A novel enhanced authentication scheme supporting forwarding mode in heterogeneous hierarchical mobile IPv6 networks

This paper makes its focus on how to reduce the longer delay and extra cost arising from the combination of authentication, authority and accounting (AAA) and hierarchical mobile Internet protocol version 6 (IPv6) further. Firstly, a novel enhanced authentication scheme (E-AAA) is proposed, which supports fast handover mode and forwarding mode between different mobility anchor points (MAPs). Secondly, a cost analysis model is established based on E-AAA. From the theoretical analysis, it could be noted that the cost is affected by average arrival rate and residence time. Finally, the performance comparison demonstrates that the total cost of using E-AAA is much lower than that of the traditional solution, the longer the distance between Root AAA Server (RAAAS) and its home domain is, the more obvious the efficiency shows.     

基于AAA认证的仓储移动网络安全关联转移方案

提出基于AAA认证的移动网络(NEMO)安全预接入通告方案,由无线传感器定位信息预判切换,触发安全关联等上下文转移,并告知对端节点或对端服务器的数据处理中心,提前实现安全验证。用?演算建模以保证与现有NEMO安全机制兼容。理论分析知其减少的不当路由开销可达一半,模拟显示延时和资源占用大为降低。     

Latency Low Handover Mechanism Considering Data Traffic Lost Preventing for Proxy Mobile IPv6 Over WLAN

Typical PMIPv6 supports mobility management for the Mobile Host (MH) in localized domains over variant Wireless Local Area Network technologies. The typical PMIPv6 adopted in reactive mode in which break-before-make technique may concern, which results in long disruption latency and inevitable data traffic loss that negatively affects MH’s communication performance. This article proposes a proactive latency low handover mechanism, which corresponds to make-before-break technique in order to support MH’s seamless and fast roaming in PMIPv6 network. The proposed mechanism proactively performs a pre-registration and pre-access authentication processes tightly together intended for the MH in advance of a handover situation involved in typical PMIPv6, thereby enabling the MH to re-configure its interface more quickly after a handover. Consequently, the associated mobility-related signallings along with their latencies are reduced significantly and the continuity of the MH communication session is granted. Furthermore, an efficient buffering technique with optimized functions is introduced at the MH’s anchor mobility entity to prevent data traffic loss and save their transmission cost. Through various simulation evaluations via ns-2, we study and analyse different mobility aspects, such as handover latency, data traffic loss, throughput, end-to-end traffic delay, traffic transmission cost and signalling cost, with respect to different traffic sources like CBR-UDP and FTP-TCP. Several experiments were conducted, revealing numerous results that verify the proposed mechanisms’ superior performance over existing scheme.     

GHAP: An Efficient Group-based Handover Authentication Mechanism for IEEE 802.16m Networks

IEEE 802.16m is now under consideration by the International Telecommunication Union (ITU) to become the International Mobile Telecommunications (IMT)-Advanced standard. However, handover authentication is a critical issue in this area. In this paper, we propose an efficient group-based handover authentication mechanism, named as GHAP, for correlated mobile stations (MSs) in IEEE 802.16m networks. In our scheme, the correlated MSs who have the similar Signal to Interference-plus-Noise Ratio and history handover information etc. are divided into the same handover group. When the first MS of the handover group members moves from the service base station (BS) to a target BS, the service BS transmits all the handover group members’ security context to the target BS utilizing the security context transfer (SCT) method and then all these MSs in the same handover group can easily perform the handover authentication with the target BS. Different from the conventional SCT schemes, our scheme uses the MSs’ security context as a symmetric key of Cipher-based message authentication code (CMAC) but not the key material of deriving new session key. Therefore, the proposed scheme can effectively resist the domino effect existing in the previous SCT schemes. Moreover, security analysis shows that the proposed scheme also meets the other security requirements in handover authentication semantics. Furthermore, performance analysis demonstrates that the proposed scheme is very efficient in reducing average handover latency.     

An Integrated Handover Authentication for FMIPv6 Over Heterogeneous Access Link Technologies

This paper proposes an integrated handover authentication for NGN equipped with FMIPv6-based IP mobility over various kinds of access links. In ITU-T, an integrated authentication model has been introduced to support network attachment with mobility in NGN. Since existing studies for handover authentication have focused on the link layer or network layer respectively, there are additional authentication overhead such as duplicated authentication procedures and authentication messages delivery cost. The proposed integrated handover authentication contributes to reducing complexity of the authentication procedure and to enhancing the efficiency of it by means of the combined key management architecture; a mobile node generates a handover key to transfer it to the next access router through the AAA server, and hierarchical key management scheme addresses the locality of movement to authenticate the mobile node at the link layer. The evaluation of the handover authentication costs shows that it reduces the average number of handover authentication events and the authentication message delivery cost during moves in mobile networks. Also, the security aspects of the proposed scheme are discussed.     

An efficient EAP‐based proxy signature handover authentication scheme for WRANs over TV white space

The wireless regional area networks (WRANs) operates in the very high frequency and ultra high frequency television white space bands regulated by the IEEE 802.22 standard. The IEEE 802.22 standard supports Extensible Authentication Protocol (EAP)‐based authentication scheme. Due to the participation of a server and the information exchanged between a customer primes equipment and the secondary user base station, it takes around 50 ms to complete a complete EAP authentication that cannot be accepted in a handover procedure in WRANs. In this paper, we propose an EAP‐based proxy signature (EPS) handover authentication scheme for WRANs. The customer primes equipment and secondary user base station accomplish a handover authentication without entailing the server by using the proxy signature. Approved by the logic derivation by Burrows, Abadi, and Needham logic and formal verification by Automated Validation of Internet Security Protocols and Applications, we can conclude that the proposed EPS scheme can obtain mutual authentication and hold the key secrecy with a strong antiattack ability. Additionally, the performance of the EPS scheme in terms of the authentication delay has been investigated by simulation experiments with the results showing that the EPS scheme is much more efficient in terms of low computation delay and less communication resources required than the security scheme regulated in IEEE 802.22 standard.     

基于特征投影的移动IPv6快速切换方法

研究了移动IPv6协议中的越区切换问题,提出了一种基于特征投影的移动IPv6快速切换方法。该方法通过构造先验切换经验与小区覆盖范围的映射关系来协助移动接入网关对切换目的地进行预测。仿真结果表明,文中方法能够获得比FPMIPv6更小的切换延迟,并具有较好的鲁棒性。     

A New Enhanced Fast Handover Algorithm in Hierarchical Mobile IPv6 Network

1　Introduction　MobileIPv6requirestheMobileNode (MN)toregisterwiththeHomeAgent (HA)andtheCorre spondentNode (CN)whenitchangesitspointofattachmentintheInternet[1～ 3] .Therefore ,thiscauseMobileIPv6toincurlongdelayintheregis tration process,andaddsignalingtraffictothebackbonenetworkespeciallywhentheHAandCNarefarawayfromtheMN .Inordertominimizethisdelay ,andthesignalingoverhead presentinMobileIPv6,literatures[4～7] proposeHierarchicalMobileIPv6(HMIPv6)architectureandafasthan dover…     

移动IPv6切换时延优化新方法

移动IPv6中,移动节点(MN)在不同子网间移动时,既不中断与通信对端(CN)的通信,也不用改变其本身的IP地址.但是当MN与其家乡代理(HA)之间相距较远时,移动IPv6切换时延较大,对于实时性要求较高的业务无法适用.本文分析比较了目前移动IPv6常用的切换时延优化方法,提出了一种自适应快速层次移动IPv6切换时延优化方法,减小了移动IPv6切换时延,提高了网络的性能.     

基于网络预测的改进型PMIPv6快速切换方法

针对PMIPv6协议切换效率较低的问题,该文提出了一种基于网络预测的改进型PMIPv6快速切换方法。该方法在不变更切换决策主体的前提下,通过学习先验切换经验,利用距离加权最近邻算法来预测移动节点的切换目的地;同时采用软转发机制来保护在切换过程中到达移动节点的数据分组。仿真结果表明,改进方法产生的切换延迟和分组丢失数量明显少于PMIPv6。     

A Fast Authentication Scheme for WiMAX–WLAN Vertical Handover

In view that authentication has made a significant determinant in handover delay, this paper presents a fast authentication mechanism for mobile stations roaming within a WiMAX–WLAN interconnected environment. Incorporating a key reuse design that prevents repeated transactions at a remote server, our mechanism distributes security contexts ahead of handover to a local trusted key holder which manages several sites. A target site, upon receiving a mobile station, retrieves the contexts locally for authentication purpose and thus completes handover efficiently. While employing a target prediction algorithm as an option, our mechanism distributes the contexts to target candidates as dictated, which further improves handover performance if target prediction hits and maintains its advantage even in a miss. In addition, the handover optimization design specified in WiMAX is extended to support WiFi-to-WiMAX handovers. We reason that the proposed mechanism does not compromise the system in any sense as well. Analytical and simulation results show that, despite key pre-distribution misses, our mechanism leads to marked improvement over counterpart schemes in terms of handover delay and packet loss, meeting delay-sensitive application requirements.     

Improving Mobile IPv6 handover and authentication in wireless network with E‐HCF

Mobile IP allows a mobile node to maintain a continuous connectivity to the Internet when moving from one access point to another. However, due to the link switching delay and to Mobile IP handover operations, packets designated to mobile nodes can be delayed or lost during the handover period. Moreover, every time a new attach point is confirmed, the mobile node, its home agent and its corresponding node must be authenticated mutually. This paper presents a new control function called Extended Handover Control Function (E‐HCF) in order to improve handover performance and authentication in the context of Mobile IPv6 over wireless networks. With an analytical model and some OPNET simulations, we show in this paper that our solution allows provision of low latency, low packet loss and mutual authentication to the standard handover of Mobile IPv6. Copyright © 2009 John Wiley & Sons, Ltd.     

Achieving Faster Handovers in Mobile WiMAX Networks

WiMAX is a wireless metropolitan area network (WMAN) specified by IEEE 802.16. It provides the broadband wireless access for mobile devices. In such a system, to enable the mobility, the handover is supported to maintain the connectivity of the mobile station (MS) when it moves from the coverage of the serving base station (BS) to the coverage of a neighbor BS. In the handover process, scanning is required to find a suitable target BS, and network re-entry is needed to establish the new connection. However, in the standard handover process, a long latency to data transmissions is caused resulting in the serious interruption to ongoing services. In this paper, an improved handover scheme is proposed to reduce the latency introduced in the handover process by shortening the scanning and enhancing the network re-entry. The proposed scanning strategy reduces the latency by reducing the number of neighbor BSs to be scanned through estimating the rough location of the MS. The enhanced network re-entry reduces the delay by updating transport connection identifiers (CIDs) early to allow the fast resumption of active applications. Simulations were conducted to evaluate the performance of the proposed handover scheme. The results show that the proposed handover scheme reduces the data transmission latency during handover significantly.     

LR-AKE-Based AAA for Network Mobility (NEMO) Over Wireless Links

Network mobility introduces far more complexity than host mobility. Therefore, host mobility protocols such as Mobile IPv6 (MIPv6) need to be extended to support this new type of mobility. To address the extensions needed for network mobility, the IETF NEMO working group has recently standardized the network mobility basic support protocol in RFC 3963. However, in this RFC, it is not mentioned how authentication authorization and accounting (AAA) issues are handled in NEMO environment. Also, the use of IPsec to secure NEMO procedures does not provide robustness against leakage of stored secrets. To address this security issue and to achieve AAA with mobility, we propose new handover procedures to be performed by mobile routers and by visiting mobile nodes. This new handover procedure is based on leakage resilient-authenticated key establishment (LR-AKE) protocol. Using analytical models, we evaluate the proposed handover procedure in terms of handover delay which affects the session continuity. Our performance evaluation is based on transmission, queueing and encryption delays over wireless links.     

A middleware architecture supporting seamless and secure multimedia services across an intertechnology radio access network - seamless content delivery in the future mobile internet

This article presents a middleware architecture to support multimedia services across intertechnology radio access networks in a secure and seamless manner. The proposed architecture uses the media-independent handover framework, where the handover decision function is based on triggering/collecting statistics from the physical, network, and application layers so that an ongoing multimedia session (video) can be transferred seamlessly and securely (using context transfer) across intertechnology radio access networks. Simulation results show that when a vertical handover is based on the proposed MIH framework (including the context transfer of AAA information), handover latency is reduced by 38 percent during WiFi to UMTS handover and 20 percent during UMTS to WiFi handover compared to a non-MIH-based handover scheme.     

Privacy‐preserving registration protocol for mobile network

In this paper, we propose a novel privacy‐preserving registration protocol that combines the verifier local revocation group signature with mobile IP. The protocol could achieve strong security guarantee, such as user anonymity via a robust temporary identity, local user revocation with untraceability support, and secure key establishment against home server and eavesdroppers. Various kinds of adversary attacks can be prevented by the proposed protocol, especially that deposit‐case attack does not work here. Meanwhile, a concurrent mechanism and a dynamical revocation method are designed to minimize the handover authentication delay and the home registration signals. The theoretical analysis and simulation results show that the proposed scheme could provide high security level besides lightweight computational cost and efficient communication performance. For instance, compared with Yang's scheme, the proposed protocol could decrease the falling speed of handover authentication delay up to about 40% with privacy being preserved. Copyright © 2012 John Wiley & Sons, Ltd.     

Authentications and Key Management in 3G-WLAN Interworking

The successful deployment of WLAN for high speed data transmission and 3G cellular systems for wide coverage and global roaming has emerged to be a complementary platform for wireless data communications. But security in the 3G-WLAN interworking, especially the efficient authentication and valid key management, has been remaining a challenging issue. What’s more, some emerging security challenges are neglected by 3GPP specifications as well as the previous studies. This paper first analyzes and evaluates the current contributions in this field, and then puts forward some design issues. Thereafter, by modifying the EAP-AKA keying framework we propose an improved authentication scheme which enables a WLAN user to efficiently access packet switch services through the 3G networks. What’s more, through the new keying framework the user can efficiently realize the future re-authentications and handover authentications. The proposed authentication scheme, the corresponding re-authentications and handover authentications are simulated, and results indicate that our scheme can reduce authentication latency significantly.     

A lightweight identity authentication protocol for vehicular networks

In vehicular ad-hoc networks (VANETs), vehicles perform a handover procedure in order to connect to the next RSU. In general, the handover procedure comprises two stages, namely searching for an appropriate road side unit (RSU) to connect to and performing an authentication procedure with the selected RSU. Since the vehicles in a VANET typically have a high mobility, frequent handover operations are required, and thus the transmission delay is inevitably increased. Accordingly, this paper proposes an authentication method designated as LIAP (Lightweight Identity Authentication Protocol) to reduce the handover authentication delay. LIAP employs a DSSP (Dynamic Session Secret Process) method to improve the speed and computational efficiency of the authentication process whilst simultaneously concealing the sensitive information of the vehicle. The security analysis results and performance evaluations show that LIAP not only provides an efficient and confidential authentication capability, but also preserves the robustness of the VANET toward malicious attacks.     

A scalable network-based mobility management framework in heterogeneous IP-based networks

This paper proposes a mobility management scheme to provide a mobile node with high-quality handovers among heterogeneous wireless access networks. The proposed scheme employs a signaling architecture to support fast and reliable delivery of control messages by separating a control plane from a data transport plane in the core network. The proposed scheme is based on the network-based mobility management framework which requires the minimum modifications on terminal devices. With interaction between Layers 2 and 3, the proposed scheme accelerates the handover control procedures. It also enables a mobile subscriber to select a target network for a vertical handover with consideration of not only wireless signal strength but also user preference and quality-of-service status. The proposed scheme addresses the well-known problems of the Mobile IP-based approaches, triangular routing and bottleneck at the home agent, since it establishes a data tunnel for a mobile node along the shortest path between two different access networks. The simulation and experimental results indicate that our scheme provisions more efficient performance than the existing approaches in terms of handover latency, data packet loss, data delivery latency and load balancing.     

面向移动IPv6层次化网络的快速接入认证方案

提出了一个面向移动IPv6层次化网络的快速接入认证方案,从效率和安全性2个方面提高移动IPv6层次化网络接入认证的性能。首先,利用向量网络地址编码方法实现网络数据传输,提高家乡注册性能;其次,提出一种基于格的层次化签名方案,在接入认证过程中实现双向认证,提高认证过程的安全性。方案分析表明,所提出的接入认证方案具有强不可伪造性并可以抵御网络中的重放攻击,同时可以减少整个接入认证过程的延迟时间。