Multi-stage security supporting mobile IPSec transmission authentication method

Abstract

The invention discloses mobile internet protocol security (IPSec) transmission authentication methods capable of supporting multi-level security, which aim to solve the problems of correspondent-node (CN) registration and safe transmission of a mobile IPv6 network with multi-level security property. The methods include: the transmission authentication methods for the three conditions that the CN is a single-security level node, a single-security level server and a multi-security level server respectively. The transmission authentication methods for the three conditions achieve the agency registration via a mobile node (MN) in the form of certificate and digital signature with regard to the multi-level authorization of the unified identifier (UID), establish the mobile internet protocol security-security association (MIPSec / SA) from the MN to the agency at the same time of registration, and complete the forced access control judgment in the access gateway and the server in charge of allocating the forced access control mechanism. The transmission authentication methods for the three conditions are implemented by modifying the internet key exchange version 2 (IKEv2) and employ each access gateway as the mobile agency of MN. The transmission authentication methods overcome the problem that the former two protocols in the IKEv2 protocol are out of protection, support the implementation of multi-level security property of the mobile IPv6 network, and have high security and validity.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a mobile IPSec transmission authentication method, which is used to realize peer registration and secure transmission of a mobile IPv6 network with multi-level security features. technical background [0002] The Internet Engineering Working Group IETF formally proposed the Mobile IPv6 protocol, RFC 3775, in June 2004 on the basis of IPv6. This protocol has greater advantages than IPv4 protocol in supporting mobility, solving security problems, realizing high service quality, and providing sufficient address space. However, due to the relatively fragile security mechanism of the Internet itself, coupled with the openness of wireless network transmission media, the large-scale mobility of mobile terminals, the dynamics of topological structures, and the limited storage and computing resources of mobile devices, mobile IP networks It is more vulnerable to secu...

AI Technical Summary

Problems solved by technology

[0019] 1. IPSec is limited to the use of fixed networks, and it is difficult to apply in the mobile IP environment. Mobile IPv6 only uses IPSec to protect signaling between the mobile node and the home agent, and cannot provide the registration function of the MN to the CN;

[0020] 2. The transmission security of the existing mobile IPv6 network is not based on IPSec, and there is no support scheme for multi-level security;

[0021] 3. The first two messages of the IKEv2 protocol are not protected and are vulnerable to man-in-the-middle attacks;

[0022] 4. IPSec itself does not support the protection of multi-level security networks;

[0023] 5. In the security protection of large-scale distributed mobile IPv6 networks, user identities need to be authenticated. However, the IPSec protocol neither specifies how to define user identities nor specifies the requirements for the required public key infrastructure.

[0024] Therefore, regardless of security or feasibility, IPSec is not suitable for protecting the security of mobile IPv6 networks, and it is even more unsuitable for protecting the security of peer registration and data transmission in mobile IPv6 networks with multi-level security features.

Images