Research On The Technology Of Network Mobility Based On AAA Mechanism

To meet the demands of people to communicate everytime and everywhere, Mobile IP hasextended from host mobility to NEtwork MObility (NEMO). NEMO has a promising applicationfuture in the next generation network, as it handles the mobility of a set of mobile nodes in anaggregate way. However, NEMO suffers from the problems such as Authentication,Authorization and Accounting (AAA), undirected routing, handoff latency, security, et al. In theexisting solutions for these problems, the combination of mobility management technology andAAA mechanism is not perfect which limits the application of NEMO. Therefore, thisdissertation is devoted to researching on the NEMO technology based on AAA mechanism.Based on the analysis of requirements of the NEMO AAA mechanism in the aspects ofsecurity, performance and deployment, three schemes which give consideration to both mobilitymanagement optimization and AAA are proposed to respectively deal with the global mobilitywith inter-domain authentication, local mobility with inter-domain authentication and the pathMaximum Transmission Unit (MTU) discovery after handoff.1. In order to reduce the impact of authentication between domains on performance ofNEMO, an authentication mechanism based on local security associations (AMLSA) is proposed.The authentication and binding update procedures are integrated by adding the addressregistration information into the authentication messages. With the help of hierarchical mobilitymanagement strategy and local security associations, AMLSA localizes the message flow of theintra-domain handoff, protects the address registration information and eliminates thetunnel-in-tunnel problem. Analysis and Simulation show that, AMLSA not only implements themutual authentication but also resists various attacks such as modified attack, and outperformsthe counterparts in terms of the computation cost and handoff latency.2. To provide security against the fraudulent address registration messages of NEMO inProxy Mobile IPv6domain, a NEMO solution based on authentication (NEMO-PA) is proposed.With the help of extended routing information, expanded mobile security associations and theintegration between the authentication and binding update procedures, NEMO-PA speeds uphandoff, confirms the security of NEMO and reduces the tunneling overhead. Analysis andSimulation show that, NEMO-PA outperforms the counterparts in terms of the computation cost,and handoff latency.3. To solve the MTU problems of Nested NEMO, a tunnel MTU discovery mechanismbased on location update (TDLU) is proposed. By storing the path MTU values between thehome agents at them and adding the MTU information into the signaling messages protected byAAA mechanism, such as router advertisement and binding update, the mechanism can track thetunnel MTU fast and securely with the location update process, and adapts to the multihomingconfiguration and a variety of route optimization schemes. The simulation shows that thismechanism reduces packet delay and transmission overhead, improves bandwidth utilizationcompared to the existing solutions.