Research On Security Architecture And Handoff Mechanism In Next Generation Wireless Networks

With the development of communication engineering, computer network and integrated circuit technologies, mobile communication and wireless network become highly desirable. Due to the progress of IT technologies, mobile communication systems are highly developed and various new radio access technologies come forth, which paves the way for the next generation wireless network. The next generation wireless network combines the merits of different wireless networks, thereby featuring diversified access method, high speed data transmission, ultra mobility and all IP integration. Users therefore easily enjoy the ubiquitous high performance network service provided by the next generation wireless network. Heterogeneous wireless network integration is the key technology to the next generation wireless network. As a highly complicated system engineering, the heterogeneous wireless network not only has similar problems to the traditional network, but also faces additional security problems caused by the interconnection of heterogeneous networks. These extra security problems with the heterogeneous wireless network include how to realize unified security acess among different wireless networks; how to realize strict access control in the complicated heterogeneous network; how to simplify the complex key management of AKA mechanism and reduce the large key size; and how to make seamless handover in heterogeneous network.In this thesis, the security architecture of heterogeneous network is investigated and explored. The performance and efficiency of heterogeneous network is enhanced significantly with the improved access authentication, authorization control, key agreement and adaptive adjusted mechanisms. The main contributions of this thesis are listed as follows:1. The evolution of wireless network is summarized. The characteristics, key technologies, and major security problems of the next generation wireless networks are carefully investigated and concluded. Furthermore, the design principles of the security architecture of heterogeneous network are provided. The methods to improve the system performance are presented as well.2. An unified authentication mechanism for upper protocol based on mobile IPv6 protocol to mask different link layer access is proposed in this thesis. Based on the comprehensive analysis and comparison of different communication optimization methods, an optimization method with the integration of binding information and architecture deployment is proposed. The new optimization method considers whether the mobile node roams in the foreign domain. Furthermore, specified packet format is designed to support different scenarios. In order to avoid divulging the topological information of the home domain when the mobile node communicates with other nodes in the foreign domain, an improved key framework is introduced in the thesis. The process of the key generation and exchange is provided. The simulation results indicate that the novel optimization method reduces the delay of the authentication and login process significantly and maintains the security of the system. The realizable operation of the heterogeneous network is therefore achieved.3. Based on the unitifed authentication mechanism of different access wireless networks, optimum authorization architecture in heterogeneous network is proposed to deal with the complex environment. Based on the concept of role-based access control model, SAML and XACML are combined to assign roles and attributes of visiting domain to users, thereby realizing optimum authorization and management performance of the heterogeneous network. Different application scenarios in heterogeneous network are analyzed systematically in this thesis. Based on users'location, the heterogeneous network has intra-domain and inter-domain applications. Alternatively, the heterogeneous network has Pull application scenario and Push application scenario according to the method in which users obtain network resource. Specific workflows in different application scenarios are analyzed and designed for the optimum authorization architecture of the heterogeneous network. The proposed heterogeneous network satisfies users'various requirements for network resource applications with the new architecture. Furthermore, the quality of service is improved significantly. The test bench of the key function module lays a solid foundation for the development of the optimum authorization architecture of the heterogeneous network in the future.4. Potential security hazards in the heterogeneous network are analyzed. Correspondent security requirements are presented in this thesis. Based on the analysis of different cryptography algorithms, an XTR4 algorithm based on subgroup-trace discrete algorithm is chosen for key agreement mechanism. Furthermore, an authentication and key agreement mechanism is proposed for the optimum authorization architecture of the heterogeneous network. Three kinds of keys are used in different scopes to accomplish different negotiation processes for users in home domain and visiting domain. Simulation results show that this authentication and key agreement mechanism satisfies the security requirement and is superior to the traditional key agreement mechanism.5. In order to realize seamless handover in the heterogeneous network, an adaptive handover mechanism based on cross-layer design is proposed. With comprehensive consideration of travelling speed parameter of users and dynamic parameters of current network connection, the heterogeneous network pre-estimates the real-time handover threshold and provides enough reservation time for handover. Handover initiation information from link layer and IP layer can be used to trigger optimum congestion control mechanism and adjust the TCP transmission mode adaptively for mobile handover information in the protocol of one layer is allowed to be transmitted and interacted with the protocols of another layer. High TCP transmission performance is guaranteed for handover among different networks in mobile IPv6 environment. Simulation results show that this adaptive handover mechanism not only reduces the handover error rate, but also enhances the TCP transmission performance when handover happens.In conclusion, security architecture and handover mechanism for the next generation wireless network proposed in this thesis has clear definitions and functional descriptions. The architecture is easy to implement and friendly to the engineers. The novel wireless network is not only worth in-depth theoretical research, but also has high application value for projects.