì)量。因此,研究移動(dòng)IPv6網(wǎng)絡(luò)環(huán)境下的安全移動(dòng)性管理技術(shù)具有重要的理論意義和應(yīng)用價(jià)值。本文對(duì)此展開(kāi)了深入研究。 本文首先深入分析了移動(dòng)IPv6網(wǎng)絡(luò)安全管理機(jī)制、移動(dòng)IPv6切換管理與性能優(yōu)化、移動(dòng)IPv6子網(wǎng)安全與切換性能以及多宿移動(dòng)子網(wǎng)的流量控制問(wèn)題;然后設(shè)計(jì)了一套面向MIPv6網(wǎng)絡(luò)的IP層安全架構(gòu),并基于該安全架構(gòu)對(duì)MIPv6網(wǎng)絡(luò)、移動(dòng)子網(wǎng)以及多宿移動(dòng)子網(wǎng)中的安全移動(dòng)性管理技術(shù)進(jìn)行了深入研究,提出了解決方案。本文的主要研究?jī)?nèi)容和成果如下: 1.針對(duì)MIPv6網(wǎng)絡(luò)移動(dòng)性管理中的安全問(wèn)題,基于對(duì)IPv6內(nèi)嵌的IPSec協(xié)議的擴(kuò)展,提出了一套MIPv6網(wǎng)絡(luò)的IP層安全架構(gòu)——MIPSec協(xié)議。該協(xié)議主要從業(yè)務(wù)流協(xié)議安全增強(qiáng)、安全策略優(yōu)化、移動(dòng)性的上下文支持、認(rèn)證協(xié)議增強(qiáng)與擴(kuò)展等幾個(gè)方面做了設(shè)計(jì)和改進(jìn),使改進(jìn)的協(xié)議不僅能夠滿足MIPv6網(wǎng)絡(luò)移動(dòng)性產(chǎn)生的安全需求,而且也為MIPv6通信提供了端到端的安全保護(hù),有效抵抗各類網(wǎng)絡(luò)攻擊。 2.針對(duì)MIPv6切換過(guò)程引入安全機(jī)制導(dǎo)致的延時(shí)過(guò)大的問(wèn)題,提出了一種融合認(rèn)證機(jī)制的安全快速的MIPv6切換方法。該方法在MIPSec安全架構(gòu)下,利用FMIPv6切換信令,融合認(rèn)證信息,實(shí)現(xiàn)切換與認(rèn)證并發(fā)執(zhí)行,消減了安全切換過(guò)程的復(fù)雜性,大大降低了接入認(rèn)證給移動(dòng)切換過(guò)程帶來(lái)的延時(shí)開(kāi)銷。 3.針對(duì)移動(dòng)子網(wǎng)(NEMO)切換過(guò)程中的安全和性能問(wèn)題,提出了安全異步切換方法。移動(dòng)網(wǎng)絡(luò)基本協(xié)議中采用網(wǎng)絡(luò)嵌套結(jié)構(gòu)和隧道機(jī)制來(lái)處理移動(dòng)切換問(wèn)題,除了移動(dòng)路由器本身的切換延時(shí),網(wǎng)絡(luò)嵌套結(jié)構(gòu)帶來(lái)的迂回路由過(guò)程以及額外的認(rèn)證過(guò)程使切換延時(shí)進(jìn)一步增大,服務(wù)質(zhì)量下降。本文充分考慮了移動(dòng)網(wǎng)絡(luò)特點(diǎn),提出了移動(dòng)子網(wǎng)移動(dòng)路由器與移動(dòng)網(wǎng)絡(luò)節(jié)點(diǎn)分離的安全異步切換方法。該方法利用融合認(rèn)證機(jī)制的快速切換方法實(shí)現(xiàn)移動(dòng)路由器切換,使用授權(quán)前綴機(jī)制實(shí)現(xiàn)路由優(yōu)化以及移動(dòng)網(wǎng)絡(luò)內(nèi)節(jié)點(diǎn)切換。與基本NEMO協(xié)議相比,該方法不但實(shí)現(xiàn)了路由優(yōu)化,而且能夠保障安全性,并降低切換延時(shí)。 4.多宿移動(dòng)子網(wǎng)是為了提高移動(dòng)子網(wǎng)可靠性而提出的一種移動(dòng)網(wǎng)絡(luò)結(jié)構(gòu),該網(wǎng)絡(luò)可以擁有多個(gè)移動(dòng)路由器,本文針對(duì)此類網(wǎng)絡(luò)中路由器選擇存在單點(diǎn)失效而導(dǎo)致的安全及流量不均衡導(dǎo)致網(wǎng)絡(luò)擁堵問(wèn)題,,提出了一種基于信任的多宿移動(dòng)子網(wǎng)安全路由選擇方法。該方法基于多屬性決策理論建立節(jié)點(diǎn)主觀信任模型,并對(duì)每個(gè)移動(dòng)路由器節(jié)點(diǎn)進(jìn)行信任值評(píng)估,移動(dòng)網(wǎng)絡(luò)節(jié)點(diǎn)在進(jìn)行接入路由器選擇時(shí),依據(jù)信任值最高者擇優(yōu)選擇,從而避免了單點(diǎn)失效問(wèn)題,增強(qiáng)安全性,均衡了網(wǎng)絡(luò)流量,提高了網(wǎng)絡(luò)整體性能。
[Abstract]:In recent years, the rapid development of Internet interconnection technology and mobile communication technology has led to the development of mobile Internet with IP technology as its core. Mobile IPv6 technology with its excellent mobility support has become the preferred networking protocol for mobile Internet. However, the open mobile network environment and the dynamic topology make mobile IPv6 network face. There are many security threats such as man-in-the-middle attack, DoS attack and so on, and the mobile IPv6 protocol does not provide any security protection measures in the process of mobile handover and data transmission. The security problem of mobile IPv6 network is very prominent. In addition, the delay caused by mobile IPv6 handover and registration binding updating related to mobility is serious. Therefore, it is of great theoretical significance and application value to study the security mobility management technology in mobile IPv6 network environment.
Firstly, this paper analyzes the security management mechanism of mobile IPv6 network, the handoff management and performance optimization of mobile IPv6, the security and handoff performance of mobile IPv6 subnet, and the traffic control problem of multi-homing mobile subnet. Then, an IP layer security architecture for MIPv6 network is designed, and based on this security architecture, MIPv6 network and mobile subnet are implemented. And the security mobility management technology in multi-hosted mobile subnet is deeply studied, and the solution is proposed.
1. Aiming at the security problem in the mobility management of MIPv6 network, based on the extension of IPSec protocol embedded in IPv6, a new IP layer security architecture of MIPv6 network, MIPSec protocol, is proposed. This protocol mainly includes the security enhancement of service flow protocol, security policy optimization, mobility context support, authentication protocol enhancement and extension. The improved protocol can not only meet the security requirements of MIPv6 network mobility, but also provide end-to-end security protection for MIPv6 communication and effectively resist various network attacks.
2. Aiming at the problem of excessive delay caused by introducing security mechanism into MIPv6 handover process, a fast and secure MIPv6 handover method based on authentication mechanism is proposed. Under MIPSec security framework, FMIPv6 handover signaling is used to fuse authentication information to realize handover and authentication concurrent execution, which reduces the complexity of security handover process. Greatly reduces the delay cost of access authentication to mobile handover process.
3. Aiming at the security and performance problems in handoff process of mobile subnet (NEMO), a secure asynchronous handoff method is proposed. In the basic protocol of mobile network, network nesting structure and tunnel mechanism are used to deal with the handoff problem. In addition to handoff delay of mobile router itself, the roundabout loop caused by network nesting structure is processed and additional. Authentication process further increases handoff delay and decreases the quality of service. Considering the characteristics of mobile networks, this paper proposes a secure asynchronous handoff method for separating mobile routers from mobile nodes in mobile subnetworks. This method uses fast handoff method based on fusion authentication mechanism to implement handoff of mobile routers, and uses authorization prefix mechanism. Compared with the basic NEMO protocol, this method not only realizes routing optimization, but also ensures security and reduces handoff delay.
4. Multicast mobile subnet is a kind of mobile network structure proposed to improve the reliability of mobile subnet. The network can have multiple mobile routers. In this paper, we propose a trust-based multihop mobile network to solve the security and traffic congestion problems caused by single point failure of router selection in such networks. Subnet security routing method based on multi-attribute decision theory establishes a node subjective trust model and evaluates the trust value of each mobile router node. When choosing access router, the mobile network node chooses the best choice according to the highest trust value, so as to avoid single point failure, enhance security and balance. The network traffic improves the overall performance of the network.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2239985
[Abstract]:In recent years, the rapid development of Internet interconnection technology and mobile communication technology has led to the development of mobile Internet with IP technology as its core. Mobile IPv6 technology with its excellent mobility support has become the preferred networking protocol for mobile Internet. However, the open mobile network environment and the dynamic topology make mobile IPv6 network face. There are many security threats such as man-in-the-middle attack, DoS attack and so on, and the mobile IPv6 protocol does not provide any security protection measures in the process of mobile handover and data transmission. The security problem of mobile IPv6 network is very prominent. In addition, the delay caused by mobile IPv6 handover and registration binding updating related to mobility is serious. Therefore, it is of great theoretical significance and application value to study the security mobility management technology in mobile IPv6 network environment.
Firstly, this paper analyzes the security management mechanism of mobile IPv6 network, the handoff management and performance optimization of mobile IPv6, the security and handoff performance of mobile IPv6 subnet, and the traffic control problem of multi-homing mobile subnet. Then, an IP layer security architecture for MIPv6 network is designed, and based on this security architecture, MIPv6 network and mobile subnet are implemented. And the security mobility management technology in multi-hosted mobile subnet is deeply studied, and the solution is proposed.
1. Aiming at the security problem in the mobility management of MIPv6 network, based on the extension of IPSec protocol embedded in IPv6, a new IP layer security architecture of MIPv6 network, MIPSec protocol, is proposed. This protocol mainly includes the security enhancement of service flow protocol, security policy optimization, mobility context support, authentication protocol enhancement and extension. The improved protocol can not only meet the security requirements of MIPv6 network mobility, but also provide end-to-end security protection for MIPv6 communication and effectively resist various network attacks.
2. Aiming at the problem of excessive delay caused by introducing security mechanism into MIPv6 handover process, a fast and secure MIPv6 handover method based on authentication mechanism is proposed. Under MIPSec security framework, FMIPv6 handover signaling is used to fuse authentication information to realize handover and authentication concurrent execution, which reduces the complexity of security handover process. Greatly reduces the delay cost of access authentication to mobile handover process.
3. Aiming at the security and performance problems in handoff process of mobile subnet (NEMO), a secure asynchronous handoff method is proposed. In the basic protocol of mobile network, network nesting structure and tunnel mechanism are used to deal with the handoff problem. In addition to handoff delay of mobile router itself, the roundabout loop caused by network nesting structure is processed and additional. Authentication process further increases handoff delay and decreases the quality of service. Considering the characteristics of mobile networks, this paper proposes a secure asynchronous handoff method for separating mobile routers from mobile nodes in mobile subnetworks. This method uses fast handoff method based on fusion authentication mechanism to implement handoff of mobile routers, and uses authorization prefix mechanism. Compared with the basic NEMO protocol, this method not only realizes routing optimization, but also ensures security and reduces handoff delay.
4. Multicast mobile subnet is a kind of mobile network structure proposed to improve the reliability of mobile subnet. The network can have multiple mobile routers. In this paper, we propose a trust-based multihop mobile network to solve the security and traffic congestion problems caused by single point failure of router selection in such networks. Subnet security routing method based on multi-attribute decision theory establishes a node subjective trust model and evaluates the trust value of each mobile router node. When choosing access router, the mobile network node chooses the best choice according to the highest trust value, so as to avoid single point failure, enhance security and balance. The network traffic improves the overall performance of the network.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 黃松華;丁峰;黃皓;;支持負(fù)載均衡和路由優(yōu)化的網(wǎng)絡(luò)移動(dòng)增強(qiáng)協(xié)議[J];東南大學(xué)學(xué)報(bào)(自然科學(xué)版);2010年01期
2 蘇偉;張宏科;;一種移動(dòng)網(wǎng)絡(luò)中的路由優(yōu)化模型[J];電子學(xué)報(bào);2007年07期
3 楊水根;秦雅娟;周華春;張宏科;;基于身份與位置分離的嵌套移動(dòng)網(wǎng)絡(luò)路由優(yōu)化機(jī)制[J];電子學(xué)報(bào);2008年07期
4 李俊;葛敬國(guó);;NEMO移動(dòng)網(wǎng)絡(luò)及其路由優(yōu)化技術(shù)[J];計(jì)算機(jī)科學(xué);2006年06期
5 田野;張玉軍;張瀚文;李忠誠(chéng);;移動(dòng)IPv6網(wǎng)絡(luò)基于身份的層次化接入認(rèn)證機(jī)制[J];計(jì)算機(jī)學(xué)報(bào);2007年06期
6 黃松華;孫玉星;黃皓;陳貴海;;支持路徑選擇與快速切換的移動(dòng)網(wǎng)絡(luò)接入路由器安全Mesh(英文)[J];計(jì)算機(jī)學(xué)報(bào);2009年03期
7 高翔,李亞敏,郭玉東,馬紅途;IKEv2協(xié)議安全性分析與改進(jìn)[J];計(jì)算機(jī)應(yīng)用;2005年03期
8 黃松華;梁維泰;;網(wǎng)絡(luò)移動(dòng)無(wú)縫切換機(jī)理研究[J];中國(guó)電子科學(xué)研究院學(xué)報(bào);2013年03期
9 陳煒,龍翔,高小鵬;一種用于移動(dòng)IPv6的混合認(rèn)證方法[J];軟件學(xué)報(bào);2005年09期
10 韓旭東;湯雋;郭玉東;;新一代IPSec密鑰交換規(guī)范IKEv2的研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年11期
本文編號(hào):2239985
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2239985.html
最近更新
教材專著
