移动IPv6网络基于身份的层次化接入认证机制

设计了一种基于身份的层次化签名方案,并在该方案基础上提出了一种适用于移动IPv6网络环境的层次化接入认证方法.该方法使用分级NAI(Network Access Identifier)作为公钥,简化了无线移动环境中的密钥管理;利用层次化思想对接入认证和移动注册进行层次化管理,减少了切换认证处理流程;基于签名机制实现了用户与接入网络的双向认证.作者用设计的切换延时分析模型,对该方法和几种传统方法进行了比较,证明当移动节点远离家乡域及在一定范围内频繁微移动时,该方法比传统方法的效率更高.通过安全性分析证明了该方法在一定程度上实现了私钥的保密性、签名的不可伪造性等功能.最后还讨论了该方法的一种可扩展变形,用于实现多级层次化移动IPv6框架下的接入认证.

Identity-Based Hierarchical Access Authentication in Mobile IPv6 Network

Access authentication is very important to deploy mobile IPv6 networks.This paper proposes a hierarchical access authentication method for mobile IPv6 network,which is based on a hierarchical identity based signature scheme.This method adopts multilevel NAI(Network Access Identifier)as public key to simplify key management in wireless mobile environment,utilizes hierarchical authentication and mobile registration to decrease handover authentication process and implements mutual authentication between terminal and access network based on signature scheme.A handover latency analytical model is proposed to show that the proposed scheme is more efficient than others,especially in the conditions that terminal is further from home domain and moves frequently.Security analysis shows that the proposed scheme is sufficient for private-key privacy,signature unforgeability and so on.At last a scalability version is discussed,which is applied to realize access authentication in multi-hierarchical mobile IPv6.