Design And Implementation Of Service Secure Access Mechanism In LTE-Based Smart Identifier Mobile Private Network

With the rapid development of information technology,the Internet has brought numerous convenience to people's lives,but also brought many security problems due to the defects of its original design.In order to fundamentally overcome the disadvantages of the traditional Internet,the National Engineering Laboratory for Next Generation Internet Interconnection Devices proposed a new network architecture called Smart Identifier Network which has better security and scalability.At the same time,the scale of accessing the Internet through mobile terminals is also increasing year by year.The core network of LTE(Long Term Evolution)which is the mainstream technology in 4G era adopt itself with whole IP architecture,providing the possibility for the integration with the next generation network.This thesis relies on the Major Security Project"Applied Researchof Identifier Network Technology in MobilePrivate Network" to design and implement a service security access mechanism in LTE-Based Smart Identifier Mobile Private Network.The mechanism achieve the nearest accessing to services for mobile users as well as the fine-grained services security access control and protection for mobile users,protecting the safety of service resources in identifying network and and the efficiency of mobile users accessing services.This thesis is mainly about the design and implementation of Service Secure Access Mechanism in LTE-Based Smart Identifier Mobile Private Network.Firstly,this thesis summarizes the LTE and Smart Identifier Network,and brings forward the protocol principle of adding service access function in the mobile communication network.Secondly,the thesis carries on requirement analysis and scheme design of the service security access mechanism,and then explains the implementation of each module from the point of view of the code.What have been designed and implemented in the thesis are:Through the design and implementation of the service matching module and service caching module in the LTE core network,the aritcle completes the function requirement of mobile users accessing service from the the nearest netelement in the LTE core network.Through the design and implementation of SID(Service Identifier)analysis module in Service Parsing Server,identifier mapping module in PGW and the routing mechanism in Identifier Private Network,the thesis achieves the fine-grained service access control for user and the routing based on RID(Router Identifier)for service,which increase the safety of service resources and reduce the network redundancy in routing.Through the design and implementation of user service reputation management table,user service management information interaction in control layer and the detection and defense mechanism for mobile user's aggressive behavior,the thesis accomplishes the detection and defense mechanism for service-based DOS attack,guaranteeing the performance security of Service Parsing Server and the reliability of the normal user accessing service.We test and analyze the program in our prototype.The test results verify the basic functions of service security access mechanism,the mechanism excellently achive the requirements of nearest accessing to services for mobile users,while enhancing the safety of service resources and the reliability of the mobile user accessing service resource.Finally,the thesis concludes the full text,which lays a good foundation for the follow-up work.