Multi-stage security mobile IPSec access authentication method

Abstract

The invention discloses mobile internet protocol security (IPSec) access authentication methods capable of supporting multi-level security, which belong to the technical field of network security and aim to solve the problem of safe registration of a mobile node (MN) in a mobile IPv6 network with multi-level security property. The methods include: the method of access authentication of the MN in a home network and the method of access authentication of the MN in a foreign network. The two methods both achieve the agency registration via the MN in the form of certificate and digital signature with regard to the multi-level authorization of the unified identifier (UID), and establish the MIPSec / SA and the SAH / SA from the MN to the agency at the same time of registration, wherein the established SAH / SA is used for prevent the leakage of the multilevel security network information. The two methods are implemented by modifying the internet key exchange version 2 (IKEv2) and employ each access gateway as the mobile agency of MN. The access authentication methods enable the simultaneous operation of registration, ID-based mutual authentication and the establishment of MIPSec / SA and SAH / SA, overcome the problem that the former two protocols in the IKEv2 protocol are out of protection, defend against the threat due to the openness of wireless link, and have high security and validity.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a mobile IPSec access authentication method, which is used to realize the security registration of MNs to agents in a mobile IPv6 network with multi-level security features. technical background [0002] The Internet Engineering Working Group IETF formally proposed the mobile IPv6 protocol, RFC3775, in June 2004 on the basis of IPv6. This protocol has greater advantages than IPv4 protocol in supporting mobility, solving security problems, realizing high service quality, and providing sufficient address space. However, due to the relatively fragile security mechanism of the Internet itself, coupled with the openness of wireless network transmission media, the large-scale mobility of mobile terminals, the dynamics of topological structures, and the limited storage and computing resources of mobile devices, mobile IP networks It is more vulnerable to security t...

AI Technical Summary

Problems solved by technology

[0019] 1. IPSec is limited to the use of fixed networks, and it is difficult to apply in the mobile IP environment. Mobile IPv6 only uses IPSec to protect signaling between the mobile node MN and the home agent HA;

[0020] 2. IPSec cannot provide the registration function of the MN when accessing the network in the mobile IPv6 network;

[0021] 3. The first two messages of the IKEv2 protocol are not protected and are vulnerable to man-in-the-middle attacks;

[0022] 4. IPSec itself does not support the protection of multi-level security networks;

[0023] 5. In the security protection of large-scale distributed mobile IPv6 networks, user identities need to be authenticated. However, the IPSec protocol neither specifies how to define user identities nor specifies the requirements for the required public key infrastructure.

It is even more unsuitable to protect the access registration security of mobile IPv6 networks with multi-level security features

Images