计算机学报
計算機學報
계산궤학보
CHINESE JOURNAL OF COMPUTERS
2009年
3期
531-542
,共12页
黄松华%孙玉星%黄皓%陈贵海
黃鬆華%孫玉星%黃皓%陳貴海
황송화%손옥성%황호%진귀해
网络移动%信任转移%行为评估%最优路径选择%快速切换
網絡移動%信任轉移%行為評估%最優路徑選擇%快速切換
망락이동%신임전이%행위평고%최우로경선택%쾌속절환
network mobility%trust transfer%behavior evaluation%optimal path selection%fast handover
性能一直是网络移动投入实际运营的瓶颈所在,而现有认证机制产生的延时使之雪上加霜.文中为多穴嵌套移动网络的接入路由器Mesh引入一种高效的双向认证机制,基于此提出最优路径选择算法和接入失效快速恢复算法,以提高移动网络的整体性能,尤其是延时的降低.文中,基于固定AAA基础设施和动态可信邻居的安全关联转移被用于减少路由器Mesh的认证延时,其行为评估机制降低了路由器攻击或欺骗对路径评价的影响;基于顶层接入路由器网络前缀的移动路由器转交地址配置被用于消除嵌套接入环境下的多角路由和隧道嵌套问题,而必要时临时隧道和反向路由头可以替代随切换而来的绑定过程以缩短切换延时,最后通过接入路由器评价生成到达Internet的最优路径.定性分析与仿真分析表明,由于异域网络间建立安全关联的高效性,加上行为评估、路径评估和快速切换产生的性能优化作用,文中的安全Mesh在吞吐量、传输延时和切换延时方面较同类方案更加高效.
性能一直是網絡移動投入實際運營的瓶頸所在,而現有認證機製產生的延時使之雪上加霜.文中為多穴嵌套移動網絡的接入路由器Mesh引入一種高效的雙嚮認證機製,基于此提齣最優路徑選擇算法和接入失效快速恢複算法,以提高移動網絡的整體性能,尤其是延時的降低.文中,基于固定AAA基礎設施和動態可信鄰居的安全關聯轉移被用于減少路由器Mesh的認證延時,其行為評估機製降低瞭路由器攻擊或欺騙對路徑評價的影響;基于頂層接入路由器網絡前綴的移動路由器轉交地阯配置被用于消除嵌套接入環境下的多角路由和隧道嵌套問題,而必要時臨時隧道和反嚮路由頭可以替代隨切換而來的綁定過程以縮短切換延時,最後通過接入路由器評價生成到達Internet的最優路徑.定性分析與倣真分析錶明,由于異域網絡間建立安全關聯的高效性,加上行為評估、路徑評估和快速切換產生的性能優化作用,文中的安全Mesh在吞吐量、傳輸延時和切換延時方麵較同類方案更加高效.
성능일직시망락이동투입실제운영적병경소재,이현유인증궤제산생적연시사지설상가상.문중위다혈감투이동망락적접입로유기Mesh인입일충고효적쌍향인증궤제,기우차제출최우로경선택산법화접입실효쾌속회복산법,이제고이동망락적정체성능,우기시연시적강저.문중,기우고정AAA기출설시화동태가신린거적안전관련전이피용우감소로유기Mesh적인증연시,기행위평고궤제강저료로유기공격혹기편대로경평개적영향;기우정층접입로유기망락전철적이동로유기전교지지배치피용우소제감투접입배경하적다각로유화수도감투문제,이필요시림시수도화반향로유두가이체대수절환이래적방정과정이축단절환연시,최후통과접입로유기평개생성도체Internet적최우로경.정성분석여방진분석표명,유우이역망락간건립안전관련적고효성,가상행위평고、로경평고화쾌속절환산생적성능우화작용,문중적안전Mesh재탄토량、전수연시화절환연시방면교동류방안경가고효.
Performance is always the bottleneck for deploying network mobility (NEMO), and the delay resulting from existing authentication mechanism makes it even worse. This paper in-troduces an efficient authentication method for access router (AR) mesh of multihomed and nes-ted mobile networks, with path selection and fast handover support to promote whole perform-ance of mobile networks, especially to reduce the delay. First a mutual authentication method is presented based on fixed AAA infrastructure and dynamic trusted neighbors, integrated with a behavior evaluation mechanism. And based on this authentication method the algorithms for opti-mal path selection and recovery of access failure are proposed. In the solution, security associa-tion (SA) transfer is to cut down the authentication delay; multi-angular routing and tunnel-in-tunnel problem in nested situation can be eliminated through the Care-of-Address (CoA) configu-ration of mobile router based on top-level AR prefix; temporary tunnel and reverse routing header (RRH) may be borrowed to leave out the binding procedure in handover; AR evaluation will pro-duce an optimal path to the Internet. Analysis shows that, with efficient SA establishment be-tween mobile networks and the foreign networks, expected node behavior evaluation, and opti-mized route, the solution in this paper is more efficient than the counterparts in terms of through-put, packet delay and handover delay.
