Security of Route Optimization in Mobile IPv6 Networks
碩士 === 國立暨南國際大學 === 資訊管理學系 === 97 === Many wireless applications and mobile communication services are provided through IP networks. This brings the increased popularity of mobile users, but also introduces the problems of IP address shortage and demands for mobility support in IP networks. Therefor...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2009
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/58583980722893404099 |
| id |
ndltd-TW-097NCNU0396049 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-097NCNU03960492016-05-06T04:11:29Z http://ndltd.ncl.edu.tw/handle/58583980722893404099 Security of Route Optimization in Mobile IPv6 Networks 行動IPv6網路路由最佳化安全性之研究 Fu-Chen Yang 楊富丞 碩士 國立暨南國際大學 資訊管理學系 97 Many wireless applications and mobile communication services are provided through IP networks. This brings the increased popularity of mobile users, but also introduces the problems of IP address shortage and demands for mobility support in IP networks. Therefore, IETF defines mobility support in IPv6, i.e. MIPv6, to allow nodes to remain reachable while moving around in the IPv6 internet. When a node moves and visits a foreign network, it is still reachable through the indirect packet forwarding from its home network. This triangular routing feature provides node mobility but increases the communication latency between nodes. In order to further eliminate triangular routing, IETF proposes a binding update (BU) scheme, which enables nodes communicate directly. This process of enabling direct packet delivering is called Route Optimization. To protect the security of BU message, a Return Routability (RR) procedure was proposed. However, it was found that RR is vulnerable to many attacks. In this thesis, we consider two different mobile IPv6 authentication architectures and propose two securing Binding Update message schemes for each architecture. In the infrastructureless environment, neither trusted third party nor certificate authority exists. We adopt CGA (Cryptographic Generated Address) scheme to propose two solutions based on Diffie Hellman key agreement and geometric computation respectively. In the infrastructure environment, there exists a third-party trusted Certificate Authority (CA) and different AAA servers, which also behave as PKGs (private key generators), distributed in different network domains. According to distinct privacy requirements, we present two secure BU schemes, adopting ID-based multi-signature and encryption respectively across multi-PKGs. Yen-Cheng Chen 陳彥錚 2009 學位論文 ; thesis 58 en_US |
| collection |
NDLTD |
| language |
en_US |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立暨南國際大學 === 資訊管理學系 === 97 === Many wireless applications and mobile communication services are provided through IP networks. This brings the increased popularity of mobile users, but also introduces the problems of IP address shortage and demands for mobility support in IP networks. Therefore, IETF defines mobility support in IPv6, i.e. MIPv6, to allow nodes to remain reachable while moving around in the IPv6 internet. When a node moves and visits a foreign network, it is still reachable through the indirect packet forwarding from its home network. This triangular routing feature provides node mobility but increases the communication latency between nodes. In order to further eliminate triangular routing, IETF proposes a binding update (BU) scheme, which enables nodes communicate directly. This process of enabling direct packet delivering is called Route Optimization.
To protect the security of BU message, a Return Routability (RR) procedure was proposed. However, it was found that RR is vulnerable to many attacks. In this thesis, we consider two different mobile IPv6 authentication architectures and propose two securing Binding Update message schemes for each architecture. In the infrastructureless environment, neither trusted third party nor certificate authority exists. We adopt CGA (Cryptographic Generated Address) scheme to propose two solutions based on Diffie Hellman key agreement and geometric computation respectively. In the infrastructure environment, there exists a third-party trusted Certificate Authority (CA) and different AAA servers, which also behave as PKGs (private key generators), distributed in different network domains. According to distinct privacy requirements, we present two secure BU schemes, adopting ID-based multi-signature and encryption respectively across multi-PKGs.
|
| author2 |
Yen-Cheng Chen |
| author_facet |
Yen-Cheng Chen Fu-Chen Yang 楊富丞 |
| author |
Fu-Chen Yang 楊富丞 |
| spellingShingle |
Fu-Chen Yang 楊富丞 Security of Route Optimization in Mobile IPv6 Networks |
| author_sort |
Fu-Chen Yang |
| title |
Security of Route Optimization in Mobile IPv6 Networks |
| title_short |
Security of Route Optimization in Mobile IPv6 Networks |
| title_full |
Security of Route Optimization in Mobile IPv6 Networks |
| title_fullStr |
Security of Route Optimization in Mobile IPv6 Networks |
| title_full_unstemmed |
Security of Route Optimization in Mobile IPv6 Networks |
| title_sort |
security of route optimization in mobile ipv6 networks |
| publishDate |
2009 |
| url |
http://ndltd.ncl.edu.tw/handle/58583980722893404099 |
| work_keys_str_mv |
AT fuchenyang securityofrouteoptimizationinmobileipv6networks AT yángfùchéng securityofrouteoptimizationinmobileipv6networks AT fuchenyang xíngdòngipv6wǎnglùlùyóuzuìjiāhuàānquánxìngzhīyánjiū AT yángfùchéng xíngdòngipv6wǎnglùlùyóuzuìjiāhuàānquánxìngzhīyánjiū |
| _version_ |
1718261240580538368 |