Research On Mobile IPv6 Security Handover With Identity-Based Cryptography

With growing and combining of the Internet and wireless communication networks thereare more and more roaming users, which increase the requirement for wireless and mobilenetworks. The security and handover performance in the wireless and mobile environmentbecome two lions in the way for the commercial network of wireless mobile Internet, becausethe wireless and mobile environment is opening and real-time. As a network layer routingprotocol, mobile IP only solves how can a mobile node maintain its all ongoingcommunications when it moves from one place to another, but it ignores many security issues,such as access authentication security, data transport security, etc. And mobile IP specificationdoesn't consider the performance optimization for mobile handover, which restricts thedevelopment of the real-time applications in the wireless and mobile networks.If given the security requirements, the handover performance issue will become moreserious. First, the thesis analyze the key factors of the performance in the mobile handoverprocedure, and studies how to utilize the identity-based cryptography (IBC) to realize thesecure mobile handover from the point of the integrating authentication and data confidentialityin the handover procedure. Then the thesis utilizes the characters of IBC to reduce the transportlatency, and realizes the access authentication in the visited network instead of the homenetwork. So the handover performance can be improved. The main contributions in thisdissertation are the following:1. A fast authentication method using identity-based signature (IBS) is proposed.In this thesis, we propose a fast mutual authentication method for wireless and mobileIPv6 networks based on an IBS scheme. It adopts the IBS technique to implement themutual authentication, and optimizes the access authentication and the homeregistration. In the solution, the access authentication can be accomplished in thevisited network instead of the home network, which can eliminate the transportlatency arose by the interaction with the home network in the access authentication.Also the authentication can be accomplished by signing or verifying the homeregistration messages, and then the handover procedure integrating authenticationonly needs one round trip. So the additional load arose by authentication can beminimized. We prove that the access authentication and home registration processhandover latency of ours is better than that of the existing solution and our solutionsatisfies the mutual authentication security.2. A security handover method using IBC is proposed.The fast authentication method only considers the optimization for the accessauthentication and the home registration, but it ignores the duplication addressdetection and the general registration. In this thesis, we propose a security handovermethod to optimize the whole mobile handover procedure. It mainly reduces theinteractions in the handover procedure and guarantees security by the low-cost IBC.(1) It adopts the authenticated cryptographically generated address (ACGA) as thecare of address (CoA). Owing to the unique ACGA, the duplicate address detectioncan be removed. (2) In order to simplify the authentication procedure, it uses the fastauthentication method to implement the authentication and the home registration inparallel. (3) It adopts the authenticated CoA to simplify the general registration. (4)And it uses the identity-based authenticated key agreement scheme to agree thesession key to guarantee the data confidentiality. We prove that the whole handoverlatency of ours is better than that of the existing solution and our solution satisfiesmutual authentication security, data confidentiality security, etc.3. An identity-based hierarchical authentication method is proposed.Both the fast authentication method and the security handover method study how toimprove the mobile handover performance from the point of the handover latency, butthey ignore the optimization for the signal cost. In this thesis, we design anidentity-based two-layer signature (2-IBS) scheme, and based on the hierarchicalmobile IPv6 protocol, we propose a hierarchical authentication method. Our solutionadopts the 2-IBS technique to implement the mutual authentication, and optimizes theaccess authentication and the home registration. It utilizes the characters of IBS andthe public parameters in location to reduce the round trip times with the homenetwork. In addition, the authentication and home registration can be implemented inparallel through signing or verifying the home registration messages, so theinteraction times can be reduced. It adopts the hierarchical framework, which can bescaled easily. We prove the access authentication and home registration processhandover latency of ours is better than that of the existing solutions and our solutionsatisfies mutual authentication security, resolves the key escrow issue partially.