摘要
摘 要 在此論文,為了減少在Mobile IP漫遊中所造成的換手(handoff)問題,例如:傳送資料間的遺失(packet loss)、註冊時間的延遲(registration delay)、網路訊息/資料的擁塞(message congestion)…等,都將影響整個網路的運作效率與增加不安全的危險性,所以我們提出了快速換手的機制建立在階層式架構中(hierarchical structure),來達到這些目的和解決問題。 我們使用兩層的階層式架構,第一層也就是最上層common of FA(CFA),第二層是foreign agent(FA),在CFA底下連接數個FA,以方便管理使用者的移動性(mobility);我們將使用者的註冊程序分為兩個部份:Home Registration 和 Micro-Mobility Registration。 當使用者Mobile Node(MN)第一次從家網路移動到其它網路時,MN向(Home Agent)HA註冊如果合法,將得到第一張由HA產生的票據(Ticket),同時在CFA也會儲存一張(而在MN註冊確定是合法的同時,HA既預先產生了第二張票據給CFA),此第一張票據代表著MN在此網路的確認身份。而當MN又漫遊到下個網域時,MN將此票據送至CFA做比對,如果和CFA的票據相同的話,即代表著MN仍然是合法者,此時CFA將第二張票傳給MN,此時MN在此網路是得到第二張票當作它的確認身份。 我們的研究方法有以下的優點: (1)在每一次MN漫遊至不同網域間時,如果仍為合法使用者,將會從CFA取得不同的票據,此目的是為了防止重送攻擊(replay attack)。 (2)當MN在不同網路間漫遊時,不在需要每次到它的家目錄進行註冊的程序,只須要到第一層的CFA做註冊和比較,即可判斷MN是否為合法;減少了每次到家網路註冊的延遲時間。 (3)在安全方面,我們是使用HA與MN間的秘密金鑰,對稱加密法來完成彼此間的資料安全,同時加快了運算的速度,也使用雜湊函數(Hash Function),來提高安全的可靠度。
並列摘要
Abstract In this thesis, we propose a new authentication mechanism for Mobile IP based on hierarchy structure to improve handoff problem. We use the hierarchy structure and cryptography concept to reach our purpose. The proposed new mechanism not only improves handoff of Mobile IP to reduce packet loss and transmission delay but also to attain safe authentication. The proposed authentication protocol on hierarchical structure can be divided into two parts. The first part is called as home registration protocol and the second is micro-mobility registration protocol. At first, when MN(Mobile Node) moves from its home network to a visited foreign network, it has to perform the home registration protocol. In home registration protocol, MN sends its registration request through a designed two-level hierarchical structure to its home network. The HA(Home Agent) gives MN a registration reply with a ticket for the authentication of the micro-mobility registration. On order to avoid the handoff problems occurs in Mobile IP when MN changes its FA(Foreign Agent) to another FA, it needs not to register HA again. On the contrast, the thing for MN to do is to forward the ticket given by HA to the CFA(Common Foreign Agent) on the first level of hierarchical structure. In the mean time, CFA updates the ticket from HA and sends it to MN for the next time micro-mobility registration. On our proposal, the symmetric cryptography is used to make a secure communication for the proposed protocol. The contributions of our main purpose are as follows: (1)The feature of our schemes is that new ticket mechanism is used to alleviate the overhead of home registration caused by frequently local handoff and reduce data loss. (2)When MN is moving within the same domain of a CFA, MN is not required to perform the home registration with HA to shorten the register time. (3)Our proposed protocol can attain safe authentication to prevent various attacks. According to our proposal, it is believed that the results of our method in this thesis is much helpful to future research and application in frequent handoffs in Mobile IP environment.