基于LTE的智慧标识移动专网服务安全访问机制设计与实现
发布时间:2019-03-24 17:22
【摘要】:随着信息技术的快速发展,互联网在给人们的生活带来众多便捷的同时,也因其原始设计的缺陷带来了诸多的安全问题。为了从根本上克服传统互联网存在的弊端,下一代互联网互联设备国家工程实验室提出了智慧标识网络的新型网络架构,具有更好的安全性和可扩展性。与此同时,通过移动终端接入互联网的规模也在逐年增加,4G时代的主流技术LTE(Long Term Evolution,长期演进)的核心网采用全IP架构,为融合新型网络提供了可能。本文的研究依托于重大安全专项"标识网络技术在移动专网中的应用研究",在基于LTE的智慧标识移动专网中,设计并实现了一套服务安全访问机制,完成了移动用户对于服务的就近获取,同时针对移动用户进行细粒度的服务安全访问控制与防护,进一步保障了标识网络服务资源的安全与提高了移动用户获取服务的效率。本文主要研究基于LTE的智慧标识移动专网服务安全访问机制的设计与实现。首先,本文对LTE及智慧标识网络进行概述,并引出在移动通信网络中加入服务获取功能的协议原理。随后本文对服务安全访问机制进行需求分析与方案设计,之后从代码的角度阐释了各个模块的实现方法。本文设计并实现的主要有:通过在LTE核心网内服务匹配模块与服务缓存模块的设计与实现,完成了移动用户在LTE核心网内就近获取服务的功能需求;通过解析服务器SID(Service Identifier,服务标识)解析模块、PGW上的标识映射模块以及标识专网内路由机制的设计与实现,完成了对用户细粒度的服务访问控制以及服务基于RID(Router Identifier,路由标识)的路由,保障了服务资源的安全并减少了专网内路由冗余;通过用户服务信誉管理表、控制层用户服务管理信息交互以及移动用户攻击行为的检测与防御机制的设计和实现,完成了对基于服务的DOS攻击的检测与防御,保障了了解析服务器的性能安全与正常用户获取服务的可靠性。最后,本文通过搭建测试环境,对安全访问机制进行了功能测试与性能测试。测试结果验证了服务安全访问机制的基本功能,很好地解决了移动用户就近获取服务的需求,同时增强了服务资源的安全性与移动用户获取服务资源的可靠性。文章最后对全文进行总结,为后续工作奠定了良好基础。
[Abstract]:With the rapid development of information technology, Internet not only brings many convenience to people's life, but also brings many security problems because of the defects of its original design. In order to overcome the disadvantages of traditional Internet fundamentally, the National Engineering Laboratory of next Generation Internet Interconnection equipment has put forward a new network architecture of intelligent marking network, which has better security and expansibility. At the same time, the scale of access to the Internet through mobile terminals is increasing year by year. The core network of LTE (Long Term Evolution, the mainstream technology of 4G era, adopts full IP architecture, which makes it possible to integrate new networks. The research of this paper is based on the research on the application of identification network technology in mobile private network, and designs and implements a set of secure access mechanism of service in the intelligent identification mobile private network based on LTE, which is based on the important security special project "the application of marking network technology in mobile private network". At the same time, fine-grained service security access control and protection are carried out for mobile users, which further ensures the security of identifying network service resources and improves the efficiency of mobile users' access to services. This paper mainly studies the design and implementation of secure access mechanism of intelligent identification mobile private network service based on LTE. Firstly, this paper gives an overview of LTE and intelligent identification network, and introduces the protocol principle of adding service acquisition function to mobile communication network. Then this paper analyzes the requirements and the scheme design of the service security access mechanism, and then explains the implementation method of each module from the point of view of code. The main design and implementation of this paper are as follows: through the design and implementation of the service matching module and the service cache module in the LTE core network, the mobile users' functional requirements of getting the service close to the LTE core network have been completed; Through parsing server SID (Service Identifier, service identification) parsing module, identification mapping module on PGW and the design and implementation of identity-specific network routing mechanism, the fine-grained service access control for users and RID (Router Identifier,-based service access control have been completed. Routing (routing identification) ensures the security of service resources and reduces routing redundancy in private networks; Through the design and implementation of user service reputation management table, user service management information interaction in control layer and detection and defense mechanism of mobile user attack behavior, the detection and defense of service-based DOS attack is completed. Guarantee the performance security of the analysis server and the reliability of the normal user to obtain the service. Finally, this paper builds a test environment to test the function and performance of the security access mechanism. The test results verify the basic functions of the service security access mechanism, solve the demand of the mobile users to obtain the service nearby, and enhance the security of the service resources and the reliability of the mobile users' access to the service resources. Finally, the paper summarizes the full text, which lays a good foundation for the follow-up work.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TN929.5
本文编号:2446528
[Abstract]:With the rapid development of information technology, Internet not only brings many convenience to people's life, but also brings many security problems because of the defects of its original design. In order to overcome the disadvantages of traditional Internet fundamentally, the National Engineering Laboratory of next Generation Internet Interconnection equipment has put forward a new network architecture of intelligent marking network, which has better security and expansibility. At the same time, the scale of access to the Internet through mobile terminals is increasing year by year. The core network of LTE (Long Term Evolution, the mainstream technology of 4G era, adopts full IP architecture, which makes it possible to integrate new networks. The research of this paper is based on the research on the application of identification network technology in mobile private network, and designs and implements a set of secure access mechanism of service in the intelligent identification mobile private network based on LTE, which is based on the important security special project "the application of marking network technology in mobile private network". At the same time, fine-grained service security access control and protection are carried out for mobile users, which further ensures the security of identifying network service resources and improves the efficiency of mobile users' access to services. This paper mainly studies the design and implementation of secure access mechanism of intelligent identification mobile private network service based on LTE. Firstly, this paper gives an overview of LTE and intelligent identification network, and introduces the protocol principle of adding service acquisition function to mobile communication network. Then this paper analyzes the requirements and the scheme design of the service security access mechanism, and then explains the implementation method of each module from the point of view of code. The main design and implementation of this paper are as follows: through the design and implementation of the service matching module and the service cache module in the LTE core network, the mobile users' functional requirements of getting the service close to the LTE core network have been completed; Through parsing server SID (Service Identifier, service identification) parsing module, identification mapping module on PGW and the design and implementation of identity-specific network routing mechanism, the fine-grained service access control for users and RID (Router Identifier,-based service access control have been completed. Routing (routing identification) ensures the security of service resources and reduces routing redundancy in private networks; Through the design and implementation of user service reputation management table, user service management information interaction in control layer and detection and defense mechanism of mobile user attack behavior, the detection and defense of service-based DOS attack is completed. Guarantee the performance security of the analysis server and the reliability of the normal user to obtain the service. Finally, this paper builds a test environment to test the function and performance of the security access mechanism. The test results verify the basic functions of the service security access mechanism, solve the demand of the mobile users to obtain the service nearby, and enhance the security of the service resources and the reliability of the mobile users' access to the service resources. Finally, the paper summarizes the full text, which lays a good foundation for the follow-up work.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TN929.5
【参考文献】
相关期刊论文 前10条
1 孙其博;;移动互联网安全综述[J];无线电通信技术;2016年02期
2 刘斌;汪漪;;内容中心网络中名字查找技术的研究[J];电信科学;2014年09期
3 张宏科;陈哲;;智慧协同标识网络[J];中兴通讯技术;2014年04期
4 兰巨龙;程东年;胡宇翔;;可重构信息通信基础网络体系研究[J];通信学报;2014年01期
5 陈小晨;;电信运营商互联网业务解决方案探索[J];科技广场;2013年09期
6 张宏科;黄道超;;智慧标识网络的未来互联网体系[J];电信科学;2013年S1期
7 苏伟;陈佳;周华春;张宏科;;智慧协同网络中的服务机理研究[J];电子学报;2013年07期
8 郜帅;王洪超;王凯;张宏科;;智慧网络组件协同机制研究[J];电子学报;2013年07期
9 张宏科;罗洪斌;;智慧协同网络体系基础研究[J];电子学报;2013年07期
10 苏伟;刘琪;张宏科;;一体化标识网络体系及关键技术[J];中兴通讯技术;2011年02期
,本文编号:2446528
本文链接:https://www.wllwen.com/kejilunwen/xinxigongchenglunwen/2446528.html
