Research And Implementation Of MIPv6 Authentication System In Split Scenario

Basic MIPv6 protocol provides the mobility support for mobile nodes. However, this protocol does not concern access technologies and suggest using complex IPSec to protect MIPv6 signaling between Mobile Nodes and Home Agents. According to different scenarios deployed for MIPv6 network, access service providers could be independent of MIPv6 service providers, which is split scenario. So more effective access authentication scheme and MIPv6 scheme are needed. This paper designs a novel MIPv6 authentication system in split scenario using PANA protocol and mobility message authentication option mechanism based on AAA architecture. The AAA technology is a requirement of MIPv6 deployment, while the authentication function is the base of authorization and accounting. The paper solves access authentication and MIPv6 authenticaion problems of MIPv6 users based on AAA architecture.At first, the paper summarizes the research status of different access authentication technologies and MIPv6 authentication technologies, describes the split/integrated scenario of MIPv6 bootstrapping and the development of AAA protocols.Secondly, the paper introduces MIPv6 protocol, AAA theory and describes MIPv6 bootstrapping scenarios in detail. Based on the analysis and comparison of typical access authentication technologies and MIPv6 authentication technologies, the paper designs a MIPv6 authentication system scheme in split scenario. The traits of the schme are shown as follows: 1) This system is devided into access authentication sub-system and MIPv6 authentication sub-system. 2) PANA protocol is used as the front protocol while Diameter protocol is used as the backend protocol. EAP protocol, supporting many authentication algorithms and easy to be extended, accomplishes the real authentication function. 3) The Mobility message option scheme used by MIPv6 authentication for mobile nodes is light weighted, could take place of IPSec in wireless environment. 4) The MIPv6 authentication process could distribute session keys between MN and HA for MIPv6 authentication dynamically.Thirdly, the paper presents a model for implementing the MIPv6 authentication system, implements access authentication sub-system and MIPv6 authentication sub-system based on OpenDiameter and FreeRADIUS separately, then describes how to realize every module, finally finishes the software for the entire MIPv6 authentication system on the Linux 2.6.8.1 kernel platform. At last, the test environment is set up for this software. The test focuses on the user roam function of access authentication sub-system and the first implementation result of RFC4285 of MIPv6 authentication sub-system. The analysis of test results is also be presented.This paper is supported by the grant from China National Development and Reform Commission under the project "Research on Integrated Services of Internet and Mobile Communications"...