共查询到20条相似文献,搜索用时 531 毫秒
1.
2.
网络移动通过移动路由器实现边缘移动网络节点间及其与骨干网络节点间的会话连续性。移动路由器在嵌套接入环境下的接入安全与切换延时已经成为网络移动发展的最大障碍。在分析网络移动无缝切换研究现状的基础上,提出基于协同模型的网络架构、基于移动模型的预切换方法等需要突破的关键技术以及相应的无缝切换技术思路,支持轻量可信切换、多穴负载均衡、嵌套路由优化,为设计具有服务质量和安全保证的端到端网络移动通信协议提供技术支撑。 相似文献
3.
通过研究和分析联通VPDN移动办公用户认证与接入系统的开发过程以及在实际中的应用实践,探讨了其认证的过程,对联通VPDN网络环境进行了仔细的调查和研究,结合移动办公的网络安全性需求,设计了较灵活、稳定、满足安全需求的联通VPDN移动办公用户认证与接入系统。 相似文献
4.
5.
Web认证方式是通过Web技术和DHCP技术相结合,实现用户的接入认证。用户为能够访问到Web认证服务器,在进行认证前(用户主机开机时),必须先获得DHCP服务器分配的IP地址,因此在一定程度上浪费了运营商的IP地址资源。同时,尽管运营商在Web认证页面上可以插入一些增值服务的信息,但是这种认证方式需放置专门的Web认证服务器,加大了建网成本。因此,出现了一种通过DHCP协议的、简化的认证方式:扩展的DHCP认证方式——DHCP 的认证方式。 相似文献
6.
4G系统由IP骨干网和各种无线接入网组成,不同接入网络并存使得具有多模配置的移动终端可以同时连接到多个物理网络。如何安全并无缝地接入IP骨干网成为MN在异构网络漫游中需要解决的首要问题。在分析了移动IP技术和移动以太网技术的基础上,提出了一种基于L2分层的安全的切换模型。把对MN的安全认证放在L2接入的第一时间进行,L3切换时无需进行安全认证,从而降低了L3切换的时延。 相似文献
7.
8.
9.
文章综合F—HMIPv6(次移移动IPv6的快速切换技术)、鲁棒性信头压缩和上下文转移三种机制,提出一种实时上下文转移方和ROHC(鲁棒性信头压缩协议)压缩状态迁移协调策略。在切换的同时将信头压缩上下文转移到新接入路由器中。避免了切换后在新接入路由器上重新运行压缩协议重建上下文的开销。分析表明,该方案能有效解决因切换导致的丢包和时延造成的压缩端与解压端上下文不同步问题。 相似文献
10.
11.
12.
在数据业务的客户端与应用服务器之间的交互过程中,安全问题是必不可少的一个重要环节.在目前开展的许多相关业务中,客户端与应用服务器之间的鉴权多局限于双方的认证鉴权,安全级别及通用性都较低.HDC (Home Data Service Center)家庭数据业务中心是东信北邮家庭数据业务平台的重要组成部分,本文介绍了HDC... 相似文献
13.
Most traditional security for capsule-type active networks focused on node-level security mechanism that tries to restrict resource consumption of a packet at a node. Network level security mechanism, which restricts resource consumption in the whole network like ttl in ipv4, is also necessary for capsule. We propose high-performance per-packet authentication mechanism for this purpose. The proposed authentication mechanism uses packet-loss-resistant one-time password algorithm to avoid multiple packet exchanges between user terminals and routers. Since the address in a node where a packet’s authentication data is stored can be easily calculated from the information contained in the packet, we can authenticate the packet without searching a database. The overhead in the packet for authentication information is 46 bytes, and a Linuxpc with a 2.8 GHz Intel Pentium 4 processor can authenticate and process a packet in 22 µs, which corresponds to 45,000 authentications per second. 相似文献
14.
在网络融合的趋势下,通过电信网络为WLAN网络提供终端认证将是未来WLAN业务认证的主要方式。为高效、安全地实现网间漫游状态下WLAN的鉴权认证,本研究分析了在网间漫游状态下WLAN的鉴权需求,讨论了鉴权模式、流程和存在的问题,提出了基于EAP SIM/AKA协议的、非中转方式的WLAN漫游认证方案,并进行了验证。实验结果证明该非中转认证方案可以满足终端在漫游状态下实现EAP SIM/AKA认证的需要,同时增强了系统的安全性,降低了投资成本,实现了实时计费。 相似文献
15.
针对应用层客户/服务器系统安全性欠缺的情况,设计、实现了一套基于SSL/TLS协议的安全隧道网关,以提供无缝的安全集成.客户端隧道网关与服务器端隧道网关之间基于X.509证书进行身份认证,并建立SSL/TLS安全链接转发客户端请求与服务器端响应.隧道网关与客户端、服务器之间采用普通TCP/IP链接进行数据传输.隧道网关使已有客户/服务器系统无需任何修改即可享有机密性、完整性和可认证的数据传输.最后给出了网关测试结果与应用实例. 相似文献
16.
17.
W. Wei Q. Xu L. Wang X. H. Hei P. Shen W. Shi L. Shan 《International Journal of Communication Systems》2014,27(11):3013-3029
In mesh networks architecture, it should be permitted to visit the mobile client points. Whereas in mesh networks environment, the main throughput flows usually communicate with the conventional wired network. The so‐called gateway nodes can link directly to traditional Ethernet, depending on these mesh nodes, and can obtain access to data sources that are related to the Ethernet. In wireless mesh networks (WMNs), the quantities of gateways are limited. The packet‐processing ability of settled wireless nodes is limited. Consequently, throughput loads of mesh nodes highly affect the network performance. In this paper, we propose a queuing system that relied on traffic model for WMNs. On the basis of the intelligent adaptivenes, the model considers the influences of interference. Using this intelligent model, service stations with boundless capacity are defined as between gateway and common nodes based on the largest hop count from the gateways, whereas the other nodes are modeled as service stations with certain capacity. Afterwards, we analyze the network throughput, mean packet loss ratio, and packet delay on each hop node with the adaptive model proposed. Simulations show that the intelligent and adaptive model presented is precise in modeling the features of traffic loads in WMNs. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
18.
Packet filtering allows a network gateway to control the network traffic flows and protect the computer system. Most of the recent research works on the filtering systems mainly concern the performance, reliability and defence against common network attacks. However, since the gateway might be controlled by red an untrusted attacker, who might try to infer the identity privacy of the sender host and mount IP tracking to its data packets. IP spoofing is another problem. To avoid data packets to be filtered in the packet filtering system, the malicious sender host might use a spoofed source IP address. Therefore, to preserve the source IP privacy and provide source IP authentication simultaneously in the filtering system is an interesting and challenging problem. To deal with the problem, we construct a data packet filtering scheme, which is formally proved to be semantic secure against the chosen IP attack and IP guessing attack. Based on this filtering scheme, we propose the first privacy-preserving packet filtering system, where the data packets whose source IP addresses are at risk are filtered, the privacy of the source IP is protected and its correctness can be verified by the recipient host. The analysis shows that our protocol can fulfil the objectives of a data packet filtering system. The performance evaluation demonstrates its applicability in the current network systems. We also presented a packet filtering scheme, where the data packets from one subnet can be filtered with only one filter policy. 相似文献
19.