基于无证书公钥密码体制的密钥管理

移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势。然而,移动通信网络链路的开放性、网络拓扑结构的动态性、移动资源的有限性等特点使其容易遭受更严重的安全威胁。针对在移动IPv6环境下,采用无证书的公钥密码体制,部署和实现移动IPv6网络的密钥管理问题。提出了一种新的接入注册解决方案,该方案可以解决具有高敏感性要求移动网络的安全保护问题。     

基于移动IPv6环境中的安全威胁类型研究

移动IPv6实现了完整的IP层的移动性、扩展性,能真正实现全球范围内的移动IPv6网络,因而成为IP技术最重要的研究内容.文中介绍了移动IPV6的协议的系统组成和运行机制,分析移动IPv6所面临的安全威胁,并根据黑客发起攻击时的网络位置,归纳并分类由于移动性引入而带来的安全威胁,为分析验证机制的安全性提供参考模板.     

Designing the mobile IPv6 security protocol

Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the mobile’s home address and care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard toolkit for designing Internet mobility protocols, some details of the reasoning have not been previously documented.     

Inter-domain security for mobile IPv6

Mobile IPv6 is only adapted to the mobile’s movements within its own administrative domain. As Mobile IPv6 is expected to be the basis for beyond 3G networks, a solution for inter-domain security is required allowing the visited domain to authenticate any mobile to grant it access. As such, new concepts known as AAA for Authentication, Authorization, Accounting were defined by the IETF. The IETF is currently defining the Diametr protocol to support those three functions in a Mobile IPv4 environment. Today’s difficulty is to adapt the Diameter protocol to Mobile IPv6. After introducing the Mobile IPv6, IPsec and Diameter protocols, this paper presents our solution (IETF draft of December 2001), and an IETF alternative for adapting Diameter to Mobile IPv6. It gives a comparison and describes our prototype.     

一种代理移动IPv6认证协议

代理移动IPv6为移动节点提供了基于网络的移动性管理方法,移动节点不参与管理移动性信令.为了在移动互联网络中应用代理移动IPv6协议,需要定义安全有效的认证协议.目前还没有见到关于代理移动IPv6认证协议方面的研究,本文提出了一种代理移动IPv6的认证协议,该认证协议可以提供接入认证功能,并可防止重放攻击和密钥暴露.为了分析该认证协议的性能,本文给出了认证费用和认证延迟分析的解析模型,分析了移动性和流量参数对认证费用和认证延迟的影响.研究结果表明提出的代理移动IPv6认证协议安全有效.     

基于无证书公钥的移动IP注册协议认证

移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势,它为未来的全IP移动通信系统提供了一个标准的全球移动性解决方案。针对移动IPv6技术的特点,将IPSec安全协议和无证书公钥体系（CL-PKC）两者结合起来,在分析无证书公钥的优缺点的基础上,提出了一种在移动IPv6环境下的注册协议认证与注册方案,并对该协议的性能进行了分析,以方便日后的改进。     

集成AAA的HMIPv6认证与注册方案

在下一代互联网中,需要使用AAA保证网络安全和网络资源合理使用,但是AAA与移动IPv6的结合,对切换性能及网络安全带来影响,而切换与安全是移动环境的关键问题。论文提出了新的解决方案,将HMIPv6与AAA结合,实现认证与注册过程的统一及本地认证,提高切换性能,并在注册与认证的过程中对消息进行加密,保证传输的安全。分析表明,本方案实现了AAA机制与移动管理机制安全高效的融合。     

浅析IPv6的安全机制对现有网络安全体系的影响

IPv6作为新版IP协议,不仅很好地解决了目前IP地址匮乏的问题,而且由于加密和认证机制的引入,使其在网络层的机密性、完整性方面有了更好的改进。因此,可以说IPv6实现了网络层安全。但这种安全不是绝对的,文中对IPv6的安全特性进行初步探讨,指出IPv6的广泛应用还有待进一步的深入研究。     

IPv6邻居发现协议的安全性分析

邻居发现协议(NeighborDiscoveryProtocol,NDP)作为IPv6协议的重要组成部分,取代了IPv4中的ARP协议、ICMP路由发现和ICMP重定向功能。文章分析了NDP存在的安全问题,尤其是伪造IP地址攻击,并在此基础上提出采用加密生成地址和签名技术等来解决这些安全威胁。     

移动IPv6绑定注册安全问题及解决方案

移动IPv6由于其移动性要求而引入了一系列新的安全问题。首先给出了移动IPv6的基本原理,接着介绍了移动IPv6的绑定操做过程和所面临的威胁,最后阐述了一种针对绑定更新安全问题的解决方案。     

A comparative performance analysis on Hierarchical Mobile IPv6 and Proxy Mobile IPv6

This paper presents comparative results on Hierarchical Mobile IPv6 and Proxy Mobile IPv6. The two mobility support protocols have similar hierarchical mobility management architectures but there are, however, clearly different perceptions: Hierarchical Mobile IPv6 has specific properties of a host-based mobility support protocol, whereas Proxy Mobile IPv6 is based on a network-based mobility support protocol. Thus, it is important to reveal their mobility characteristics and performance impact factors. In this paper, a cost based evaluation model is developed that evaluates the location update cost, the packet delivery cost, and the wireless power consumption cost based on the protocol operations used. Then, the numerical results are presented in where impacts of the various system parameters are evaluated. The results demonstrate that Proxy Mobile IPv6 always outperforms Hierarchical Mobile IPv6 due to its ability to avoid the mobility signaling sent by the mobile host, and its reduced tunneling overhead during communications with other nodes.     

对于移动IPV6中迂回路由机制的改进

对移动IPV6(MIPV6)的迂回路由机制及其安全性进行了分析,给出了该机制存在的一种中间人攻击方案,提出一种安全增强的迂回路由机制来抵御这种攻击。     

一种移动IPv6地址隐私性解决方法

论文主要介绍了移动IPv6的地址隐私性问题,提出了一种移动IPv6的简单隐私性扩展解决方法,这种方法可以很好地防止窃听者通过家乡地址追踪移动节点,增强了移动IPv6的通信安全性。     

电信IPv6网络安全保障体系研究

随着以IPv6为基础的下一代网络研究和建设的开展,电信IPv4向IPv6网络迁移的进程日益加快,IPv6网络安全问题随之提上日程。本文结合IPv6协议安全特性,分析了电信IPv6网络存在的安全风险,在此基础上探讨了电信IPv6网络安全保障体系的组成环节和要素,提出了电信IPv6网络安全保障体系建设策略。     

改进的移动IPv6协议分析

在IPv4基础上发展起来的移动IPv6，比移动IPv4有很多优势，功能更为强大,更安全，必将在未来的移动互联领域发挥更大作用。但是当移动节点频繁移动时．标准移动IPv6协议会在网络中产生大量的注册报文，造成较大的注册延时,降低网络性能，因此有必要加以改进。本文介绍了两种改进的移动IPv6协议，并进行了详细分析。     

IPv6协议引入的安全新问题浅析

IPv6协议虽然在某些方面增强了安全性,但同时也引入了新的安全风险,因此网络安全威胁在IPv6时代依旧存在。通过从IPv6地址、报文格式和相关协议等方面分析了IPv6可能带来的安全新问题,总结部分文献提出的防护措施,针对性的推荐了一些安全建议。     

IPv6的网络安全性

下一代网络互连协议(IPV6)已经开始投入使用。人们对新协议提出了许多期望,其中网络安全性是非常重要的一部分。目前的IPV6在网络安全方面能完全达到人们的要求吗?人们真的可以高枕无忧了么?文章从IPV6最基本的原理入手,介绍了IPV6在安全性方面的优势和不足。     

移动IPv6的安全性探讨

移动IP(Mobile IP)多应用于无线环境,除了要面对所有无线网络所固有的安全威胁外,还需要处理由移动性引入的新的安全问题,这必然导致移动IP相对于有线Internet显得更加脆弱。论文从移动IPv6的基本原理入手,分析移动IPv6存在的安全隐患及几种典型的攻击方法,并对其安全性进行了简单的探讨。     

Integrating Identity-Based Encryption in the Return Routability Protocol to Enhance Signal Security in Mobile IPv6

In Mobile IPv6 (MIPv6), the authentication procedure between nodes has recently been an active research area. Return Routability Protocol (RRP) is a mechanism used in MIPv6 to provide the nodes with some authentication and to secure binding update messages. A large number of studies have discussed the weaknesses of this mechanism and its enhancement. In the current paper, a new approach called Return Routability Identity-Based Encryption protocol is proposed for the enhancement of security and authentication in the predecessor RRP. Hence, the proposed protocol is simulated and verified using a Murphi model checker. Finally, the simulation results show that strong security and authentication between the nodes have been achieved, and the current attacks in Return Routability have been addressed.     

A Low Latency Handoff Algorithm for Voice over IP Traffics in the Next Generation Packet-Based Cellular Networks: Cellular Mobile IPv6

In the mobile communication environments, Mobile IP is defined to provide users roaming everywhere and transmit information freely. It integrates communication and network systems into Internet. The Mobile IPv6 concepts are similar to Mobile IP, and some new functions of IPv6 bring new features and schemes for mobility support. Two major problems in mobile environments are packet loss and handoff. To solve those problems, a mobile management scheme – the cellular mobile IPv6 (CMIv6) is proposed. Our approach isbased on the Internet Protocol version 6 and is compatible with the Mobile IPv6 standard. Besides, it also combines with the cellular technologies which is an inevitable architecture for the future Personal Communication Service system (PCS). In this paper, {Cellular Mobile IPv6 (CMIv6)}, a new solutionmigrated from Mobile IPv6, is proposed for mobile nodes moving among small wireless cells at high speed. This is important for future mobile communication trends. CMIv6 can solve the problems of communication break off within smaller cellular coverage during high-speed movement when packet-switched data or the real-time voice messages are transmitted. Voice over IP (VoIP) packets were chosen to verify this system. The G.723.1 Codec scheme was selected because it has better jitter resistance than GSM and G729 in a packet-based cellular network. Simulation results using OPNET show smooth and non-breaking handoffs during high-speed movement.