移动IP穿越NAT网关的研究与实现

在分析移动IP隧道数据包和NAT一起工作会出现问题的基础上，描述了基于IP-in-UDP隧道(简称UDP隧道封装)封装移动IP穿越NAT的解决机制，并给出了在企业虚拟专用网中移动IP穿越IPSec／NAT集成网关的一种实现。     

无线应用场景下基于IPsec VPN的研究与实现

随着无线局域网日益发展,无线网的安全问题倍受人们的关注。同时因特网的安全协议IPsec技术已相当成熟,将IPsec技术延伸到无线网络部分,以确保无线局域网的安全,这也是一种较好的解决方案。文中在扼要介绍虚拟专用网VPN安全机制的基础上,研究和分析了IPsec协议族的主要技术;在分析简化IPsec协议的基础上,结合具体常见的无线应用场景和IKEv2的密钥管理新技术来实现IPsec VPN;同时重点分析了无线场景下IPsec安全隧道建立的过程和协议中对数据包的处理流程;最后,指出了无线网络技术的应用前景和未来IPsec的研究方向。     

无线应用场景下基于IPsec VPN的研究与实现

随着无线局域网日益发展，无线网的安全问题倍受人们的关注。同时因特网的安全协议IPsec技术已相当成熟，将IPsec技术延伸到无线网络部分，以确保无线局域网的安全，这也是一种较好的解决方案。文中在扼要介绍虚拟专用网VPN安全机制的基础上，研究和分析了IPSec协议族的主要技术；在分析简化IPsec协议的基础上，结合具体常见的无线应用场景和IKEv2的密钥管理新技术来实现IPsecVPN；同时重点分析了无线场景下IPsec安全隧道建立的过程和协议中对数据包的处理流程；最后，指出了无线网络技术的应用前景和未来IPsec的研究方向。     

IPSec虚拟专用网络服务质量研究与仿真

IPsec虚拟专用网在使用IPSec的加密、认证和封装等功能后,将会导致其服务质量(QoS)明显下降.为研究加密和认证这两个影响最大的因素,分析了目前IPSec虚拟专用网常用的加密算法和认证算法对Qos的影响,利用OPNET仿真工具建立了IPSec虚拟专用网的仿真模型,把不同组合的常用加密算法和认证算法对Qos的影响分别进行仿真,并对仿真结果做了对比分析.结果表明,在隧道方式下,采用ESP/DES/MD5算法组合的IPSec_Firewall_VPN1的QoS性能最好,而加密对QoS的影响较大.今后在网络运行过程中,可以参考仿真优化结果提高网络安全和服务质量,按需求,灵活选择,使运行达到最佳的效果.     

宽带无线接入系统中TCP/IP头压缩技术研究

以WiMAX数据链路层研究为背景,对宽带无线接入系统中TCP/IP数据包的包头压缩算法的可行性进行了详细分析.利用无线链路层ARQ的辅助信息对TCP报文段IP分组头部进行可恢复的最大程度压缩.在数据包的收发两端维护相关表项,可对传输过程中不改变的相关字段进行压缩,提高无线带宽的利用率.     

LSP技术在移动SSL VPN中应用的研究

随着Internet和无线数据技术的发展,移动虚拟专用网（MVPN）技术越来越受业界关注。首先介绍了SSL协议和MVPN技术,并针对Windows mobile终端平台,详细介绍了采用LSP截获技术实现的数据包拦截处理流程。通过数据包拦截,实现了网络通信连接的重定向和对通信数据的加密保护,使移动SSL VPN能够无缝支持传统应用,保证应用程序通过网关安全访问内部网络,从而扩展了SSL VPN的应用范围,提高了其灵活性及适应能力。     

LTE系统中适应链路层机制的TCP头压缩算法

LTE系统采用全IP承载,具有比以往无线系统更高数据速率和容量.为了能够有效利用无线带宽资源,LTE系统中采用了ROHC(robust header compression)信头压缩协议对无线分组进行压缩.针对ROHC协议算法复杂度过高实现困难以及对高速数据业务的适应性较差等特点,提出一种适应LTE链路层机制的TCP头压缩算法.仿真结果表明,相比ROHC协议,本文提出的算法具有更高的头部压缩效率,进一步提高无线带宽资源的利用效率,同时,也能更好的适应LTE系统的高带宽环境,具有较低的算法复杂度和良好的稳健性和适用性.     

IP安全协议与网络地址转换间的不兼容问题

IP安全协议(IPSec)业已成为当前构筑基于IP技术的虚拟专用网(VPN)的主流技术，然而已广泛使用的网络地址转换(NAT)技术正成为阻碍基于IPSec的VPN发展的主要障碍。该文对IPSec和NAT/NAPT之间的不兼容问题进行了详尽分析，介绍了Realm-Specific IP(RSIP)和UDP封装法两种解决方案，并对二者进行了比较，最后给出UDP封装法更利于解决该问题的结论。     

一种安全有效的无线网络消息传输方案

远程移动用户访问组织内部网络除了需要高数据传输率。还需要保证传输消息的安全。VPN是一种较好解决组织员工、合作伙伴安全访问组织内部网络的技术,将VPN技术扩展到移动无线网络通信中构成MVPN(Mobile VPN),可以通过公网基础设施利用无线通信设备如GMS、GPRS、WLAN、UMTS等建立同组织内部网络的安全隧道,进行安全消息传输;但这将促使传输数据的膨胀,通过采用IPComp、IP头压缩和优化的IPSec数据处理可以有效地减少IPSec ESP隧道模式下的数据膨胀,提高数据传输效率。     

基于IPSec VPN的移动安全系统的设计与实现

为解决移动网络与固定IP网络之间跨网域的VPN安全接入问题，提出并实现了一种新型的基于IPSec VPN的移动安全系统。该系统在基于IPSec协议的虚拟专用网技术和远程访问服务的基础上，建立了一套完善的基于智能卡和X.509证书进行身份认证的机制，并且具有统一的安全信息服务平台。实验结果表明，该系统能够实现固网信息安全无缝地移动扩展。     

基于簇内分组的ECC密钥管理方案

根据椭圆曲线密码（Elliptic Curve Cryptography,简称ECC）体制,论文提出了一种逻辑簇内分组结构的无线传感器网络（Wireless Sensor Networks,简称WSN）的ECC密钥管理方案。方案将簇内节点逻辑划分成多个组,每个组共享不同的通信密钥,簇头实时掌握簇内每个组的通信密钥,簇内节点通过所在组的共享密钥与簇头通信,确保了通信的安全性。理论分析和仿真实验表明,本方案在保障密钥安全的前提下,有效地减少了密钥协商过程中的通信能量消耗,非常适合资源有限的大规模无线传感器网络。     

A novel network mobility handoff scheme using SIP and SCTP for multimedia applications

In a heterogeneous wireless environment, seamless mobility is the basis of network support with which mobile users who roam between or among various wireless access networks are able to fully enjoy uninterrupted wireless services. When users are in a mass transportation vehicle, e.g., a bus or a train that provides network service, the vehicle can be regarded as a network which is serving users as it moves from one location to another. The movement of a network is called network mobility (NEMO). The network mobility protocol based on Mobile IPv6 as proposed by the Internet Engineering Task Force (IETF) in 2005 has some fundamental drawbacks, such as header overhead and the pinball problem. In this paper, we propose a novel hybrid method for network mobility called Hybrid-NEMO, which provides a soft handoff scheme at the transport layer basically utilizing SIP and SCTP protocols to ensure a lossless packet-transmission environment and less handoff-delay variation, which are critical in providing QoS voice and multimedia applications. Experimental validation and performance evaluation were also conducted in this study.     

针对大规模无线多跳网络的鱼眼机会路由协议

考虑到无线网络中广播特性、丢包特性、节点移动等对网络性能的影响,提出一种针对大规模无线多跳网络的鱼眼机会路由协议。在机会路由的基础上加入鱼眼技术,减少链路状态更新信息。在鱼眼路由表中加入链路传输概率,得到转发列表,并且简化机会路由协议的报文头结构,从而实现高效的数据传输。NS2仿真结果表明,该协议能降低网络端到端延时,提高网络吞吐量。     

Autonomous and adaptive resource allocation among multiple nodes and multiple applications in heterogeneous wireless networks

In the forthcoming future, various means of wireless communication, such as cellular, Wi-Fi, WiMAX, and DSRC, will be available to mobile users and applications. With the development of wireless communication and mobile devices, more and more users and applications will be accommodated in mobile environment. Since mobile users and applications compete for the limited wireless resources whose communication quality dynamically change, we need an adaptive mechanism for mobile users and applications to share the available network resources while satisfying each application?s QoS requirements. In this paper, we propose an adaptive resource allocation mechanism where each node autonomously determines wireless network resources to assign to each of networked applications running on it. For this purpose, we adopt an attractor composition model, which is based on an autonomous and adaptive behavior of biological systems. Through numerical analysis, we confirmed that our mechanism could adaptively and stably allocate wireless network resources to applications, while considering their QoS requirements and fairly sharing network resources with other nodes. It also is shown that our mechanism superiors to a mechanism where a node determines resource allocation by solving an optimization problem.     

实用无线移动NCS时间同步机制研究

随着网络技术和无线移动通信技术日趋成熟,无线移动网络在控制系统中的应用也成为研究热点。无线移动NCS是一个崭新的研究领域,由于传输介质是无线移动通信网络,节点之间的数据通信的时间问题(如时间同步和时延等)是控制系统实现和运行稳定的主要影响因素。针对无线移动NCS的特点,作者在重点归纳现有的各种时间同步机制和算法的基础上,利用对时间同步协议和GPS机制以及mini-sync与tiny-sync算法等的研究,提出了适合无线移动NCS的传感器-控制器、控制器-执行器以及多输入多输出节点的数据传输同步机制,包括多传感器和多执行器操作的同步操作等。不同需求环境下的各种同步机制的建模分析和优化设计,为无线移动NCS的时间同步机制设计和分析提供了理论依据。     

地址转换机制在无线网络中的应用

移动通信节点要做到永远在线(alwaysonline),需要大量的IP地址。IPv4向IPv6的过渡需要一定的时间,作为连接两代IP协议桥梁,地址的转换机制需要适应过渡时期网络的任何情况;而现今的转换机制都没能做到这一点。文中基于无线通信的原理,提出了一种IP过渡时期通用的地址转换机制,并应用于无线网络。     

SELF-ORGANIZING CONTEXTUALIZED MOBILE WORKFORCE MANAGEMENT WITH COLLABORATIVE ART LEARNING

With the development in wireless technology and the sophistication in wireless devices, enterprising mobile workforces have grown in recent years. Mobile workforces do not work at a fixed area in a company and they have to visit customers or sell their products in public areas. Therefore, it is important for these enterprises to properly allocate their mobile workforces and leverage their collaborative cooperation. In this paper, we present a novel mechanism, named the collaborative ART learning (CART), which drives social-awareness collaboration between mobile workforces in a public area (e.g., an exhibition center). Because of the characteristics of a pubic working space, this method is situated in a wireless P2P network environment. The mobile workforce peers self-organize dynamically into appropriate collaborative work groups to accomplish tasks on demand. With CART, each peer of a task group receives adjustments of recognized capability levels after the task assigned is completed. CART learns the way to organize fitting collaborative work groups through cycles of problem solving and work force status adapting, leading to continued satisfactory collaborative performance.     

Opportunistic sharing scheme for spectrum allocation in wireless virtualization

The past few decades have witnessed an increasing growth in mobile and wireless network, leading to a corresponding fast growth in mobile demands. However, the proliferating mobile demands compel wireless network to face several challenges, such as the conflict between spectrum crisis and low resource utilization ratio, and the poor quality of service and quality of experience. Wireless virtualization, enabling multiple concurrent virtual networks running on shared wireless substrate resource, has been proposed as a promising way to overcome the plights of the current mobile and wireless network. How to efficiently allocate the resource, especially the spectrum resource, of physical network to multiple virtual networks is one fundamental and important challenge in wireless virtualization. This paper rethinks the characteristics of virtual networks’ requirements, and then divides the requirement into a baseline part and a fluctuant part. Based on it, this paper introduces an opportunistic spectrum sharing approach, through which we formulate the spectrum resource allocation problem as an NP-Hard problem. Then, we propose our opportunistic spectrum resource allocation scheme for the wireless virtualization. Simulations validate the performance advantages of our approach and show that opportunistic spectrum sharing significantly improves the revenue, resource utilization and acceptance ratio of physical wireless network while decreasing the payments of virtual networks.     

基于聚合度的无线传感器网络自维护分簇算法

针对无线传感器网络最大连通度生成簇算法建立的簇之间存在重叠度较高的现象,且没有考虑网络能量均衡对网络寿命会产生不良影响的问题,提出了基于聚合度的自维护分簇算法.算法综合节点的聚合度和节点能量选取簇头,并通过簇头节点的迁移来降低网络簇结构的重叠性,同时综合聚合度、能量和相似度选取替补簇头,实现网络的自维护.算法达到降低簇之间的重叠度,均衡网络能量,延长网络寿命的目的.仿真结果验证了算法的有效性.