高级检索

    结合信任机制的移动IPv6网络快速跨域认证方法

    A Fast Inter-Domain Authentication Method Combining Trust Mechanism in Mobile IPv6 Networks

    • 摘要: 在移动IPv6(MIPv6)网络中,当移动用户从外地域接入网络时,家乡域和接入域需要协作实现对移动用户的身份认证,各管理域之间存在域间信任关系是域间协作实现用户身份认证的基础.现有MIPv6网络快速认证方法在实施域间认证的过程中忽略了域间信任关系,由于缺乏域间信任而造成的认证失败在整个认证流程结束以后才能被检测到.提出一种结合信任机制的MIPv6网络快速跨域认证方法,其中在预切换阶段考虑移动用户家乡域和接入域之间的信任关系,通过移动用户和接入网络的一次交互实现用户和接入域的有效双向认证,并设计了域间信任关系的动态维护机制.基于组合公钥(CPK)算法设计了网络实体的身份签名和验证方案,用于加速双向认证过程.理论分析和数值分析结果表明,提出的方案比现有方案在减少总认证切换延时和信令开销方面更有效.同时基于CPK算法的安全性,提出的方案在有效实现用户和网络的双向认证的同时可以保证私钥的保密性和签名的不可伪造性.

       

      Abstract: In mobile IPv6 networks, when mobile user accesses from a foreign domain, the home domain and the foreign domain should coordinate to perform user authentication. The existence of inter-domain trust relationship among multiple domains is the prerequisite for implementing inter-domain user authentication. Current fast authentication methods in mobile IPv6 networks lacks consideration of inter-domain trust relationship when performing inter-domain user authentication. Authentication failure caused by untrustworthiness is not detected until the entire authentication procedure is over. A fast inter-domain authentication method combining trust mechanism for wireless mobile IPv6 networks is proposed, which considers inter-domain trust relationship between mobile user’s home domain and the access domain in the pre-handoff procedure and realizes effective mutual authentication between mobile user and the access domain in one round-trip. A dynamic maintenance mechanism for inter-domain trust relationship is also designed. Based on the combined public key algorithm, a signature and verification scheme is designed for network entities, which accelerates mutual authentication process. Theoretical analysis and numerical results show that the proposed method is more effective in reducing total authentication and handoff delay and the signaling overhead than relative methods. Also, based on the security of CPK algorithm, the method is sufficient for privacy and unforgeability in realizing mutual authentication in mobile IPv6 networks.

       

    /

    返回文章
    返回