Method for constructing safety system and safety mechanism for mobile IP

Abstract

The invention discloses a method for constructing a safety system and a safety mechanism for a mobile IP, and the system in the invention is composed of a foreign network consisting of a plurality of mobile nodes, an SSL VPN gateway and an intranet consisting of a home agent and a communication opposite terminal, wherein each mobile node consists of a VPN module and a mobile IP protocol module. The method for constructing the safety mechanism in the invention has the following steps: 1) registering on the home agent when a mobile node roams to other places; 2) responding to the register request of the mobile node by the home agent and performing authentication, encryption and encapsulation on the data grouping by the mobile node; 3) performing authentication and decryption and submitting to the home agent after the SSL VPN gateway receives the data grouping of the mobile node; and 4) removing IP-in-IP encapsulated by the mobile IP protocol by the home agent, submitting to the communication opposite terminal and completing communication. The invention is suitable for environments with low mobile network bandwidth and long time delay, and is convenient in maintenance.

Description

technical field [0001] The invention belongs to the technical field of mobile communication and information security, and relates to a security system and security mechanism of a mobile IP network. Background technique [0002] With the accelerated pace of life, people are not satisfied with studying and working in a fixed place. With the construction of mobile networks in full swing, the coverage of mobile signals enables people to surf the Internet anytime, anywhere. Mobile IP (Mobile IP) technology meets people's needs for node mobility. However, the openness of wireless links makes network security risks such as network eavesdropping, denial of service and session hijacking more prominent than before. The IETF working group did not consider security factors when formulating the corresponding specifications for mobile IP. This has led to the combination of mobile IP and various existing security technologies, such as the mobile VPN based on IPSec (IP Security) of CISCO...

AI Technical Summary

Problems solved by technology

[0003] Although the IPSec protocol adopted by IPSec mobile VPN technology is mature and widely used, the configuration is complex, IKE is very cumbersome, and the system overhead is large, so it is not suitable for use in low-bandwidth and high-latency mobile network environments, and IPSec VPN and mobile The combination of IP will result in complex network environment, difficulty in establishing IPSec tunnel, and high tunnel encapsulation overhead

[0004] SSL VPN inherits the ease of use of SSL (Secure Sockets Layer) and the privacy of VPN (Virtual Personal Network), and has good ease of use and practicality. It is more suitable for use in mobile network environments than IPSec VPN, but the current mainstream SSL VPN obviously lacks the management of mobile nodes, and the system architecture relationship with other mobile entities is also blank

Images