Research On IP Registration Technology Of Multi-level Mobile IPv6 Networks

Multi-level security technology is widely required for applications in the military and commercial fields. Multi-level security is defined as a system which allows the storage of information in different sensitivity levels, system information processing following the principle of "knowledge on demand" by users owns different security identities and authorizations and deny the users without security ID, authorization or the need to access the information. Organizations related to national defense and some other security-sensitive business divisions have an urgent need for multi-level security technology. And, with the application of distributed system and the growing of network, how to build a multi-level security network becomes an urgent task. Mobile IPv6 is the optimum protocol for next-generation network and the study on the Multi-level security technology in the Mobile IPv6 network is of great importance. This paper has done the following work:This paper provides a solution and deployment plan of a security framework for Mobile IPv6 with the multi-level security features. Aiming at the security issues in the IP layer, a framework supporting Multi-level security is proposed which extends the traditional IPsec protocol. A registration scheme based on MlPsec architecture and Digital certification technology is proposed, including access registration, data transmission and handover technology. It could enhance the authentication of the initial message of IKEv2 protocol and overcome the vulnerability of the first two IKEv2 messages to spoofing attack and man-in-the-middle attack.Considering the limited computing capability of mobile equipment, we have proposed an IP registration scheme based on position prejudging and trustful home agent, which could reduce the calculating overhead of mobile node, decrease the access and handover delay and satisfy the special requirement for the Multi-level security. By utilizing trustful home agent (high level of security) or location agent (general level security) to finish the overhead computing in the identity Authentication, the amount of computing on MN is reduced significantly. Thus, this scheme could enhance the performance of IP registration and effectively reduce the delay of access and handover procedure.