基于传输层协议和AAA的移动IPv6安全分析

发布时间：2018-04-13 03:07

  本文选题：移动IPv6 + 安全　； 参考：《云南大学》2016年硕士论文

【摘要】：IPv6作为未来互联网通信的关键技术,其无比庞大的地址库可以有效解决IPv4地址短缺这一难题。而其对移动性的支持也保证其应用范围更加广泛,除了传统通信外,其还可应用于物流网、智能家居、智能汽车和智能可穿戴等领域。但随着其部署的展开,服务质量、切换延迟以及安全方面的问题都突显了出来。特别是安全方面,由于其支持移动性这一特点导致其面临的安全威胁更加复杂。移动IPv6当前使用的安全策略一般是IPSec协议和RRP方法,分别用于保证移动节点在家乡代理上和通信节点上的注册安全。但是在实际部署过程中由于协议本身的缺陷等原因导致安全性和部署的难度并不能很好的平衡。要保证移动IPv6通信的安全,最基本的便是保证其移动节点绑定注册的安全。因此对于如何保证移动IPv6中移动节点与家乡代理之间的通信安全的研究是很有必要的。本文首先详细介绍了移动IPv6的原理、工作机制、相关术语和改进的技术,并与移动IPv4进行了对比。然后对移动IPv6中可能面临的威胁列举介绍,并详细阐述了IPSec协议和RRP协议的工作原理、方法以及流程。在此基础上提出一种利用传输层协议SSL/TLS和AAA技术来保证移动节点与家乡代理之间通信安全的方案。该种方案引入了一个实体并命名为HARR (Home Agent Resolver Router,家乡代理解析路由),利用这个实体建立移动节点与家乡代理之间的安全联盟以供其对绑定注册进行加密性和完整性保护。另外在此基础上对传统的RRP过程进行改进优化,并定义了一个检验模型对优化方案进行检验,结果是该优化方案减少了切换延迟,降低了链路时延对整体时延的影响。
[Abstract]:As the key technology of future Internet communication, IPv6's enormous address library can effectively solve the problem of IPv4 address shortage.Besides traditional communication, it can also be used in logistics network, smart home, intelligent automobile and intelligent wearable field.However, the quality of service, handoff delay and security issues are highlighted as its deployment unfolds.Especially in the aspect of security, its security threats are more complicated because of its mobility support.The current security policies used in mobile IPv6 are generally IPSec protocol and RRP method, which are used to guarantee the registration security of mobile nodes on home agent and communication node respectively.However, due to the defects of the protocol itself, the security and the difficulty of deployment are not well balanced in the actual deployment process.To ensure the security of mobile IPv6 communication, the most basic is to ensure the security of mobile node binding registration.Therefore, it is necessary to study how to ensure the communication security between mobile nodes and home agents in mobile IPv6.In this paper, the principle, working mechanism, related terminology and improved technology of mobile IPv6 are introduced in detail, and compared with mobile IPv4.Then the possible threats in mobile IPv6 are introduced, and the working principle, method and flow of IPSec and RRP protocols are described in detail.On this basis, a scheme is proposed to ensure the security of communication between mobile nodes and home agents by using transport layer protocols SSL/TLS and AAA.This scheme introduces an entity named HARR HARR Agent Resolver Router.The home agent resolves routing and uses this entity to establish a security alliance between mobile node and home agent for encryption and integrity protection of binding registration.In addition, the traditional RRP process is improved and optimized, and a test model is defined to test the optimization scheme. The result is that the optimization scheme reduces the handoff delay and the influence of link delay on the overall delay.
【学位授予单位】：云南大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08
，

本文编号：1742639