一种代理移动IPv6认证协议

代理移动IPv6为移动节点提供了基于网络的移动性管理方法,移动节点不参与管理移动性信令.为了在移动互联网络中应用代理移动IPv6协议,需要定义安全有效的认证协议.目前还没有见到关于代理移动IPv6认证协议方面的研究,本文提出了一种代理移动IPv6的认证协议,该认证协议可以提供接入认证功能,并可防止重放攻击和密钥暴露.为了分析该认证协议的性能,本文给出了认证费用和认证延迟分析的解析模型,分析了移动性和流量参数对认证费用和认证延迟的影响.研究结果表明提出的代理移动IPv6认证协议安全有效.     

Mobile IPv6 Security

Mobile IPv6 provides global mobility and location management support for the IPv6 network layer protocol. The design of Mobile IPv6 incorporates security features that differ significantly from its predecessor, Mobile IPv4. Some of the new security features are intended to counter new threats raised by route optimization, while others align Mobile IPv6 security more closely with basic IPv6 security mechanisms. In this paper, we outline the security threats to Mobile IPv6 and describe how the security features of the Mobile IPv6 protocol mitigate them.     

基于无证书公钥的移动IP注册协议认证

移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势,它为未来的全IP移动通信系统提供了一个标准的全球移动性解决方案。针对移动IPv6技术的特点,将IPSec安全协议和无证书公钥体系（CL-PKC）两者结合起来,在分析无证书公钥的优缺点的基础上,提出了一种在移动IPv6环境下的注册协议认证与注册方案,并对该协议的性能进行了分析,以方便日后的改进。     

A comparative performance analysis on Hierarchical Mobile IPv6 and Proxy Mobile IPv6

This paper presents comparative results on Hierarchical Mobile IPv6 and Proxy Mobile IPv6. The two mobility support protocols have similar hierarchical mobility management architectures but there are, however, clearly different perceptions: Hierarchical Mobile IPv6 has specific properties of a host-based mobility support protocol, whereas Proxy Mobile IPv6 is based on a network-based mobility support protocol. Thus, it is important to reveal their mobility characteristics and performance impact factors. In this paper, a cost based evaluation model is developed that evaluates the location update cost, the packet delivery cost, and the wireless power consumption cost based on the protocol operations used. Then, the numerical results are presented in where impacts of the various system parameters are evaluated. The results demonstrate that Proxy Mobile IPv6 always outperforms Hierarchical Mobile IPv6 due to its ability to avoid the mobility signaling sent by the mobile host, and its reduced tunneling overhead during communications with other nodes.     

基于移动IPv6环境中的安全威胁类型研究

移动IPv6实现了完整的IP层的移动性、扩展性,能真正实现全球范围内的移动IPv6网络,因而成为IP技术最重要的研究内容.文中介绍了移动IPV6的协议的系统组成和运行机制,分析移动IPv6所面临的安全威胁,并根据黑客发起攻击时的网络位置,归纳并分类由于移动性引入而带来的安全威胁,为分析验证机制的安全性提供参考模板.     

基于无证书公钥密码体制的密钥管理

移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势。然而,移动通信网络链路的开放性、网络拓扑结构的动态性、移动资源的有限性等特点使其容易遭受更严重的安全威胁。针对在移动IPv6环境下,采用无证书的公钥密码体制,部署和实现移动IPv6网络的密钥管理问题。提出了一种新的接入注册解决方案,该方案可以解决具有高敏感性要求移动网络的安全保护问题。     

RSVP Extensions for Real-Time Services in Hierarchical Mobile IPv6

The Mobile IPv6 (MIPv6) provides many great features, such as sufficient addressing space, mobility, and security; MIPv6 is one of the most important protocols for next generation mobile Internet. Simultaneously, with the rapid improvement of wireless technologies, the real-time multi-media IP services such as video on demand, videoconference, interactive games, IP telephony and video IP phone will be delivered in the near future. Thus, to furnish accurate QoS for real-time services is one of the most important thing in the next generation mobile Internet. Although RSVP, which is a resource reservation protocol, processes signaling messages to establish QoS paths between senders and receivers, RSVP was originally designed for stationary networks and not aware of the mobility of MNs. Therefore, this paper proposes a novel RSVP extension to support real-time services in Hierarchical Mobile IPv6 (HMIPv6) environments. For intra-site mobility, the concept of QoS Agent (QA) is proposed to handle the RSVP QoS update messages and provide the advanced reservation models for real-time services. For inter-site mobility, IP multicast can help to invite inter-site QAs to make pre-reservation and minimize the service disruption caused by re-routing the data path during handover. Simulation results show that the proposed scheme over HMIPv6 is more suitable for real-time services than the famous RSVP tunnel-based solution.     

Seamless Support for Mobile Internet Protocol Based Cellular Environments

Cellular is the inevitable architecture for the Personal Communication Service system (PCS) in the coming future. Access to the Internet via cellular networks is expected to become an essential portion of future wireless service offerings. Providing seamless support for IP based packet switched services has become an important issue.The Internet Engineering Task Force's (IETF's) mobile IP protocol offers a standard solution for wide-area mobility at the IP layer. However, Mobile IP does not solve all of the problems involved in providing mobile Internet access to cellular users, especially during handoff period. Thus, IPv6 might be a good candidate to solve this problem.IPv6 is a new version of the Internet Protocol that was standardized by the IETF. It supports mobility and is presently being standardized by the IETF Mobile IP Working Group. At the same time, cellular is an inevitable architecture for the Personal Communication Service system (PCS).This paper introduces the current cellular support based on the Mobile Internet Protocol version 6. We will point out the short-falls using Mobile IP and try to emphasize protocols especially for mobile management schemes that can optimize a high speed mobile station moving among small wireless cells. A comparison between those schemes and future work will be presented.     

IPV6和物联网

由于互联网IPv4地址即将用尽,IPv6协议被越来越多的互联网专家和研究者看成是下一代互联网的基础协议。与IPv4相比。IPv6具备了更大的地址空间、更好的可扩展性、更高效的网络传输、更好的安全管理架构和更好的移动支持。除了对传统互联网的网络容量和性能的升级。IPv6在物联网的路由、寻址以及物联网应用基础协议设计之初就提供了很好的支持。本文一方面将从IPv6的基本概念入手,阐述与IPv4的区别,并介绍IPv6在中国的发展;另一方面通过对物联网需求的分析,着重介绍IPv6关键技术在物联网的应用,如6LoWPAN,RPL和CoAP协议,以及IPv6在IETF相关工作组的活动。     

集成AAA的HMIPv6认证与注册方案

在下一代互联网中,需要使用AAA保证网络安全和网络资源合理使用,但是AAA与移动IPv6的结合,对切换性能及网络安全带来影响,而切换与安全是移动环境的关键问题。论文提出了新的解决方案,将HMIPv6与AAA结合,实现认证与注册过程的统一及本地认证,提高切换性能,并在注册与认证的过程中对消息进行加密,保证传输的安全。分析表明,本方案实现了AAA机制与移动管理机制安全高效的融合。     

How much do we gain by introducing route optimization in Proxy Mobile IPv6 networks?

Proxy Mobile IPv6 has been developed from the concept of network-based mobility support protocol in the Internet Engineering Task Force. The recently published specification of Proxy Mobile IPv6 only focuses on the mobility support without a mobile host’s participation in the mobility signaling. Then, route optimization issues are left in the basket for further works. In this paper, we explore the existing route optimization proposals that are analyzed and matched against a list of functional and operational angles. Then, the chosen two route optimization proposals are evaluated in terms of signaling cost, packet delivery cost, total cost, and service blocking probability. Through the provided analysis results, we demonstrate that route optimization solves the ineffective routing path problem when the mobile host communicates with its corresponding host and argue that the scalability of Proxy Mobile IPv6 architecture is also improved due to the distributed routing path. In addition, the cost model developed in this paper would be a reference model in order to facilitate decision making for further route optimization design.     

Mobile IPv6-based ad hoc networks: its development and application

The Internet protocol version 6 (IPv6)-enabled network architecture has recently attracted much attention. In this paper, we address the issue of connecting mobile ad hoc networks (MANETs) to global IPv6 networks, while supporting IPv6 mobility. Specifically, we propose a self-organizing, self-addressing, self-routing IPv6-enabled MANET infrastructure, referred to as IPv6-based MANET. The proposed self-organization addressing protocol automatically organizes nodes into tree architecture and configures their global IPv6 addresses. Novel unicast and multicast routing protocols, based on longest prefix matching and soft state routing cache, are specially designed for the IPv6-based MANET. Mobile IPv6 is also supported such that a mobile node can move from one MANET to another. Moreover, a peer-to-peer (P2P) information sharing system is also designed over the proposed IPv6-based MANET. We have implemented a prototyping system to demonstrate the feasibility and efficiency of the IPv6-based MANET and the P2P information sharing system. Simulations are also conducted to show the efficiency of the proposed routing protocols.     

Inter-domain security for mobile IPv6

Mobile IPv6 is only adapted to the mobile’s movements within its own administrative domain. As Mobile IPv6 is expected to be the basis for beyond 3G networks, a solution for inter-domain security is required allowing the visited domain to authenticate any mobile to grant it access. As such, new concepts known as AAA for Authentication, Authorization, Accounting were defined by the IETF. The IETF is currently defining the Diametr protocol to support those three functions in a Mobile IPv4 environment. Today’s difficulty is to adapt the Diameter protocol to Mobile IPv6. After introducing the Mobile IPv6, IPsec and Diameter protocols, this paper presents our solution (IETF draft of December 2001), and an IETF alternative for adapting Diameter to Mobile IPv6. It gives a comparison and describes our prototype.     

Mobility management for all-IP mobile networks: mobile IPv6 vs. proxy mobile IPv6 [architectures and protocols for mobility management in all-IP mobile networks]

Recently, a network-based mobility management protocol called Proxy Mobile IPv6 (PMIPv6) is being actively standardized by the IETF NETLMM working group, and is starting to attract considerable attention among the telecommunication and Internet communities. Unlike the various existing protocols for IP mobility management such as Mobile IPv6 (MIPv6), which are host-based approaches, a network-based approach such as PMIPv6 has salient features and is expected to expedite the real deployment of IP mobility management. In this article, starting by showing the validity of a network-based approach, we present qualitative and quantitative analyses of the representative host-based and network-based mobility management approaches (i.e., MIPv6 and PMIPv6), which highlight the main desirable features and key strengths of PMIPv6. Furthermore, a comprehensive comparison among the various existing well-known mobility support protocols is investigated. Although the development of PMIPv6 is at an early stage yet, it is strongly expected that PMIPv6 will be a promising candidate solution for realizing the next-generation all-IP mobile networks.     

移动IPv6绑定注册安全问题及解决方案

移动IPv6由于其移动性要求而引入了一系列新的安全问题。首先给出了移动IPv6的基本原理,接着介绍了移动IPv6的绑定操做过程和所面临的威胁,最后阐述了一种针对绑定更新安全问题的解决方案。     

Mobile IPv6 — Wegweiser in eine mobile Zukunft

Since mobile computing is getting more and more common, wireless technology is increasingly being used for Internet access and other IP-based communications. Some years ago, only a few people were using mobile phones to make telephone calls over GSM, whereas today you will hardly find anyone without his mobile companion in his pocket. In the future people will demand to get connected to the Internet by their IP-enabled smart-phones and PDAs always and anywhere. This article presents the upcoming Mobile IPv6 protocol, which will be the base for tomorrow’s worldwide IP-mobility. Mobile IPv6 will be widespread with the introduction of the Next-Generation Internet (IPv6).     

Signaling cost and performance of SIGMA: A seamless handover scheme for data networks

Mobile IP has been developed to handle mobility of Internet hosts at the network layer. Mobile IP (MIP), however, suffers from a number of drawbacks such as requirement of infrastructure change, high handover latency, high packet loss rate, and conflict with network security solutions. In this paper, we describe and evaluate the performance of SIGMA, a Seamless IP diversity‐based Generalized Mobility Architecture. SIGMA utilizes multihoming to achieve seamless handover of mobile hosts, and is designed to solve many of the drawbacks of MIP, including requirement for changes in infrastructure. We first evaluate the signaling cost of SIGMA and compare with that of hierarchical Mobile IPv6 (an enhancement of Mobile IP) by analytical modeling, followed by comparison of handover performance of SIGMA and Mobile IPv6 enhancements. Criteria for performance evaluation include handover latency, packet loss, throughput, and network friendliness. Our results indicate that in most cases SIGMA has a lower signaling cost than Hierarchical Mobile IPv6. Moreover, for a typical network configuration, SIGMA has a higher handover performance over Mobile IP. Copyright © 2005 John Wiley & Sons, Ltd.     

DMAP: integrated mobility and service management in mobile IPv6 systems

Mobile IPv6 (MIPv6) is a work in progress IETF standard for enabling mobility in IPv6 networks and is expected to have wide deployment. We investigate an integrated mobility and service management scheme based on MIPv6 with the goal to minimize the overall network signaling cost in MIPv6 systems for serving mobility and service management related operations. Our design extends IETF work-in-progress Hierarchical Mobile IPv6 (HMIPv6) with the notion of dynamic mobility anchor points (DMAPs) for each mobile node (MN) instead of static ones for all MNs. These DMAPs are access routers chosen by individual MNs to act as a regional router to reduce the signaling overhead for intra-regional movements. The DMAP domain size, i.e., the number of subnets covered by a DMAP, is based on the MN’s mobility and service characteristics. Under our DMAP protocol, a MN interacts with its home agent and application servers as in the MIPv6 protocol, but optimally determines when and where to launch a DMAP to minimize the network cost in serving the user’s mobility and service management operations. We demonstrate that our DMAP protocol for integrated mobility and service management yields significantly improved performance over basic MIPv6 and HMIPv6.     

浅析移动IPv6协议及其测试技术

IPv6协议即将成为Intemet的标准,在任何协议的研究开发中,测试工作都是很重要的.移动IPv6作为IPv6协议族中非常重要的一个协议,对基本的IPv6协议运作方式有较大的改变,对它的一致性测试和互操作性测试将有助于协议的完善.本文在介绍移动IPv6协议的基础上,分析了移动IPv6协议的测试方法、测试技术和研究方向.     

AAA architecture for mobile IPv6 based on WLAN

Mobility support for Internet devices is quite important for consumer electronics. The number of the hand‐held devices is growing quickly. However, there are not enough IP addresses for the number of the rapidly growing devices in the All‐IP generation. Internet Protocol version 6 (IPv6) was therefore adopted to solve these problems. Our purposed structure is based on IEEE 802.11. However, IEEE 802.11 has a serious security drawback. Further, from the Internet Service Providers' point of view, accounting is a potential problem. A mechanism combining Mobile IPv6 and AAA based on IEEE 802.11 to overcome these problems is essential. Both Internet Protocol version 4 (IPv4) and IPv6 support IP security (IPsec) when data packets are exchanged across the IP network. IPsec operates at the IP layer. It can support system authentication and authorization, However, it lacks a system accounting function. Therefore ISPs cannot establish correct billing for their services. This is the reason why we chose to combine the wireless network and AAA functions. In this paper, the AAA mechanism is used to protect security, with the architecture having authentication, authorization, and accounting functions. We will discuss the benefits of AAA and state the reason why we choose to combine AAA with the mobility architecture. Copyright © 2004 John Wiley & Sons, Ltd.