当前位置:主页 > 管理论文 > 移动网络论文 >

移动IPv6网络安全移动性管理技术研究

发布时间:2018-09-12 19:19
【摘要】:近年来,Internet网络互联技术和移动通信技术的高速发展带动了以IP技术为核心的移动互联网的发展。移动IPv6技术以其出色的移动性支持成为移动互联网首选组网协议。然而,移动网络环境的开放性、拓扑的动态性使得移动IPv6网络面临诸如中间人攻击、DoS攻击等各种安全威胁,而且在移动切换、数据传输等通信过程中移动IPv6协议并未提供任何安全保护措施,移动IPv6网络安全问题十分突出。此外与移动性相关的移动IPv6切换及注册绑定更新等过程引发的延时问题严重影响了网络的整体性能,进而影响了用户获取的服务质量。因此,研究移动IPv6网络环境下的安全移动性管理技术具有重要的理论意义和应用价值。本文对此展开了深入研究。 本文首先深入分析了移动IPv6网络安全管理机制、移动IPv6切换管理与性能优化、移动IPv6子网安全与切换性能以及多宿移动子网的流量控制问题;然后设计了一套面向MIPv6网络的IP层安全架构,并基于该安全架构对MIPv6网络、移动子网以及多宿移动子网中的安全移动性管理技术进行了深入研究,提出了解决方案。本文的主要研究内容和成果如下: 1.针对MIPv6网络移动性管理中的安全问题,基于对IPv6内嵌的IPSec协议的扩展,提出了一套MIPv6网络的IP层安全架构——MIPSec协议。该协议主要从业务流协议安全增强、安全策略优化、移动性的上下文支持、认证协议增强与扩展等几个方面做了设计和改进,使改进的协议不仅能够满足MIPv6网络移动性产生的安全需求,而且也为MIPv6通信提供了端到端的安全保护,有效抵抗各类网络攻击。 2.针对MIPv6切换过程引入安全机制导致的延时过大的问题,提出了一种融合认证机制的安全快速的MIPv6切换方法。该方法在MIPSec安全架构下,利用FMIPv6切换信令,融合认证信息,实现切换与认证并发执行,消减了安全切换过程的复杂性,大大降低了接入认证给移动切换过程带来的延时开销。 3.针对移动子网(NEMO)切换过程中的安全和性能问题,提出了安全异步切换方法。移动网络基本协议中采用网络嵌套结构和隧道机制来处理移动切换问题,除了移动路由器本身的切换延时,网络嵌套结构带来的迂回路由过程以及额外的认证过程使切换延时进一步增大,服务质量下降。本文充分考虑了移动网络特点,提出了移动子网移动路由器与移动网络节点分离的安全异步切换方法。该方法利用融合认证机制的快速切换方法实现移动路由器切换,使用授权前缀机制实现路由优化以及移动网络内节点切换。与基本NEMO协议相比,该方法不但实现了路由优化,而且能够保障安全性,并降低切换延时。 4.多宿移动子网是为了提高移动子网可靠性而提出的一种移动网络结构,该网络可以拥有多个移动路由器,本文针对此类网络中路由器选择存在单点失效而导致的安全及流量不均衡导致网络拥堵问题,,提出了一种基于信任的多宿移动子网安全路由选择方法。该方法基于多属性决策理论建立节点主观信任模型,并对每个移动路由器节点进行信任值评估,移动网络节点在进行接入路由器选择时,依据信任值最高者择优选择,从而避免了单点失效问题,增强安全性,均衡了网络流量,提高了网络整体性能。
[Abstract]:In recent years, the rapid development of Internet interconnection technology and mobile communication technology has led to the development of mobile Internet with IP technology as its core. Mobile IPv6 technology with its excellent mobility support has become the preferred networking protocol for mobile Internet. However, the open mobile network environment and the dynamic topology make mobile IPv6 network face. There are many security threats such as man-in-the-middle attack, DoS attack and so on, and the mobile IPv6 protocol does not provide any security protection measures in the process of mobile handover and data transmission. The security problem of mobile IPv6 network is very prominent. In addition, the delay caused by mobile IPv6 handover and registration binding updating related to mobility is serious. Therefore, it is of great theoretical significance and application value to study the security mobility management technology in mobile IPv6 network environment.
Firstly, this paper analyzes the security management mechanism of mobile IPv6 network, the handoff management and performance optimization of mobile IPv6, the security and handoff performance of mobile IPv6 subnet, and the traffic control problem of multi-homing mobile subnet. Then, an IP layer security architecture for MIPv6 network is designed, and based on this security architecture, MIPv6 network and mobile subnet are implemented. And the security mobility management technology in multi-hosted mobile subnet is deeply studied, and the solution is proposed.
1. Aiming at the security problem in the mobility management of MIPv6 network, based on the extension of IPSec protocol embedded in IPv6, a new IP layer security architecture of MIPv6 network, MIPSec protocol, is proposed. This protocol mainly includes the security enhancement of service flow protocol, security policy optimization, mobility context support, authentication protocol enhancement and extension. The improved protocol can not only meet the security requirements of MIPv6 network mobility, but also provide end-to-end security protection for MIPv6 communication and effectively resist various network attacks.
2. Aiming at the problem of excessive delay caused by introducing security mechanism into MIPv6 handover process, a fast and secure MIPv6 handover method based on authentication mechanism is proposed. Under MIPSec security framework, FMIPv6 handover signaling is used to fuse authentication information to realize handover and authentication concurrent execution, which reduces the complexity of security handover process. Greatly reduces the delay cost of access authentication to mobile handover process.
3. Aiming at the security and performance problems in handoff process of mobile subnet (NEMO), a secure asynchronous handoff method is proposed. In the basic protocol of mobile network, network nesting structure and tunnel mechanism are used to deal with the handoff problem. In addition to handoff delay of mobile router itself, the roundabout loop caused by network nesting structure is processed and additional. Authentication process further increases handoff delay and decreases the quality of service. Considering the characteristics of mobile networks, this paper proposes a secure asynchronous handoff method for separating mobile routers from mobile nodes in mobile subnetworks. This method uses fast handoff method based on fusion authentication mechanism to implement handoff of mobile routers, and uses authorization prefix mechanism. Compared with the basic NEMO protocol, this method not only realizes routing optimization, but also ensures security and reduces handoff delay.
4. Multicast mobile subnet is a kind of mobile network structure proposed to improve the reliability of mobile subnet. The network can have multiple mobile routers. In this paper, we propose a trust-based multihop mobile network to solve the security and traffic congestion problems caused by single point failure of router selection in such networks. Subnet security routing method based on multi-attribute decision theory establishes a node subjective trust model and evaluates the trust value of each mobile router node. When choosing access router, the mobile network node chooses the best choice according to the highest trust value, so as to avoid single point failure, enhance security and balance. The network traffic improves the overall performance of the network.
【学位授予单位】:西安电子科技大学
【学位级别】:博士
【学位授予年份】:2014
【分类号】:TP393.08

【参考文献】

相关期刊论文 前10条

1 黄松华;丁峰;黄皓;;支持负载均衡和路由优化的网络移动增强协议[J];东南大学学报(自然科学版);2010年01期

2 苏伟;张宏科;;一种移动网络中的路由优化模型[J];电子学报;2007年07期

3 杨水根;秦雅娟;周华春;张宏科;;基于身份与位置分离的嵌套移动网络路由优化机制[J];电子学报;2008年07期

4 李俊;葛敬国;;NEMO移动网络及其路由优化技术[J];计算机科学;2006年06期

5 田野;张玉军;张瀚文;李忠诚;;移动IPv6网络基于身份的层次化接入认证机制[J];计算机学报;2007年06期

6 黄松华;孙玉星;黄皓;陈贵海;;支持路径选择与快速切换的移动网络接入路由器安全Mesh(英文)[J];计算机学报;2009年03期

7 高翔,李亚敏,郭玉东,马红途;IKEv2协议安全性分析与改进[J];计算机应用;2005年03期

8 黄松华;梁维泰;;网络移动无缝切换机理研究[J];中国电子科学研究院学报;2013年03期

9 陈炜,龙翔,高小鹏;一种用于移动IPv6的混合认证方法[J];软件学报;2005年09期

10 韩旭东;汤隽;郭玉东;;新一代IPSec密钥交换规范IKEv2的研究[J];计算机工程与设计;2007年11期



本文编号:2239985

资料下载
论文发表

本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2239985.html


Copyright(c)文论论文网All Rights Reserved | 网站地图 |

版权申明:资料由用户5e009***提供,本站仅收录摘要或目录,作者需要删除请E-mail邮箱bigeng88@qq.com