| With the development of the network technology and the demand of the various service, the next generation network(NGN),mobile IP and IPv6 have been improved more rapidly and the integration of the three incompatible networks(telephone network, computer network and TV network) has became more and more important. At the same time, IP network becomes the leading power in the process of the integration of the incompatible networks because of its excellent features, such as, the convenient connection method , the low cost and easy expandability of business application and so on. Although the AAA (Authentication , Authorization , Accountting) technology in previous internet network, such as TACACS and RADIUS, has been used in wide fields,they can't work well in the new network condition,especially in the process of AAA for mobile IPv6.Hence,a new protocol for AAA, Diameter protocol, which was recommended by IETF has became the standard protocol for the various applications. Diameter protocol is the name of a protocol family, a Diameter base protocol and several interrelated application protocols are included in it. In the Diameter base protocol, some base network entities and operations were specified,while the Diameter header,AVP header and the secure demand were also defined in it. Based this Diameter base protocol, some protocols were developed for different application fields, such as mobile IPv4 application, SIP application,NASREQ application and so on.Although MIPv6 application protocol looks like MIPv4 application protocol in the higher level,in fact,there are many differences between them.For instance,there is no foreign agent in MIPv6 protocol,so that mobile node can't visited network resource through foreign agent. In this thesis, I will specify the protocol profile of the basic process of AAA of MIPv6 node and some enhanced features related with MIPv6 by studied deeply in Diameter protocol family and PANA protocol will be used with Diameter base protocol together for provided authentication and authorization. And then I designed and developed the class library for mobile IPv6 based on the MIPv6 application that is specified previously and the open resource software OpenDiameter. Finally, a simulated network circumstance for MIPv6 was set up and the correctness of the class library for Diameter MIPv6 application protocol was testified. Expanding the Diameter base protocol can be fulfilled through defining new Diameter messages and new AVP payload types. In circumstance of MIPv6,I will define four messages (AA-Registration-Request,AA-Registration-Answer, Home-Agent-MIPv6-Request, home-Agent-MIPv6-Answer) and some new AVPs (MIP-Binding-Update,MIP-Binding-acknow -ledgement,MIPv6-Mobile-Node-Address,MIPv6-Home-Agent-Address,MIPv6-Feature-Vector,Key-Request,MN-Key-Distribution, Key-Distribu -tion) for basic AAA process of mobile IPv6 node, dynamic home agent address assignment in visited domain and Key distribution. In design of this Diameter MIPv6 application protocol, I did my best to reuse the Diameter messages and AVPs which have been defined in Diameter base protocol. Such as,CER/CEA and DER/DEA. PANA protocol is defined to finish the process of authentication between client (PAC) and server (PAA).This protocol utilize UDP transport protocol, but it defines reliable re-transport mechanism for the correctness of the message exchange. In this protocol, a series of request/answer messages are used in the process of peer-to-peer authentication, and every message is composed by zero or more AVPs payload. The payloads in this protocol are almost EAP messages and used in EAP session between PAC and PAA.In this thesis,PANA protocol will cooperate with Diameter protocol to fulfill the message exchange process between MN and AAA client. Based on PANA protocol framework, Mobile node software acts as PAC and AAA client acts as PAA.At one time,AAA client should communicate with AAA server to exchange Diameter messages, and must have the ability to parse such messages. When AAA servers begin to initialize, it should connect to other AAA servers and learn which service can be supported by other AAA servers through capability exchange request and answer. Mobile nodes may not own their static IP address at any time, so that dynamic assignment Home Agent address in visited domain is necessary. This mechanism provides a better flexile method to support the roam of the mobile node. In this section, I added a pair of Diameter messages (HOR/HOA) and defined a set of AVPs to solve it. As identified in the previous sections, many security keys need to be set up and shared between the IPv6 mobile nodes and other network entities, for example, the key between the mobile node and its Home Agent toauthenticate the binding Update and Binding acknowledgement messages. The AAA entities can play a major role in the computation and distribution of these security keys. Two key distribution methods, relying on this AAA infrastructure and allowing authenticated key distribution, are proposed. In this process, two methods can be used, one is based on random number distribution ,and the other is based on Diffie-Hellman key exchange distribution. In the aspect of implementation, I learn more from OpenDiameter software and reuse quite a few class library which had been done in OpenDiameter software packet. such as, class library for Diameter base protocol,EAP protocol and PANA protocol etc.At present,OpenDiameter is the best software packet, many excellent design patterns that be designed by ACE are used, such as Socket Connector/Acceptor design pattern, thread pool design pattern and so on. Besides such design pattern,OS abstract level developed by ACE is also took by OpenDiameter for independence from the concrete Operation System. Because of the widely using ACE library, OpenDiameter can work well in different OS platform. From the point of view of the function, the implementation of the Diameter MIPv6 application protocol should include three parts:AAA Server module,AAA client module,Moble Node module. AAA Server module that be a core module will perform such tasks: parsing message,secure transmission,establishing connection with AAA entities,session manage etc.AAA Client module will perform such task:Actting as a PAA entity to perform the authentication process with Mobile Node, communicating with AAA Server and exchanging Diameter messages, collecting the network resource information that is used by Mobile Node and encapsulating it into Diameter message which will be sent to AAA Server after a period.Mobile Node module: listening router advertisement, if the location of MN has changed, it can initialize a re-login process to the visited domain. In this situation, it act as a PAC entity. Considering the widely deployment of the WINDOWS operation system and the good developing environment, I choose the WINDOWS XP as the platform of programming. At the same time,XP OS has support IPv6 protocol stack completely and can easily install, so that will be helpful to code, compile and test. For being accordance with OpenDiameter software packet, I choose the C++ as the programmed language. According to the limit of the experiment environment, I integrate the...
|
PDF Full Text Request