Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security mobility management method in identity and location separation system

A management method and mobility technology, applied in the field of computer networks, can solve the problems of not considering the mobile node mobile handover security, affecting the scalability of the mapping system, and increasing the burden of the mapping server, so as to reduce the authentication delay and handover delay. , Small authentication delay, the effect of preventing man-in-the-middle attacks

Inactive Publication Date: 2013-04-17
BEIJING JIAOTONG UNIV
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 2. There are problems such as switching delay, packet loss rate, and signaling overhead;
[0010] 3. With the increase of mobile nodes, the burden on the mapping server gradually increases, which affects the scalability of the mapping system;
[0011] 4. The security of the mobile handover of the mobile node is not considered
[0015] 1. When the mobile node moves, the data sent by nodes in the same mobility management area to the mobile node in this area has a large packet loss rate;
[0016] 2. The security of the mobile handover of the mobile node is not considered

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security mobility management method in identity and location separation system
  • Security mobility management method in identity and location separation system
  • Security mobility management method in identity and location separation system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] The initial security access process of the mobile node in the home domain is as follows: figure 1 As shown, the steps are as follows:

[0037] Step 1. MN attaches to ATR 1 ;

[0038] Step 2, ATR 1 Send identity request and challenge value CV (Challenge Value) to MN;

[0039] Step 3. MN generates random number R 1 , use the MN and HAAA pre-shared key P to encrypt CV and R 1 , calculate E P (CV||R 1 ), calculate the message hash value H(EID 2 ||CV||E P (CV||R 1 )), then ATR 1 Send an access authentication request, the message includes: MN's terminal identification EID 2 , challenge value CV, encrypted information E P (CV||R 1 ) and hash value H (EID 2 ||CV||E P (CV||R1 )). where E k (m) indicates the ciphertext after encrypting information m with key k, H() is a hash function, and "||" is a string connection character;

[0040] Step 4, ATR 1 Send the access authentication request message to HAAA;

[0041] Step 5, HAAA first checks the hash value H(EID ...

Embodiment 2

[0057] When the mobile node is handed over within the area, the AAA server does not need to participate, such as figure 2 shown. The safe handover steps of the mobile node in the domain are as follows:

[0058] Step 1, MN and ATR 1 disconnected, attached to ATR 2 ;

[0059] Step 2, ATR 2 Send identity request and challenge value CV (Challenge Value) to MN;

[0060] Step 3. MN generates random number R 1 , using the intra-domain switching key LK, encrypted CV and R obtained during access 1 , calculate E LK (CV||R 1 ), calculate the hash value H(EID 2 ||CV||E LK (CV||R 1 )), then ATR 2 Send a handover access request message, including: MN's terminal identification EID 2 , challenge value CV, encrypted information E LK (CV||R 1 ) and hash value H (EID 2 ||CV||E LK (CV||R 1 ));

[0061] Step 4, ATR 2 Check H(EID 2 ||CV||E LK (CV||R 1 )), using the group key G pre-shared with HAAA to calculate the MN's intra-domain switching key LK=H(G||EID 2 ). Decrypt E ...

Embodiment 3

[0078] During the secure handover process of the mobile node between areas, the identity authentication of the mobile node does not require the interaction between VAAA and HAAA, such as image 3 shown. The safe handover steps of the mobile node between areas are as follows:

[0079] Step 1, MN and ATR 2 disconnected, attached to the ATR 3 ;

[0080] Step 2, ATR 3 Send identity request and challenge value CV (Challenge Value) to MN;

[0081] Step 3. MN generates random number R 1 , using the inter-domain switching key GK, encrypted CV and R obtained during access 1 , calculate E GK (CV||R 1 ), calculate the message hash value H(EID 2 ||CV||E GK (CV||R 1 )), then ATR 3 Send a mobile handover access request message, including: MN's terminal identification EID 2 , challenge value CV, encrypted information E GK (CV||R 1 ) and hash value H (EID 2 ||CV||E GK (CV||R 1 ));

[0082] Step 4, ATR 3 Forwarding the mobile handover access request message to VAAA;

[008...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a security mobility management method in an identity and location separation system. An access network is used as a mobile management area, a subnet is controlled by an access tunnel router, and each access network consists of a plurality of subnets; the tunnel router is used as a mobile anchor point of a mobile node in the area to store location information of the mobile node in the area, and the securely moved and switch data of the mobile node in the area is transmitted by a tunnel and is forwarded by local routing identifier pathfinding; an AAA (Authentication, Authorization and Accounting) server as well as a tunnel router and the access tunnel router pre-establish a security alliance in the access network; the access tunnel router and the AAA server share a group key in the access network; the mobile node and an HAAA (Home Authentication, Authorization and Accounting) server pre-negotiate the sharing of the key; before the mobile node roams in different networks, the initial security access of the mobile node is firstly completed in a home domain; and when the mobile node moves, the connection between the mobile node and a correspondent node is not interrupted.

Description

technical field [0001] The invention relates to a security mobility management method under the identity and location separation system, belonging to the technical field of computer networks. Background technique [0002] The current Internet faces serious routing scalability problems. In recent years, IPv4 BGP routing table entries have been growing rapidly, and the number has exceeded 400,000 at present, which poses a great challenge to the processing and storage capabilities of core routers. With the gradual popularization and application of IPv6, the huge address space of IPv6 will result in a larger BGP routing table. In order to solve problems such as routing scalability, researchers from various countries have proposed many programs such as ILNP, LISP, GLI-Split, Ivip, and integrated identification network. Generally speaking, these schemes are all based on the Locator / Identifier Separation (Locator / Identifier Separation) system of the network. [0003] The identit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/08H04L29/12
Inventor 刘颖唐建强周华春张宏科
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products