Based On Certified Ipv6 Address Auto-configuration Method

IPv6, as the key protocol of the Next Generation Internet, can meet the need of rapid development of Internet with its tremendous IP address space. Moreover, plug and play, its natural advantage, has provided IPv6 nodes with good support of network accessing and mobility. As a result, IPv6 has been employed more and more widely, meanwhile, its security performance is of more and more importance, too.In an IPv6 network, IPv6 node can automatically acquire IPv6 address and other configuration information through autoconfiguration mechanism, which simplifies the network management and the process of node's roaming between different networks. However, this results in potential security problems at the same time, because there is no control measurement when IPv6 node accessing to network. So, illegal user can enter the network and get vital information freely, which should be forbidden in practice.To address this issue, some internal and foreign organizations have done some researches and put forward some solutions. Unfortunately, when addressing some specific problems, they also bring out new matters. Namely, they can't settle the issue from its headstream: security problem in address auto-configuration.This thesis researches a method of IPv6 address auto-configuration based on authentication. It adds authentication mechanism to IPv6 stateless address autoconfiguration, which only allows the legal users to obtain IPv6 address and to access IPv6 network. Consequently, it can guarantee the network security from the beginning. This thesis does some researches in the key technologies of this scenario, realizes an applicable system, and improves the performance and convenience of the secure IPv6 accessing system.This thesis introduces the background and contents of IPv6 accessing security in the first chapter, including the current solutions and the traditional IPv6 stateless address autoconfiguration. In chapter four, the scheme and structure of secure IPv6 accessing system based on authentication are discussed, and the framework of the system is constructed. Charter five is the keystone of this thesis, which discusses the key difficult points that need to be solved, and the available solution methods. The key techniques include authentication-based router solicitation and router advertisement, security technique and other non-core technique. Finally, chapter six introduces test and development environment.