عنوان فارسی مقاله: | هندآف سریع IPv6 سیار با رجیستر امنیتی مبتنی بر شبکه IPSec |
عنوان انگلیسی مقاله: | A security registration based on IPSec for mobile IPv6 fast handoff |
دانلود مقاله انگلیسی: | برای دانلود رایگان مقاله انگلیسی با فرمت pdf اینجا کلیک نمائید |
سال انتشار | 2010 |
تعداد صفحات مقاله انگلیسی | 4 |
تعداد صفحات ترجمه مقاله | 12 |
مجله | کنفرانس بین المللی شبکه های بی سیم ارتباطات و محاسبات سیار (International Conference on Wireless Communications Networking and Mobile Computing) |
دانشگاه | دانشکده فنی و مهندسی الکترونیکی، دانشگاه شیان، چین |
رشته های مرتبط | مهندسی برق، مخابرات ict، و شبکه های کامپیوتری |
کلمات کلیدی | رجیستر موبایل؛ IPSec؛ IPv6 موبایل؛ تصدیق هندآف |
لینک مقاله در سایت مرجع | لینک این مقاله در سایت IEEE |
نشریه | IEEE |
فهرست مطالب:
چکیده
1 مقدمه
2 کارهای مرتبط
3 پروتکل طرح پیشنهادی
4 تجزیه و تحلیل عملکرد
A تاخیر هند آف
B تجزیه و تحلیل مقیاس پذیری و امنیت
5 نتایج
بخشی از ترجمه:
از آنجایی که شماره سریال در پروتکل IPSec غیر تکراری بوده و ازمحرمانه بودن و یکپارچگی داده های IPSec حفاظت می شود، در نتیجه IPSec-FMIPv6 می تواند این سه تیپ حمله را بلوکه نماید: حملات بازپخش یا تکرار، حملات سیلابی و حملات کد. اما مهاجم می تواند از ساختار گره بهره برده و فرایند را جهت ارسال تعداد بزرگی عملیات اسپم برای حمله DOS تائید نماید، یعنی پیکره بندی سیاست بایستی الگوریتم درست جهت کاهش احتمال حمله را انتخاب نماید. حمایت از مقیاس پذیری عمدتاً در طرح اینترهنداور تحت مدیریت حوزه IPv6 موبایل سلسله مراتبی منعکس و دارای عملکرد سوئیچ بهتری می باشد.
5. نتایج
مقاله حاضر طرح رجیستر امنیتی جدیدی براساس IPSec پیشنهاد می کند که ترکیبی از علامتدهی FMIPv6 و مکانیسم تصدیق اولیه می باشد که قبل از هند اور تصدیق را تحقق داده و با تصدیق پس از هنداور تاخیر زمانی تا حد زیادی کاهش می یابد. تجزیه و تحلیل نشان می دهد مزیت طرح IPSec-FMIPv6 در مقایسه با طرح AAA ، تاخیر پائین و هزینه های کم سربار بسته و همچنین شاخصه های خوب در جنبه هایی نظیر امنیت و حمایت از توسعه پذیری می باشد. قطعاً، می بایست جزئیات بیشتری مطرح گردد، مثل انتخاب الگوریتم های رمزگذاری و وقت گیری در دوره به آن نیاز نخواهد بود، نباید در نظر گرفته شود و این مسئله در کار آتی مورد تحقیق و پژوهش قرار خواهد گرفت.
بخشی از مقاله انگلیسی:
I. INTRODUCTION As the growth of ubiquitous network technologies and services, users can access the Internet from anywhere at any time by using wireless devices. As to support mobility of various applications and services, IETF proposed mobile IPv6 protocols [1] in 2004. However, wireless environment is characterized by openness, which makes it vulnerable to the threat of attacks, and also does MIPv6. MIPv6 signaling are easy subject to attacks, such as man-in-the-middle attack, replay attack, flooding attack, code attacks, DOS attack and so on. Redirection attacks, middle attacks, denial of service attacks will be occur especially during the handover process of mobile nodes for lacking of strong protection measures to the signaling interactions. Additionally, Mobile IPv6 may also be subjected to other security attacks, such as the lack of effective authentication mechanism, which may be the root of many attacks. Mobile IPv6 authentication protocol make mobile nodes get certified in their respective certification entities by using IPSec Security Association(SA) between mobile nodes and home agent or AAAH[2] server when mobile nodes access to a new network. However, the authentication protocol just applied to MN-HA, mutual certification between MN-CN still cannot be made effectively, thus the risk of eavesdropping or intermediary attacking increase if malicious node access to network fake normal node. II. RELATED WORKS Several mechanisms [3-7] have been proposed to solve security problems in handoff process. The related works are discussed here and their drawbacks are pointed out as sequel. In [3], Hu Wang and Anand R. Prasad proposed a method of fast authentication for inter administrative domain handoff between two foreign mobile or wireless communication network domains. In this method, Serving Network (SN) and Target Networks (TN) must be a relationship of mutual trust. When MN handoff from SN to TN, MN send a handoff decision to SN, then SN calculates a shared key for MN and TN,and sends it to MN and TN respectively. Then MN sends a fast authentication request asking to TN after receiving the key, and MN can be accessed to TN when authentication finish. Such an approach, however, faces the following challenges: First, if the trusted third-party introduced for distributing the pre-shared key to authentication entities is under attack, there is no security to speak of in authentication process. Secondly, the introduction of a trusted third-party will be an additional signaling overhead. Finally, binding update process is also lack of effective protection after handoff. In[6], a fast authentication mechanism using identitybased signature (IBS) was proposed. Its primary idea is the effective combination of fast handover and access authentication. New access router (NAR) and NAAA server ask for the signature parameters of MN from AAAh of MN when handover initials. MN accomplish access authentication with only one interaction with AAAv server and complete binding update process with HA simultaneously. Similar researches on the combination of Mobile IP and AAA mechanism solving the authentication issues of MN in handover process are presented in [4-7]. But such approaches need a great deal of signaling interactions with the home network each handoff happens, which lead to a large handover delay and considerable signaling overhead. Even though these methods can solve the security treats in handoff process to a certain extent, there are still many defects, such as more packets overhead, the security issue of message and signals protection which was rarely take into 978-1-4244-3709-2/10/$25.00 ©2010 IEEE account in the handover process, and poor performance when mobile node far away from home networks. III. PROPOSED SCHEME PROTOCOL The underlying security problem of handoff is the lack of effective authentication of mobile nodes as well as security protection of handover signals. In this paper, we propose a novel registration of fast handoff, which is based on IPSec protection. Its basic mind is using IKEv2 protocol [8] to achieve pre-authentication of mobile nodes in fast handoff process, and the Security Association (SA) generated by IKEv2 also utilized to provide protection for handover signaling. We illustrate the method of registration in handover procedure as Fig.1 shows.
عنوان فارسی مقاله: | هندآف IPv6 سیار با رجیستر امنیتی مبتنی بر شبکه IPSec |
عنوان انگلیسی مقاله: | A security registration based on IPSec for mobile IPv6 fast handoff |
خرید ترجمه فارسی مقاله با فرمت ورد
خرید نسخه پاورپوینت این مقاله جهت ارائه