The Security Mechanism And Implementation For Mobile IPv4 And Mobile IPv6

The Mobile IP protocol can provide mobility support for Internet, which allows the mobile node to roam in Internet and maintain its communication uninterrupted with no change of its IP address and current route mechanism. Mobile IP can divide into Mobile IPv4 and Mobile IPv6 based on different type of net. With the implementation of Mobile IP in the real network, its security becomes especially important, which includes access authentication and mobility signal encryption under the mobile IP environment. This paper analyses and discusses the access authentication under Mobile IPv4 environment and the mobility signal encryption under Mobile IPv6 environment independently, then proposes solution and designs system model.In the first part of this paper, we discuss the security mechanism of Mobile IPv4. First we analyse the basic Mobile IPv4, its authentication mechanism, and the necessity and inevitability of introduction of AAA infrastructures. Based on RFC 4004, a solution of access authentication and dynamic key distribution with cooperation of Mobile IPv4 and AAA is designed, which includes two sub systems - MIPv4 and AAA. AAA server can authenticate mobile node, and distribute key for mobile node and network. The solution supports kinds of algorithms for authentication and encryption, and makes AAA function extensions conveniently.Then we design the system model of this Mobile IPv4 authentication mechanism. Using the MIP extension of OpenDiameter which is the open source of AAA, and modifying Dynamics which is the open source of MIPv4, we implement the cooperation of MIPv4 and AAA protocol, and finally implement the security mechanism under Mobile IPv4 environment. This paper detailedly describes how to realize every entity and modules, and finally finishes the software for this system.In the second part of the paper, we focus on the security mechanism of Mobile IPv6. First we analyse the basic Mobile IPv6 and IPSec protocol, and find the problem existed in the current protocol, which therefore makes IKE protocol introduced. Based on the general idea of RFC 3776 and RFC 4877, a solution of key exchange deployed under mobile IP environment is designed. This solution can implement IKEv2 exchange under Mobile IPv6 environment, negotiate IPSec Security Associations between mobile node and home agent before the mobile registration, which can be used later for IPSec ESP to encrypte mobile registration message and protect the privacy of mobility signal between mobile node and home agent.Then we design the system model of this Mobile IPv6 signal encryption mechanism. Using OpenIKEv2 which is the open source of IKEv2 for dynamic key exchange, modifying MIPL which is the open source of MIPv6, we implement the cooperation of MIPv6 and IKEv2 protocol, and finally implement the security mechanism under Mobile IPv6 environment. This paper detailedly describes how to realize every entity and modules, and finally finishes the software for this system.At last, based on the two system model above, test environment is set up independently. The test focuses on the protocol coherency of the system model. The analysis of test results is finally presented, which indicates that the system model of Mobile IPv4 authentication mechanism accords with RFC 4004 and the system model of Mobile IPv6 signal encryption mechanism accords with RFC 3776 and RFC 4877.