Fuzzy based multi-criteria vertical handover decision modeling in heterogeneous wireless networks

Vertical handover gain significant importance due to the enhancements in mobility models by the Fourth Generation (4G) technologies. However, these enhancements are limited to specific scenarios and hence do not provide support for generic mobility. Similarly, various schemes are proposed based on these mobility models but most of them are suffered from the high packet loss, frequent handovers, too early and late handovers, inappropriate network selection, etc. To address these challenges, a generic vertical handover management scheme for heterogeneous wireless networks is proposed in this article. The proposed scheme works in three phases. In the first phase, a handover triggering approach is designed to identify the appropriate place for initiating handover based on the estimated coverage area of a WLAN access point or cellular base station. In the second phase, fuzzy rule based system is designed to eliminate the inappropriate networks before deciding an optimal network for handover. In the third phase, a network selection scheme is developed based on the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) decision mechanism. Various parameters such as delay, jitter, Bit Error Rate (BER), packet loss, communication cost, response time, and network load are considered for selecting an optimal network. The proposed scheme is tested in a mobility scenario with different speeds of a mobile node ranging from very low to very high. The simulation results are compared with the existing decision models used for network selection and handover triggering approaches. The proposed scheme outperforms these schemes in terms of energy consumption, handover delay and time, packet loss, good put, etc.     

An efficient design and validation technique for secure handover between 3GPP LTE and WLANs systems

Future generations wireless systems, which integrate different wireless access networks together, will support a secured seamless mobility and a wide variety of applications and services with different quality of service (QoS) requirements. Most of the existing re-authentication protocols during vertical handover still have certain limitations such as man in the middle, eavesdropping and session hijacking attacks, and unacceptable delay for real time applications. In this article, we propose two re-authentication schemes to secure handover between 3GPP LTE and WLANs systems: Initial Handover Re-authentication Protocol, and Local Re-authentication Protocol. The second proposed protocol is executed locally in a WLAN network without contacting the authentication server of the home network for credentials verification. In fact, after a successful execution of the Initial Handover Re-authentication Protocol, the local key (LK) is shared between USIM and the authentication server of the WLAN. It is then used for securing handover and traffic in WLAN networks. Performance evaluation results obtained using simulation analysis show that the proposed re-authentication protocol enhances handover parameters such as handover latency, handover blocking rate and packet loss rate. Additionally, the proposed enhanced fast re-authentication protocol has been modeled and verified using the software AVISPA and is found to be safe.     

移动IPv6网络安全接入认证方案

对于移动IPv6网络,身份认证是网络安全的关键问题之一.针对移动IPv6网络的接入认证,提出了一种基于移动互联网双向认证方案.在移动切换过程中的接入认证和家乡注册,采用对家乡注册消息进行基于双私钥签名的方式,实现了家乡代理和移动节点分别对注册消息的签名,实现了接入认证与家乡注册的并发执行,移动用户和接入网络的一次交互实现了用户和接入域的有效双向认证.理论分析和数据结果表明,方案的认证总延时和切换延时要优于传统方法,有效地降低了系统认证的延时.安全性分析表明,框架中的基于双私钥的CPK方案满足双向接入认证安全,有效地解决了密钥托管问题.     

公用无线局域网的位置管理策略

无线局域网(WLAN)与GPRS结合而成的公用无线局域网，是一种覆盖全球的高速移动通信网，位置管理策略是其中的一项关键技术．然而现有的WLAN位置管理策略并不适合公用无线局域网的体系结构和安全性要求，因此该文提出基于接入控制器(AC)和接入点(AP)的两层数据库位置管理策略(包括数据库分配策略和位置更新策略)．由AC存储所有终端和AP的位置信息，记录所有越区切换过程；AP从AC获取下属终端的位置信息，向AC汇报下属终端的越区切换过程．对位置管理策略的性能分析结果表明：该策略在数据库查询、位置更新和安全性等方面具有良好的性能。     

一种嵌套移动路由器的转交地址配置方法

嵌套移动路由器的转交地址配置及随后的重复地址检查对网络移动的时间开销较大。为此,在分析现有移动路由器的转交地址配置方案基础上,提出一种基于接入路由器树模型和Hash函数的嵌套移动路由器转交地址配置方法及其相应的切换算法,以减小时间开销和控制信令开销。仿真结果表明,与现有方案相比,该方法能够降低嵌套移动路由器的转交地址配置及相应切换的延时。     

基于分离机制网络的可信域内快速认证协议

分离机制网络明确地分离了主机身份与位置信息,将互联网体系划分为接入网与核心网两大类,很好地解决了互联网的扩展性和移动性等问题.基于分离机制网络,结合可信计算技术,提出一种终端域内切换时的快速认证方案,在对终端用户身份进行认证的同时,对终端平台进行身份认证和完整性校验.在本方案中,终端进行域内切换时不需要本域的认证中心再次参与,仅由接入交换路由器通过Token即可完成认证.认证过程可以保持用户身份和平台信息的匿名性,减轻了认证中心的负担.与其他方案相比,本方案在认证开销、认证延迟以及安全性等方面均有明显优势.安全性分析结果表明本方案是安全高效的.     

低轨航天器空地间移动IP切换技术研究

为解决低轨航天器与各地面基站之间移动IP切换时延大的问题,提出基于轨道信息预测的移动IP切换方案。根据轨道信息和地面基站位置信息事先预测接入地面基站的时刻和接入顺序,定时触发航天器与最合适接入的地面基站之间进行移动IP切换。研究并改进了数据链路层和网络层的切换流程,并通过STK和OPNET结合方式对该方案进行了仿真。实验结果表明,该方案能明显改善低轨航天器的移动IP切换性能。     

天地一体化网络中基于预认证与群组管理的安全切换方案

针对天地一体化网络中卫星节点高速移动过程的卫星接入点频繁切换问题,利用卫星轨迹可预测的特点,提出了基于组的多移动节点安全切换方案。该方案针对网络中卫星节点和地面移动节点的移动特性,对多移动节点切换过程中的交互信息进行有效汇聚;利用卫星节点运动轨迹可预测的特性,提前通过安全上下文完成预认证与会话密钥协商。和已有方案相比,所提切换方案在保证切换所必备的安全性的同时,显著减小了切换延时以及认证和密钥协商过程中节点的通信、计算负担,适用于卫星节点能量受限的天地一体化网络环境。     

5G异构网络中基于群组的切换认证方案

随着5G网络的发展,各类网络服务质量极大提升的同时网络环境也愈加复杂,从而带来了一系列安全挑战。切换认证可以解决用户在不同类型网络间的接入认证问题,但现存方案仍存在一些不足,还需要解决如全局切换认证、密钥协商、隐私保护、抵抗伪装攻击、抵抗中间人攻击、抵抗重放攻击以及群组用户切换效率等问题。针对这些问题,提出了一个5G异构网络中基于群组的切换认证方案。在所提出的方案中,注册域服务器在区块链上为每个用户存入一个通行证,任何实体都可以利用该通行证对用户进行认证,从而实现全局切换认证。对于群组用户,各用户分别设置可聚合的认证参数,验证者通过验证聚合签名实现对群组用户的批量验证。新方案不仅提升了群组用户切换时的效率,同时还满足上述安全性要求。基于形式化分析软件AVISPA的分析结果表明,所提出的方案是安全的。性能分析表明,所提出的方案执行批量验证时的效率比现存方案至少提升了89.8％。     

Analysis of the effect of security on data and voice traffic in WLAN

This paper investigates the impact of security on the performance of WLAN. More specifically, it analyzes the impact of different encryption techniques used by two security protocols, namely Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) on the throughput and delay over WLAN IEEE 802.11g. Moreover, in this paper, we investigate the effect of encryption on the performance of wireless transmission during the handover process when a mobile device disassociates from one access point and re-associates with another one. In addition, this paper addresses the impact of the use of security in WLAN specifically on voice traffic namely the incurred transmission delay and jitter.     

基于SCT的移动IPv6域间密钥交换方法

为了减少域间切换移动IPv6的移动节点重新协商主会话密钥带来的较长延时,本文提出了一种新的安全机制——基于安全上下文转移(SecurityContextTransfer,SCT)的移动IPv6域间密钥交换方法,通过SCT把移动节点和前一个接入路由器共享的主会话密钥转发到新的接入路由器,避免了进行域间切换密钥重新协商的复杂过程,提高了移动节点切换的速度,同时达到了保证无线移动网络通信安全的目的。     

Seamless handover supported by parallel polling and dynamic multicast group in connected WLAN micro-cells system

WLAN (Wireless Local Area Network) has been seen to be one of the promising access technologies that adapts to 4G cellular network systems in providing very high speed connection with QoS guarantee through the polling function. However, when the handover happens, the contention-based medium access mechanism which is mainly used in WLAN is invoked and introduces unbounded transmission delay due to idle time periods and retransmission because of collision during the handover. If this technique is expanded to use in a microcellular network such as connected WLAN micro-cells, contention-based mechanism, therefore, should not be used to handle the MT’s handover, especially for vehicular users who change access point every few seconds. To overcome these difficulties in handover, we introduce parallel polling scheme in dynamic LMC (Logical Macro Cell) which can reduce delays much and remove packet loss rate. LMC is a virtual single macro cell which is built on a multicast group of adjacent micro-cells. In the same LMC, polling signals are sent from every BS (base station) to give MT (mobile terminal) permission to access one of these BSs. Instead of wasting much time to contend for resources of a new BS during handover, the MT answers the polling as an acknowledgment to connect to that new BS. The polling response is controlled to multicast to all BSs of the same LMC via the core network to synchronize for the next polling cycle. LMC is controlled to dynamically change when the MT comes in a new BS to make polling signals be continuous in a new LMC. Through analytical and simulation results, we show that the parallel polling scheme can achieve no handover latency, no packet loss and maintain mobile users’ throughput stably in the high traffic load condition though it causes overhead on the neighboring cells in both of wired and wireless sections. At speeds of up to70 m/s, the MT can still maintain its stable connection. OMNeT++ simulator with INET project is used to evaluate our proposal.     

移动IPv6网络基于身份签名的快速认证方法

接入认证对移动IPv6网络的部署和应用至关重要,在切换过程中加入认证过程会影响移动IPv6网络的切换性能.当前,对移动IP网络中接入认证的研究大多没有考虑对切换性能的影响.另外,目前许多双向认证机制都是基于证书的方式来实现,无线移动环境的特殊性使得这种方式并不适合无线移动网络.一种适用于移动IPv6网络的基于身份签名的快速双向认证方法被提了出来.该方法使用NAI(network access identifier)作为公钥,简化了无线移动环境中的密钥管理问题,有效地解决了基于PKI(private key     

FSH scheme for high-speed handover and anti-MITM on mobile computing

As an IEEE 802.11-based mobile computing system has been established as the base structure of high-speed wireless network, interest in mobility and security of mobile terminal has increased. To reinforce security, 802.1x and 802.11i using EAP were used in standardized instrument. But it was found to be unsuitable for real time multimedia service because of the time delay. In this paper, we suggest Fast and Secure Handover (FSH) scheme which minimizes time delay in handover authentication process and prevents MITM (Man in the Middle) attack. This scheme carries out re-association process which is necessary for high-speed handover using Inter Access Point Protocol (IAPP) and Old_MSK. To make existing 802.1x-based user certification procedure suitable for high-speed handover, the terminal and pre-handover-accessed Old_AP make Rough_AP to prevent MITM. To do this, Old_AP uses the Old_MSK-used encrypted method which was used to encrypt MAC information of the mobile terminal and Old_AP. Hereby, FSH has been developed to become high-speed handover which has the 802.1x-supported security level and the skill of preventing MITM. In this paper, by simulation (NS-2), we confirmed the superiority in streaming service such as decreased handover time delay and VoIP.     

多跳快速切换代理移动IPv6预认证协议的安全分析

第三代移动通信系统的长期演进标准中,使用代理移动IPv6协议来实现异构无线接入网络互联及移动性管理。LTE-Advaned网络支持协同无线通信,通过在网络中引入中继节点来扩大蜂窝的覆盖范围和信道容量并减少网络的传输延迟。文章对LTE—Advanced网络结构进行了扩展,加入了能支持中继功能的服务网关,该网关采用快速切换PMIPv6协议来完成预先切换。文章对此协议进行了扩展,使其支持多跳和中继功能。文章主要研究多跳快速切换PMIPv6协议的安全性,采用认证选项实现了预认证协议。并给出了详细的流程。文章采用Kerberos的Ticket概念,通过在协议中加入Ticket来实现安全上下文的传输。该认证协议是在移动节点切换到目的端之前完成的,大大减少认证协议所产生的延迟。最后文章对认证测试的形式化方法进行扩展,加入了消息认证码,证明了此预认证协议的认诅陡。     

A Cloud-Manager-Based Re-Encryption Scheme for Mobile Users in Cloud Environment: a Hybrid Approach

Cloud computing is an emerging computing paradigm that offers on-demand, flexible, and elastic computational and storage services for the end-users. The small and medium-sized business organization having limited budget can enjoy the scalable services of the cloud. However, the migration of the organizational data on the cloud raises security and privacy issues. To keep the data confidential, the data should be encrypted using such cryptography method that provides fine-grained and efficient access for uploaded data without affecting the scalability of the system. In mobile cloud computing environment, the selected scheme should be computationally secure and must have capability for offloading computational intensive security operations on the cloud in a trusted mode due to the resource constraint mobile devices. The existing manager-based re-encryption and cloud-based re-encryption schemes are computationally secured and capable to offload the computationally intensive data access operations on the trusted entity/cloud. Despite the offloading of the data access operations in manager-based re-encryption and cloud-based re-encryption schemes, the mobile user still performs computationally intensive paring-based encryption and decryption operations using limited capabilities of mobile device. In this paper, we proposed Cloud-Manager-based Re-encryption Scheme (CMReS) that combines the characteristics of manager-based re-encryption and cloud-based re-encryption for providing the better security services with minimum processing burden on the mobile device. The experimental results indicate that the proposed cloud-manager-based re-encryption scheme shows significant improvement in turnaround time, energy consumption, and resources utilization on the mobile device as compared to existing re-encryption schemes.     

基于预测与优先级缓存的MIPv6切换算法

为了提升移动IPv6的切换性能,保证实时性要求高的音频、视频等业务的服务质量,针对去除DAD过程的RDMIPv6方案未考虑在传输速率相对较慢的无线信道中,移动节点向NAR本地注册所产生的时延以及切换过程中引入的丢包问题,提出一种优化方案PCRD-MIPv6。PCRD-MIPv6方案结合基于L2触发的切换预测和数据包优先级缓存机制,在L2切换完成之前向移动节点MN维护的接入路由器缓存列表T_AR中的所有AR发送MOA实现本地注册,与此同时,将切换过程中的数据包按优先级缓存在PAR中,在切换完成后发往移动节点,从而减少切换过程中的丢包率。NS-2仿真结果表明,PCRD-MIPv6方案有效地减少了切换时延,降低了切换过程中的丢包率。     

一种针对乒乓移动节点的QoS快速无缝切换机制

本文在分层移动IPv6框架下对节点的乒乓式移动进行了研究,提出了一种与分层框架相吻合的快速无缝切换机制.该机制通过设置资源预留激活标记和离线倒计时,有效地减少了QoS切换信令并降低了切换时延,从而降低了网络传输负担和用户服务中断概率.移动节点可根据自身移动特性设置适当的离线倒计时间隔,以使多个邻近区域内的资源预留能 获得更好的性价比.     

移动家乡代理接入死锁的解决方法

针对网络移动由于家乡代理位于移动网络或本身就是移动路由器而可能出现的接入死锁问题,提出基于接入路由器树状模型和基于树根节点配置移动路由器转交地址的死锁解决方案。分析结果表明,该方案在保障移动网络节点和Internet上任意节点会话连续性的同时,实现了浮动嵌套移动网络节点之间的相互可访问性,而且通信延时、数据包包头损耗率以及网络切换延时与网络移动基本支持协议和返回路由头路由优化方案相比大大减小,嵌套层次越深,端到端通信节省的时间和空间开销越大。