A novel re-authentication scheme based on tickets in wireless local area networks

Fast re-authentication schemes during handover of a mobile station are essential to seamless services for real-time multimedia applications in wireless local area networks. Although much research has been done to reduce re-authentication latency, the schemes developed so far either suffer from heavy burden problems or degrade the security level. In this paper, a novel ticket-based approach is proposed for re-authentication during handover. The mobile station receives handover tickets from the authentication server as a proof of authorization, and it presents the corresponding ticket when associating with a new access point. Our scheme reduces re-authentication delay to the delay of 2-way handshake between a mobile station and an access point. Furthermore, this scheme imposes less burden over the entities compared with other proactive key pre-distribution schemes, while satisfying 802.11i security requirements.     

Design,implementation and experimental evaluation of an end-to-end vertical handover scheme on NCTUns simulator

This paper presents the simulation study of “Host based autonomous Mobile Address Translation” using NCTUns simulator. It is a network layer, end-to-end vertical handover solution, based upon modification of “Mobile IP with address Translation”. Vertical handover approaches generally require new network elements, a new layer in TCP/IP stack, or fixing a protocol at a particular layer. To enhance handover experience, recent approaches focus on reducing signalling, localizing the registration, creating hierarchies, using proxy, preparing handover in advance, predicting target network, or exploiting multicasting and path extension techniques. These approaches, however, demand change in the network infrastructure to support mobility and limit the scope of mobility. Despite end-to-end signalling, the Host based autonomous Mobile Address Translation scheme ensures minimum service disruption and distinctly allows global mobility of the mobile node without requiring any modification in the network. We have simulated the mobility of a multi-interface mobile node in a heterogeneous network environment composed of WiFi (IEEE802.11a, IEEE802.11b) and WiMAX (IEEE802.16e) access networks. Performance of the scheme is evaluated taking into account wide range of end-to-end delays between mobile node and the correspondent node, various speeds of the mobile node and different packet loss rates of the network. Based on our detailed simulation study, it has been observed that this scheme offers reduced service disruption time, packet loss and packet latency. The service disruption time is found to be significantly low (typically in the range of 10 ms) compared to that of Mobile IP (which is in the order of 100 ms); this makes this new scheme perfectly suitable for real time applications. Low service disruption time consequently reduces the packet loss by manyfold and the packet latency remains unaffected during and after handover due to translation of address at the source. The results suggest that this protocol is a viable vertical handover solution due to its simplicity, scalability, low overhead and ready deployability.     

基于预测与优先级缓存的MIPv6切换算法

为了提升移动IPv6的切换性能,保证实时性要求高的音频、视频等业务的服务质量,针对去除DAD过程的RDMIPv6方案未考虑在传输速率相对较慢的无线信道中,移动节点向NAR本地注册所产生的时延以及切换过程中引入的丢包问题,提出一种优化方案PCRD-MIPv6。PCRD-MIPv6方案结合基于L2触发的切换预测和数据包优先级缓存机制,在L2切换完成之前向移动节点MN维护的接入路由器缓存列表T_AR中的所有AR发送MOA实现本地注册,与此同时,将切换过程中的数据包按优先级缓存在PAR中,在切换完成后发往移动节点,从而减少切换过程中的丢包率。NS-2仿真结果表明,PCRD-MIPv6方案有效地减少了切换时延,降低了切换过程中的丢包率。     

A novel terminal-controlled handover scheme in heterogeneous wireless networks

In the next generation heterogeneous wireless networks, a mobile terminal (MT) with a multi-interface may have network access from different service providers using various technologies. In spite of this heterogeneity, seamless intersystem mobility is a mandatory requirement. One of the major challenges for seamless mobility is the creation of a vertical handover scheme, which is for users that move between different types of networks. In this article a seamless mobility handover scheme is presented. The novelty of the proposed scheme is that handover is fully controlled by the terminal. To improve the performance of the proposed handover scheme, a network discovery algorithm with fuzzy logic and a handover decision algorithm using multi criteria decision making (MCDM) based on vague sets are derived, which are both user-centric. With these algorithms, the handover scheme is power-saving, cost-aware, and performance-aware. Simulation results show that the novel handover scheme can perform network discovery in time to reduce handover dropping rate and present unnecessary activation of its interface to save the battery power, while effectively choose the optimum network through making trade-off among the user preference, network condition, and system performance.     

LTE-A系统中FSHO切换的优化方案

无线资源管理是LTE-A学习的重要部分, FSHO是LTE-A的一种重要切换算法, FSHO服务分为VoIP服务和非VoIP服务,非VoIP服务始终只有一个基站为移动终端服务, FSHO的VoIP服务是通过源基站和目标基站共同服务。相对于LTE-A的硬切换, FSHO增加了切换时延,使得切换中断概率比较高。提出了基于多载波切换的优化FSHO方案,主要在VoIP服务过程中加入了多载波切换的方法。原理分析和仿真结果表明,优化的FSHO算法不仅降低了切换中断的概率,而且提高了VoIP服务的质量。     

一种基于标地分离的卫星网络移动切换管理技术

移动卫星网络因具有覆盖区域广、通信延时低等优势受到广泛关注,当前有大量研究旨在开发IP协议的组网技术,并将其与地面IP网络融合。融合网络的挑战之一,即为卫星移动性,用户在卫星网络中的接入点频繁切换导致移动管理问题,而现有的移动IP技术不能高效支持卫星网络移动切换。为了高效支持移动切换,在卫星网络中应用标地分离思想,在标地分离的架构下研究切换管理问题;用映射服务系统对终端进行位置管理,在移动切换中由新接入卫星网关和终端的标志为主要信息在原卫星中形成通告转发表。仿真结果表明,相对移动IP技术,该方法有明显优势。将其应用于卫星网络时可以降低切换延时,减少大量的绑定更新开销或是次优路由,提升系统的性能和可扩展性。     

基于口令的无线局域网安全管理协议

首先简要分析了基于802．11的无线局域网的安全性，其次简要介绍了基于802．1x的无线局域网的特点，重点提出了一个适合小系统使用的基于口令的无线局域网安全管理协议的设计方案。该方案能够实现移动用户和访问点之间的相互认证及为通信双方动态安全地分发会话密钥，同时便于系统用户的管理。     

卫星移动通信网络切换算法的研究

低轨卫星移动通信网络在实现全球移动通信方面具有很大优势.切换方案对于控制低轨卫星网络通信时延,提高卫星网络服务质量和链路带宽资源利用率具有重要意义.深入分析了星地链路切换和重计算路由问题,提出了一种低轨移动通信卫星链路切换算法.仿真实验表明,提出的卫星链路切换算法有较小的端到端时延、较好的稳定性和可定制性.     

下一代高速铁路异构网络切换安全认证

近年来,随着高速铁路无线通信技术的快速发展, GSM-R无线通信系统将逐步向LTE-R系统演进。在此演进过程中存在GSM-R和LTE-R长期共存的局面,如何实现高速铁路无线通信异构网络之间的快速切换和安全认证成为铁路无线通信研究的热点问题。针对高速铁路无线通信异构网络切换认证过程中,存在安全性低和认证开销高等问题,提出了一种适用于下一代高速铁路异构网络的轻量级切换安全认证方案。首先,采用哈希函数等操作生成切换请求Token和异构网络切换认证码PASS,实现了用户身份匿名性和可追溯性等安全要求,并且高速列车无需多次注册就可实现异构网络间的无缝切换。其次,设计了基于椭圆曲线密钥交换的轻量级切换算法,完成了高速列车与目标基站的相互认证和密钥协商,降低了计算开销和通信开销,实现了会话协商密钥的前后向安全性。最后,采用形式化方式BAN逻辑进行了安全性验证,并使用朔黄铁路LTE-R线路实测数据进一步对本文所提方案的有效性进行了验证,分析得出所提方案能够满足可追溯性、匿名性、抗伪装用户攻击、抗中间人攻击和抗重放攻击等安全特性。性能分析表明,本文方案在通信开销和计算开销方面较比较方法性能更优,能够满足...     

一种改进的移动节点快速切换算法研究与仿真

基于MPLS的移动IPv6网络中每次移动节点发生切换时都需要重建标签交换路径,影响了切换时延和造成了数据丢包.需要重用部分路径使切换时延、信令流量和数据丢包达到最少,提出了一种交叉路由器算法,通过对标签信息库的修改,增加了移动节点地址和时间计数器两个字段,移动节点每次发生切换注册时通过查找修改后的标签信息库中移动节点地址的方法来确认交叉路由器.理论分析显示随着跳数的增加,时延性能越明显,仿真结果证明移动节点在信息注册时信令流量减少了20%.该方案实现了部分路径重用,改善了网络服务质量.     

Analysis of the effect of security on data and voice traffic in WLAN

This paper investigates the impact of security on the performance of WLAN. More specifically, it analyzes the impact of different encryption techniques used by two security protocols, namely Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) on the throughput and delay over WLAN IEEE 802.11g. Moreover, in this paper, we investigate the effect of encryption on the performance of wireless transmission during the handover process when a mobile device disassociates from one access point and re-associates with another one. In addition, this paper addresses the impact of the use of security in WLAN specifically on voice traffic namely the incurred transmission delay and jitter.     

MG-HMIP协议模型的实现及应用

由于无线局域网(WLAN)IEEE802.11协议不能解决移动节点的三层漫游问题,介绍了WLAN与移动IP结合的解决方案。由于上述方案存在切换延时长、不支持微移动性等缺陷,研究了分层移动IP技术,并对分层移动IP进行了改进,提出了一个多GFA分层移动IP(MG-HMIP)模型,并详细介绍了MG-HMIP模型的注册机制和MN选择GFA的机制。最后,给出了MG-HMIP与WLAN结合的模型。这个改进的方案不仅解决了WLAN与传统的MobileIP结合所存在的切换延时长、频繁切换等问题,而且增强了分层移动IP的网络健壮性。     

基于PMIPv6协议的QoS上下文转移方案

在IETF的NetLMM（Network-based Localized Mobility Management）工作组中,Proxy Mobile IPv6（PMIPv6）由于不需要移动节点对IP移动性的支持而引起人们的关注。基于PMIPv6框架,提出一种新的QoS上下文转移解决方案。它的优点是在移动节点执行切换的同时为实时应用提供服务质量保证。采用这种方法可以减少移动节点切换后重新发起信令建立QoS转发处理所带来的延时,减少了移动节点会话的QoS服务中断。理论分析和仿真实验表明,本方案可以显著降低实时业务切换时的延迟和开销,并且有较低的丢包率,实现了移动节点的平滑切换。     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

移动IPv6网络安全接入认证方案

对于移动IPv6网络,身份认证是网络安全的关键问题之一.针对移动IPv6网络的接入认证,提出了一种基于移动互联网双向认证方案.在移动切换过程中的接入认证和家乡注册,采用对家乡注册消息进行基于双私钥签名的方式,实现了家乡代理和移动节点分别对注册消息的签名,实现了接入认证与家乡注册的并发执行,移动用户和接入网络的一次交互实现了用户和接入域的有效双向认证.理论分析和数据结果表明,方案的认证总延时和切换延时要优于传统方法,有效地降低了系统认证的延时.安全性分析表明,框架中的基于双私钥的CPK方案满足双向接入认证安全,有效地解决了密钥托管问题.     

移动IPv6的切换优化方案

移动节点在两个子网之间移动时将产生切换,而基本的移动IPv6切换延迟太大,不能满足实时业务的要求,因此IETF提出了移动IPv6快速切换协议.本文对移动IPv6的切换原理和性能进行了分析,对目前快速移动IPv6和层次移动IPv6切换进行了比较,并提出快速层次移动IPv6的切换方案,减小移动IPv6的切换时延,提高网络性能.     

基于无线网络的编码加密算法研究

随着无线网络应用的增长,移动计算的安全性问题日益突出,已经成为现代网络安全研究中一个极其重要的领域。近年来,加密机制在无线网络环境下已经取得了不少进展,包括WEP(802.11)和TKIP(802.1x)协议,但同时也暴露出不少安全隐患。本文设计了一种全新的编码加密算法,力图克服上述协议的一些缺陷。     

Experimentation and performance analysis of multi-interfaced mobile router scheme

Network mobility (NEMO) aims providing seamless Internet connectivity of the whole mobile network that consists of mobile routers (MRs) and mobile network nodes (MNNs). The network moves around along with vehicles as a whole. According to NEMO basic support protocol (NEMO BSP), only one primary care of address (CoA) of MR can be registered with home agent, which will affect the handover performance. As an extension of NEMO BSP, multiple care of addresses (MCoA) registration scheme was proposed as Internet-draft and has received extensive researches.This paper studies the Internet connectivity of mobile router (MR) on the basis stated above; MR is equipped with WLAN, CDMA and GPRS interfaces simultaneously. Concretely, a smooth handover algorithm is proposed and experimented on our platform successfully; round trip time (RTT) of each link and the handover process between different interfaces are analyzed, respectively. Furthermore, the service disruption time and packet loss ratio performances are also compared between uni-interfaced MR scheme of NEMO BSP and scheme proposed in this paper, and the results indicate that multi-interfaced scheme not only supports large area movement across heterogeneous networks of MR, it also provides a seamless handover with no packet loss and little service disruption time.