| With the development of Internet and wireless technologies, conventional Internet is evolving towards Mobile Internet with the characteristics of "Mobile Terminals and Wireless Accesses". Meanwhile, remote access VPN, as an effective extension of enterprise network, has been playing an important role in network applications. The integration of Mobile Internet and conventional remote access technologies will offer users great convenience and easy freedom, and enables mobile workers to securely exchange information with enterprise networks at anytime and anyplace. But such integration also brings about challenges to conventional remote access approaches. Remote access under Mobile Internet is no longer a static procedure, it is accompanied with frequent terminal mobility and wireless network handover; compared to fixed nodes, wireless terminals under mobile environment are characterized with weaker computation power and lower memory capacity; wireless links have constraints on higher bit error rates (BER) and lower transmission bandwidth. So, when designing a mobile wireless remote access scheme, the constraints of terminals' low computation capability and low wireless links'bandwidth, as well as the security of entity authentication and subsequent information exchange between wireless terminals and enterprise networks should be taken into consideration; at the same time, the transparency of terminals mobility and network handover procedure to upper level applications should be guaranteed.This dissertation studies authentication and key exchange issues and other related topics of mobile wireless remote access solution. The main contributions are as follows:1) An asymmetric authentication and key exchange scheme named AEAS (Asymmetric ECMQV-based Authentication Scheme) is proposed, which achieves client authentication based on passwords and server authentication based on conventional digital certificates. The password-only based client authentication approach possesses zero knowledge security attribute, allowing weak passwords while resistant to dictionary attacks, replay attacks and stolen-verifier attacks. Compared with other similar schemes, AEAS scheme has the advantage of least computation overhead in terms of public key algorithm, which perfectly suits for lightweight wireless terminals in mobile wireless scenarios. A brief security proof for AEAS under Random Oracle Model is given, and another efficient two-factor authentication protocol named ATAP (AEAS-based Two Factor Authentication Scheme) is proposed.2) The interworking issues between IPSec protocol and intermediary network devices (including conventional NAT gateways and future NAT-PT gateways under IPv4/IPv6 co-existent environment) are analyzed, and an enhanced NAT Traversal scheme is proposed which enables interworkability between IPSec and NAT-PT gateways under IPv4/IPv6 network co-existent environment. A new UDP encapsulation scheme named NATPT-T Tunnel Mode is proposed, which enables secure application-layer communication between IPv6...
|
PDF Full Text Request