عنوان مقاله
ثبت امنیت براساس IPSec برای هندآف سریع IPv6 موبایل
فهرست مطالب
مقدمه
کارهای مرتبط
پروتکل طرح پیشنهادی
تجزیه تحلیل عملکرد
نتیجه گیری
بخشی از مقاله
پروتکل طرح پیشنهادی
مسئله امنیتی پایه هندآف، عدم تصدیق موثر گره های موبایل و همچنین حفاظت امنیتی از سیگنالهای هنداور می باشد. در این مقاله، ثبت یا رجیستری جدید هندآف سری را پیشنهاد می کنیم که براساس حفاظت IPSec عمل می کند. ایده پایه اش استفاده از پروتکل IKEv2 برای دستیابی به تصدیق اولیه گره های موبایل در فرایند هندآف سریع بوده و ازمجمع امنیتی (SA) تولیشده توسط IKEv2 نیز برای حفاظت از علامتدهی هند اور استفاده می شود. در شکل 1 روش ثبت در روش هنداور را نشان می دهیم.
کلمات کلیدی:
A security registration based on IPSec for mobile IPv6 fast handoff Lei Zhao1 Xiaoping Li 1 1. The School of meno-electronic engineering, Xidian University, Qingkuan Dong 2 Lei Shi 1 2. State Key Lab. Of Integrated Services Networks, Xidian University, Xi’an, China bohe314@sina.com Xi’an, China xpli@xidian.edu.cn Abstract—At present, many studies focus on the efficiency of handoff among different networks, while research on how to maintain the safety during registration process of handoff is not enough. Unfortunately, mobile node is vulnerable to various security threats and attacks when handover for being lack of protection. A security scheme based on the IPSec protocol which was combined with fast handoff signaling was given in this paper. The mutual handover authentication between mobile nodes and access routers was obtained through improved handoff signaling, and IPSec security association was used to protect the handoff process without lowering its efficiency. Keywords- mobile register; IPSec; Mobile IPv6; Handoff Authentication I. INTRODUCTION As the growth of ubiquitous network technologies and services, users can access the Internet from anywhere at any time by using wireless devices. As to support mobility of various applications and services, IETF proposed mobile IPv6 protocols [1] in 2004. However, wireless environment is characterized by openness, which makes it vulnerable to the threat of attacks, and also does MIPv6. MIPv6 signaling are easy subject to attacks, such as man-in-the-middle attack, replay attack, flooding attack, code attacks, DOS attack and so on. Redirection attacks, middle attacks, denial of service attacks will be occur especially during the handover process of mobile nodes for lacking of strong protection measures to the signaling interactions. Additionally, Mobile IPv6 may also be subjected to other security attacks, such as the lack of effective authentication mechanism, which may be the root of many attacks. Mobile IPv6 authentication protocol make mobile nodes get certified in their respective certification entities by using IPSec Security Association(SA) between mobile nodes and home agent or AAAH[2] server when mobile nodes access to a new network. However, the authentication protocol just applied to MN-HA, mutual certification between MN-CN still cannot be made effectively, thus the risk of eavesdropping or intermediary attacking increase if malicious node access to network fake normal node. II. RELATED WORKS Several mechanisms [3-7] have been proposed to solve security problems in handoff process. The related works are discussed here and their drawbacks are pointed out as sequel. In [3], Hu Wang and Anand R. Prasad proposed a method of fast authentication for inter administrative domain handoff between two foreign mobile or wireless communication network domains. In this method, Serving Network (SN) and Target Networks (TN) must be a relationship of mutual trust. When MN handoff from SN to TN, MN send a handoff decision to SN, then SN calculates a shared key for MN and TN,and sends it to MN and TN respectively. Then MN sends a fast authentication request asking to TN after receiving the key, and MN can be accessed to TN when authentication finish. Such an approach, however, faces the following challenges: First, if the trusted third-party introduced for distributing the pre-shared key to authentication entities is under attack, there is no security to speak of in authentication process. Secondly, the introduction of a trusted third-party will be an additional signaling overhead. Finally, binding update process is also lack of effective protection after handoff.
