Research And Design On Authentication Protocol In Identifier/Locator Separation Network

ABSTRACT:In traditional network architecture, dual attribution of IP address has triggered many unresolvable problems, such as routing scalability, mobility, and security. Identifier/locator separation network clearly separates host identifier and location information, and the Internet system is divided into two broad categories:access network and core network. It is a good solution to the scalability and mobility issues of the Internet. The research on identifier/locator separation network focuses mainly on network architecture, mapping resolution mechanisms, mobility and so on. But, the communication authentication protocols in identifier/locator separation network should be researched deeply too. In fact, communication authentication protocol is the basis of other security services. Entity authentication, integrity of message contents transmitted, as well as secure distribution of keys can be realized by using communication authentication protocols. The network architecture and communication processes are different between traditional network and identifier/locator separation network. Many network security communication authentication methods in traditional network are no longer applicable to identifier/locator separation network. Although some research results on access authentication and fast authentication in identifier/locator separation network have been got, the security, flexibility, and efficiency of these methods are to be further improved. In addition, the research on secure route optimization in identifier/locator separation network has not yet been carried out.Based on identifier/locator separation network, this paper researches on terminal access authentication and authenticated key exchange, terminal intra-domain fast authentication, terminal inter-domain fast authentication, as well as inter-domain and intra-domain secure route optimization for terminal mobility.The main research contents and innovations are outlined as follows:(1) A provably secure trusted access authentication method is proposed. This protocol realizes mutual authentication between terminal and authentication center, as well as between access router and authentication center. It guarantees the credibility of terminal platform and access router. Compared with other similar methods, our method has lower authentication delay, authentication cost, as well as better security and flexibility. In order to achieve session key distribution when authentication is carried out, a provably secure authenticated key exchange method is proposed on the basis of trusted access authentication method. (2) A trusted authentication scheme for intra-domain fast authentication is proposed, in which a Token is designed for intra-domain fast handover. Terminal first obtains a Token assigned by the authentication center in the home domain. When the handover authentication occurs in intra-domain, the access router uses the Token to authenticate the mobile terminal without communicating with the authentication center. The proposed scheme is analyzed and its authentication costs, authentication delay, handover delay and security are compared with other schemes. It has demonstrated that the scheme is secure and effective. The scheme can realize authentication of terminal platform, and provide identity anonymity and platform anonymity. It reduces the burden of the authentication center and has certain advantages over the current protocols.(3) Aiming at the problems existed in current inter-domain fast authentication methods, a trusted inter-domain fast authentication scheme is proposed. This scheme can realize proof of identity and integrity verification of the platform as well as proof of the user identity. In this scheme, a Ticket, which is issued by the home domain, is designed. When the mobile terminal moves to a new domain, the visited domain directly authenticates the mobile terminal using the Ticket carried by mobile terminal rather than authenticating it through its home domain. Analysis suggests that the scheme is secure and effective. Compared to existing schemes, it has better comprehensive performance.(4)After mobile terminal handovers, in order to avoid triangle routing, route optimization is required. During the route optimization process, it faces black hole attack, DoS attack, replay attack, and so on. In order to resist these attacks, an intra-domain secure route optimization method and an inter-domain secure route optimization method are proposed. Analysis shows that both methods have high execution efficiency. They can ensure the confidentiality and non-repudiation of communications, the credibility and security of the access router and mapping server. They can also resist replaying attack, impersonation attack, black hole attack and DoS attack.In summary, this paper takes secure authentication in identifier/locator separation network as target and analyzes some authentication protocols for terminal communication process in identifier/locator separation network and traditional network. To improve the efficiency, security and flexibility of authentication protocol, several authentication protocols with higher security and better performance are proposed to meet the requirement of identifier/locator separation network. The results have some theoretical value and practical significance on the final realization of identifier/locator separation network.