节点证书与身份相结合的HMIPv6 网络接入认证机制

接入认证是层次型移动IPv6(HMIPv6)网络安全的基本需求.构建了适于HMIPv6的分层认证框架,设计了一种节点证书与身份相结合的签名方案,并以此为基础提出了HMIPv6网络双向接入认证机制.该机制利用基于身份密码技术简化了公钥基础设施的复杂密钥管理过程；以节点证书为接入认证的主要依据,消除了接入网络与家乡网络间的消息交互；采用提出的层次化签名方案,实现了用户与接入网络的双向认证.机制经过简单扩展,能够支持多层HMIPv6网络的接入认证.性能与安全性分析表明,与传统的及其他基于身份的认证方案比较,所提出的机制拥有更高的认证效率和安全性.

Access Authentication for HMIPv6 with Node Certificate and Identity-Based Hybrid Scheme

Access authentication is the basic security requirement of hierarchical mobile IPv6(HMIPv6) network.A mutual access authentication scheme is proposed in this paper based on hierarchical authentication framework as well as node certificate and identity-based hybrid approach.The scheme adopts identity-based cryptography to simplify the cumbersome key management of PKI.Node certificate is introduced to authenticate entity,which eliminates message interactions between home network and access network.A mutual authentication protocol is achieved using proposed hierarchical signature mechanism.The protocol can also be extended to support access authentication in multi-level HMIPv6 network.Performance and security analysis demonstrates that the proposed scheme outperforms other identity-based proposals in terms of efficiency and security.