- 學位論文
行動IPv6中繞送最佳化機制下之連結更新認證協定
Authentication Protocols for Binding Update in Route Optimization of Mobile IPv6
摘要
行動IPv6是在網際網路通訊協定第六版通訊協定上,讓行動裝置在不破壞原有的架構下,更換其連結點卻不影響到其它的網路節點或正在執行的應用程式。為了提供這項服務,行動IPv6引入一個新的網路節點:本地代理者 (Home Agent)。本地代理者會記錄行動裝置新取的網路位址,並將送往行動裝置的封包轉送到新的網路位址。然而本地代理者的引進雖然解決了移動的問題,但是新的問題也跟著產生。如果來源端和目的地端相當接近,而本地代理者卻在相當遠的地方,從來源送給目的地端的封包會先送到本地代理者的所在地再轉送到目的地端,因為來源端和目的地端相當接近,所以這種方法增加很多的傳送延遲。解決這問題的方法就是讓來源端和目的地端直接傳輸,這種方法叫做「繞送最佳化」,但卻引發安全性的問題。 為了解決上述的安全性問題,許多的協定被提出來。在本論文中,我們分析這些協定抵擋攻擊的能力,並考量執行效能。 最後,有三個協定被提出來解決「繞送最佳化」上的安全性問題,其中一個是以現有架構為基礎的協定,另外兩個協定則是以密碼學產生位址(Cryptographically Generated Addresses)技術為基礎。以現有架構為基礎的協定提供最好的安全防護,但是對阻斷式攻擊依然沒有有效的防護。另兩個協定則是將現有利用密碼學產生位址技術協定的安全性漏洞加以填補並改進其執行效率。在本論文的最後,這三個協定的安全性與執行效率將會被完整的分析。
並列摘要
Mobile IPv6 (MIPv6) is a protocol proposed by IETF organization and based on Internet Protocol (IP) version 6 to support mobility. In order to support mobility, MIPv6 uses an additional network node, Home Agent (HA), with a fixed network address. Packets sent to HA first and HA relayed them to the destination. This mechanism introduces another problem: even if the sender and the receiver are close, the sender still has to send packets to the remote HA, which then relay them to the remote receiver. It increases unnecessary routing. This problem is named “Triangle Routing” Problem. IETF proposes “Route Optimization” to solve this problem. The sender sent packets to receivers directly instead of relaying from HA. Although it solves the delay caused by triangle routing problem, it introduces security issue. Several protocols were proposed to solve security problems in Route Optimization. We list all possible attacks to analyze these protocols. In the protocol analysis, some flaws are found in these protocols. Beside the security issues, performance of the protocol is under consideration. Three Protocols was proposed in the paper, one is based on existed infrastructure, and the others are based on Cryptographically Generated Addresses (CGA) technology. The infrastructure-based protocol solves most threats in binding update except the Denial of Service (DoS) attack. The other two protocols fix the loophole in other CGA-based protocols and improve the performance. At last, the three protocols are evaluated in security and performance.
參考文獻
延伸閱讀
- 潘建廷(2012)。於階層式疊層網路下對應用層群播支援P2P會議服務具可靠性和延遲上限媒體轉送機制之設計〔碩士論文,國立中正大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0033-2110201613521329
- Tsai, H. B. (2018). 進階置換演算法暨資訊核心網路之快取管理最佳化 [doctoral dissertation, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU201800869
- 姚楠、楊水根、郭華明、張宏科、秦雅娟(2008)。支援接入與核心分離的路由協定擴展機制設計與實現。網際網路技術學刊,9(5),355-360。https://www.airitilibrary.com/Article/Detail?DocID=16079264-200812-9-5-355-360-a
- Yang, F. C. (2009). Security of Route Optimization in Mobile IPv6 Networks [master's thesis, National Chi Nan University]. Airiti Library. https://doi.org/10.6837/NCNU.2009.00048
- Wang, C., Dai, Z., Zhao, D., & Wang, F. (2020). A Novel Identity-based Authentication Scheme for IoV Security. International Journal of Network Security, 22(4), 627-637. https://doi.org/10.6633/IJNS.202007_22(4).11