JP2003338850A - SECURITY ASSOCIATION MANAGEMENT SERVER FOR Mobile IP NETWORK - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for solving an asynchronous security association (SA) between nodes by introducing a security association policy server for digital network IPsec corresponding to Mobile IP beyond third generation and suited to an Internet protocol. <P>SOLUTION: The security association policy server stores data associated with communications and the security association between nodes in the network and determines a security association management protocol with respect to the SA. The security association management server determines the suitable combination of security association management factors according to the security association management protocol to ensure synchronization between nodes. Concretely, when it is determined that the SA is not required, a deleting command or an executing command of resetting of the SA is reported to the node. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to Internet Protocol Security "S" implemented in an Internet Protocol (IP) based mobile radio communication network.
securityArchitecture for I
Internet protocol ”(IPsec). In particular, it relates to synchronization of security associations (SA) for real-time two-way digital data communication such as "Voice over IP" (VoIP) in IP-based mobile wireless data communication networks and wireless LANs of the third generation and above.

[0002]

BACKGROUND OF THE INVENTION Digital data communication networks have become ubiquitous in business, commerce, and personal life around the world. Public Internet and dedicated local area network (L
AN / wide area network (WAN) is becoming an increasingly important backbone of data communication. These networks provide data communication services / applications including sending and receiving email, accessing and sharing files, accessing data services, and so on.

Almost all data communication networks, including the Internet, follow substantially the same addressing "addressing" and routing protocols. According to these protocols, each device (node) and server (or router) that access the network in the network has a unique address called an IP address. In order to perform digital data communication within a network or across a network, a transmitting device (transmitting node) divides data into so-called "packets" and then transmits the data.

The packet includes communication control information such as the IP address of the source node and the IP address of the destination node, other information specified in the protocol, and the substance of the data sent to the destination node. There is. When transmitting one data, a plurality of packets are created and transmitted according to the transmission data amount and other factors.
The transmitting node transmits each packet separately, and the plurality of packets are routed to the destination by a router between the transmitting node and the destination node (CN) on the network. The plurality of packets do not necessarily have to reach the destination node via the same transmission route, and need not arrive at the same time. This is because each packet is marked in the process of packetization.
This indicator allows the destination node to reassemble the packets in their original order, even if the packets arrive at different orders and at different times, and thus reproduce the original data from multiple packets. You can

The wireless communication division ITU-R of the International Telecommunications Union (ITU), which is an authorized institution of data communication network standards, has established IMT-2000, which is a world standard for digital mobile phones. This standard applies to mobile phones,
We propose a so-called third-generation or later (3G, 3.5G, 4G, etc.) data communication network including various types of mobile access such as personal digital assistants (PDA) and handheld computers by mobile radio.

The communication network of the third generation or later proposed by ITU supports IP-based data communication. That is, all data is digitally communicated in packet units from node to node according to the address allocation protocol and routing protocol used in the Internet. Further, in the proposed third generation or later wireless communication network, the mobile node (MN) can freely move within the network while connecting to the network and performing data communication with other fixed nodes or mobile nodes. . Therefore, these networks are particularly concerned with address allocation to moving mobile nodes, dynamic routing of data packets between communicating nodes, and security and authentication when the mobile nodes change network connections or packet transmission routes. Can handle problems.

[0007] Providing host mobility support (mobility support) to mobile nodes by means of communication networks is particularly important since mobile nodes are expected to occupy the majority or at least a substantial part of the nodes used in the Internet in the near future. is important. Internet Technology Standards Committee (IET), which is an international group of network designers, network operators, network equipment manufacturers, and researchers who are interested in the evolution of the Internet architecture and the smooth use of the Internet.
F) proposes multiple standards for mobility support. These include RFC2002 (Mobile
Proposed standards for IP mobility support such as IPv4) and Internet Draft "Mobility Support in IPv6"
(MobileIPv6) is included.

Mobile IPv4 and Mobile
According to the protocol operation defined by IPv6, the mobile node can move from one link (network) to another link without changing its own IP address. The IP address of the mobile node is always specified by the "home address" of the mobile node. The home address of the mobile node is an IP address assigned to the mobile node so as to have the subnet prefix of the home network (HN) of the mobile node. Packets are routed to the mobile node using its home address, regardless of the mobile node's current point of attachment to the Internet, so that the mobile node may move to another link, even though the destination node (fixed node or It can be either a mobile node or a mobile node). Therefore, the movement of the mobile node away from the home network does not affect protocols and applications above the transport layer.

MobileIPv6 is MobileI.
It has many similarities with Pv4, but is fully integrated with the IPv6 protocol and has many improvements over MobileIPv4. For example, "route optimization"
Since MobileIPv4 is added as an extension option, it cannot be assumed that all nodes support route optimization, but MobileIPv4
In No. 6, it is incorporated as an essential element of the protocol. The route optimization function optimizes the packet transmission route by setting the transmission route that directly connects the mobile node and the destination node.

As mentioned above, each mobile node is always identified by the mobile node's home address, regardless of the mobile node's current point of attachment to the Internet. If the mobile node is away from its home network, the mobile node will also receive a care-of address.
dress) is also associated. At the care-of address,
Contains information about the mobile node's current point of connection to the Internet. In MobileIPv4, a mobile node operating away from the home network registers its own care-of address in its own home agent (HA). Similarly, MobileIPv6
Also in, the mobile node operating away from the home network sends a registration request to the home agent in order to notify the home agent of its own care-of address.

When the home agent receives the registration request, it intercepts the packet addressed to the corresponding mobile node and tunnels it to the care-of address of the mobile node. However, in the communication originating from the mobile node in the opposite direction, the packet is sent directly from the mobile node to the destination node. In this way, so-called triangular routing of packets occurs, causing a problem of asymmetric packet delay. The current care-of address of the mobile node is notified to the destination node in order to set a transmission route (direct connection route) for sending a packet directly from the destination node to the mobile node. In MobileIPv4, when a home agent receives a packet addressed to a mobile node that is away from the home network from a correspondent node, it transmits binding information to this mobile node, whereby a direct connection route is set. Mobile
In IPv6, the mobile node sends a "binding update" directly to the correspondent node to set the direct route.

Next, MobileIP has a problem regarding security. For example, MobileIP
According to the location registration protocol specified in v4, the communication to the mobile node is tunneled and transferred to the care-of address. However, if the location registration is not authenticated between the home agent and the mobile agent, the tunneling transfer may make the communication network very vulnerable. Further, the packet is directly routed to the mobile node by the binding update operation defined in MobileIPv6. However, if any of the packets including the binding update is not authenticated between the mobile node and the destination node, the security problem may occur when the packet route is changed.

The basic structure of IPsec is shown in RFC2401. RFC2401 proposes IPsec using encryption technology, which includes a group of security services provided to deal with problems such as connection integrity, data source authentication, and confidentiality. Has been. Basically, IPs proposed in RFC2401
ec depends on the common encryption key, and the communication between the sender and the receiver is encrypted and decrypted by the common encryption key. Therefore, in order for this IPsec to work, the encryption key, the authentication (encryption) algorithm, and the parameters necessary to implement the algorithm before performing secure communication between the sender and the recipient. It is necessary to conclude an agreement regarding. This arrangement is called the Security Association (SA).

A common method of setting a cryptographic key is key distribution and key generation. An example of key distribution is using a common encryption key supplied by a trusted third party who provides an authentication service. One of the most used key generation methods is "Diffie-Hellma.
n, (D-H) "algorithm. In the DH algorithm, each of the sender and the recipient mathematically combines the secret information of itself and the public information of the other party to calculate the common encryption key. RFC2 for details of key management protocol
408.

IPsec can be applied to both MobileIPv4 environment and MobileIPv6 environment. For example, in MobileIPv4, when a mobile node distant from the home network registers a care-of address with the home agent, the home agent and the mobile node discuss SAs that can be agreed with each other and set an encryption key. The encryption key is then used to protect the tunnel ring communication. Similarly, Mobile
IPsec is also implemented in the route optimization process in IPv6. A mobile node leaving the home network informs the mobile node of its current point of attachment to the Internet by sending a binding update to the destination node. Next, the mobile node and the partner node negotiate SAs that can be agreed with each other, and determine the encryption key. Thereafter, the encryption key is used to protect the communication performed through the direct connection path. Furthermore, in IPsec, two or more SAs with different security policies can be established between two nodes. The SA is uniquely identified by the security parameter index (SPI). S
For PI, for example, a 32-bit integer is used.

[0016]

[Non-Patent Document 1] C.I. C. Perkins edition,
"IP Mobility Support,
RFC 2002, October 1996

[Non-Patent Document 2] D. B. Johnson (DB Johnso
n), C.I. C. Perkins, "Mobility Support in IPv6
6) ”Internet draft draft-ietf-mobileip-ipv
6-13, November 17, 2000

[Non-Patent Document 3] S. Kent, R.K. R. Atkinson, "Security Architecture for Internet Protocols (Security Architecture
for the Internet Protocol) ", RFC2401, 1
November 998

[Non-patent document 4] D. D. Maughan, M.A. M. Schertler, M.S. Schneider (M. Sch
neider), J. J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)"
ation and Key Management Protocol, (ISAKMP)) ”,
RFC 2408, November 1998

[Non-Patent Document 5] S. Deering, R.D.
R. Hinden, "Internet Protocol Version 6 (IPv6) Specification (Internet Proto
col, Version 6 (IPv6) Specification) ", RFC2
460, December 1998

[Non-Patent Document 6] T.W. T. Narten, E. E. Nordmark, W. Simpson (W. Simp
Son), “Neighbor Discovery for IP Version 6 (Neigh
bor Discovery for IP version 6 (IPv6)) ", RFC
2461, December 1998

[Non-Patent Document 7] S. Thomson, T.S.
T. Narten, “IPv6 Stateless Address Autoconfigu
ration) ", RFC 2462, December 1998.

[Non-Patent Document 8] C.I. C. Perkins, D.M.
B. DB Mobile, "Mobile
Route Optimization in Mobi
le IP) ”, internet draft draft-ietf-mobile
ip-optim-09, February 15, 2000

[Non-Patent Document 9] S. Kent, R.K. R. Atkinson, "IP Authentication Header (IP Auth
entication Header) ", RFC2402, November 1998

[Non-Patent Document 10] S. Kent, R.K. R. Atkinson, "IP Cryptographic Payload (I
P Encapsulating Security Payload) ", RFC240
6, November 1998

[0017]

The structure of IPsec proposed in the above-mentioned documents is MobileI.
Although it works relatively well in a P environment, there are challenges and problems to overcome, and efforts are being made to improve and better implement the proposed IPsec. For example, if the proposed IPsec is implemented in a mobile environment, a certain amount of time will be required in the process of setting the SA between the mobile node and the correspondent node. In order to protect the data transmission, the SA must be established before the communication of the protected data takes place. However, the time itself required to establish SA becomes a communication delay. Once SA is established,
Each node stores the SA in its cache (ie, Security Association Database (SAD)).
Therefore, in subsequent communication, it is not necessary to reset SA between these nodes. However, due to security issues, the SA has a certain valid period, and the SA will be deleted after the period expires.

Since the storage device of each node has a finite capacity, only a limited number of SAs can be stored in the node. Specifically, the following situations are possible. Mobile nodes can communicate with mail servers, websites, and their home agents. For each of these communications, two SAs for data input and data output are established. If each SA requires 256 bits of information, the mobile node needs to store 1536 bits of data for only three communications.

When the number of SAs stored in a node approaches the limit of the storage capacity and a new communication is set, the SAs stored are stored in order to secure a free space for storing the SA for this new communication. You need to remove one from the.
For example, in general, the longest unused time SA (LRUS
The SA is deleted according to the SA management protocol such as deleting A).

Since the SA has been deleted in one node, the SA is no longer in sync even though the corresponding SA in the destination node remains stored. The next time the two nodes communicate, the SA needs to be set again. It is clear that the generation of a new SA not only makes inefficient use of memory in the node, but also causes communication delay. Therefore, unless the SA expires, or if there is a request from the node to delete the SA under the circumstances where the security of the SA is considered to have been compromised, the S generated once is generated.
Ideally, A should not be deleted as much as possible.

In order to optimize communication between nodes in a mobile communication network, it is desirable to maintain SA synchronization between the two nodes. To synchronize SA between two nodes, keep alive negotiation (keep
-alive negotiation) is convenient. In keep-alive negotiation, nodes periodically exchange information packets to determine if the packets reach the destination node. It is also possible to judge whether or not the SA exists in the cache by exchanging the information packet including the SPI list. When it is considered that the SA does not exist, the corresponding SA of the partner node is deleted. However, this negotiation may cause a communication delay.

The communication delay is not a serious problem in the delivery of electronic mail and the file transfer. This is because such data communication is not a real-time interactive application and is not significantly affected by communication delays. However, for real-time interactive data communication applications such as VoIP and real-time interactive multimedia, Mobile
The implementation of IPsec in the eIP environment has become a new issue.

Such real-time two-way data communication application is greatly affected by transmission / reception timing, unlike electronic mail or file transfer. When a key generation method such as a DH algorithm that requires a large amount of calculation is used in the key setting process, the communication delay due to the setting of SA becomes significantly large. In order to avoid the communication delay caused by the maintenance of the SA, it is desirable to securely store the SA during the valid period and delete the SA only after the valid period has elapsed. By synchronizing the SA, it becomes possible to appropriately maintain the SA. Therefore, the S of the mobile node
It is required to manage A efficiently and minimize the communication delay of the mobile communication network.

[0024]

SUMMARY OF THE INVENTION It is an object of the present invention to provide an advanced management method for synchronizing SA between two nodes of a mobile communication network. Specifically, by ensuring SA synchronization between nodes, packet delays resulting from unnecessary authentication processes and SA setup processes are reduced. Furthermore, by synchronizing the SAs between the nodes, a storage device that stores a plurality of SAs is used efficiently.

In one aspect of the present invention, an advanced SA management server is provided in the mobile communication network to perform SA synchronization between nodes. The SA management server communicates with the nodes in the communication network and stores information regarding the communication performed between the nodes. Specifically, it communicates with mobile nodes connected to a communication network that complies with the Internet protocol, and communication is performed between these mobile nodes and various nodes in the communication network to which the mobile node has established a connection. Accumulate information about. The information regarding the communication stored and held by the SA management server includes the destination address and the communication source address in the communication, the type and port number of the protocol used, and the security policy of each SA.

The SA management server analyzes this communication information and determines the SA management protocol. The SA management protocol relates to the reliability of holding the SA in the node. Based on this SA management protocol, the SA management server applies rules or predetermined criteria called various SA management factors to determine whether a certain SA is synchronized with the SA stored in the destination node. judge. The SA management server determines whether the SA is synchronized according to the SA management factor, and whether the SA should be deleted before the expiration date of the SA when it is determined that the SA is not already synchronized. decide. The SA management server may use various SA management factors according to the SA management protocol in order to ensure the data consistency required by the SA.

The method of synchronizing the security association with the node on the communication network according to the Internet protocol is as follows. First the mobile node stores the security association and then the SA
The management server stores the data associated with the security association, and then the SA management server analyzes the data associated with the security association using predetermined criteria.

[0028] In this data analysis, the SA management server should not delete the Curity Association stored in the mobile node for the next communication or delete it before the validity period of the SA expires. Decide what to do Specifically, the mobile node communicates with the SA management server and transmits data regarding the communication to the SA management server. The SA management server analyzes the data and determines whether the SA stored in the node is synchronized with the SA stored in the destination node.

By managing the SA in this way, it is possible to reduce the amount of memory used and the calculation time in a node such as a PDA or a mobile phone that has a scarce hardware resource. This is because the SA management server determines which SA should be held in the storage device of the node. In this way, the SA management server is the node S
By managing A, the packet delay caused by the SA-based authentication process that is unnecessarily deleted from the storage device instead of the SA that does not need to be retained and the SA setting process is reduced, and when the SA is stored. Improves memory usage efficiency.

[0030]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT A preferred embodiment of the present invention will be described with reference to the drawings. In the drawings, similar components are designated by the same reference numerals. The description of the preferred embodiments herein is illustrative only and does not limit the scope of the invention.

FIG. 1 shows an example of a third generation mobile radio data communication IP network (data communication network) 100 to which the present invention is applied. The data communication network 100 is an IT system for mobile wireless communication networks.
It shall comply with U's IMT-2000 standard and specifications. The data communication network 100 further includes an IE
MobileIPv6 and Mo proposed by TF
It implements mobile IP support based on the billIPv4 standard.

The data communication network 100 has an IP fixed core network (communication network) 120 composed of fixed nodes as its backbone network. The communication network 120 has a number of fixed nodes (fixed connection / link points) not shown in the figure. Digital data is IP such as IPv6 (RFC2460)
It is exchanged within the communication network 120 or across the communication network 120 according to the protocol. A plurality of gateway routers 130 are added to the communication network 120, and the set of these forms the IP mobile backbone 110. The IP mobile backbone 110 routes data packets from a transmitting node connected to a network to a destination node according to a conventional Internet address allocation protocol and routing protocol.

Each gateway router 130 constituting the IP mobile backbone 110 is itself a node of the IP fixed core network 120, and has one unique IP address for communicating via the IP fixed core network 120. . A server (or router) 145 is connected to each gateway router 130, and the router 145 also has one unique IP address and functions as a home agent (HA) or a foreign agent (FA). The router 145 uses MobileIPv4 (R
The mobile node 135, the correspondent node 140 and the IP fixed core network 1 as defined in FC2002).
20 is connected. The mobile node and the destination node may be different mobile wireless communication devices such as a mobile handset, a mobile phone, a handheld computer, a personal information device (PDA, PIM), and a wireless data communication terminal.

Mobile node 135 and correspondent node 140
One home network is assigned to each of the. Also, the mobile node 135 and the correspondent node 140
To each of the home network routers 14
One of the five routers 145 is assigned as a home agent. When each of mobile node 135 and correspondent node 145 is operating in its own home network, its home agent serves as a connection point to communication network 120. That is, when the mobile node is operating in the home network, the home agent 145 of the mobile node routes packets addressed to and from the mobile node 135.

Further, according to the proposed standard corresponding to MobileIP, the home agent 1 of the mobile node 135
45 has a function of holding information regarding the position of the mobile node, that is, the care-of address of the mobile node when the mobile node is away from the home network area.
At least the proposed basic MobileIP
According to the v4 standard, when the mobile node 135 is outside the home network area, the home agent 1
The 45 continues to perform routing of packets addressed to the mobile node 135 (that is, tunneling transmission).

Router 145 other than home agent
Functions as a foreign agent (FA).
If the mobile node leaves the home network area, the foreign agent may
To provide a connection (access) point to the network. When the mobile node is away from the home network area, the foreign agent serving as the connection point of the mobile node 135 is the mobile node 1
Route packets destined for 35 or from mobile node 135.

Each of the agents (that is, routers) 145 communicates with the mobile node 135 or the partner node 140 which is the partner node via the wireless base station communication network 150 connected to each. Each wireless base station communication network 150 includes a plurality of wireless base stations (B
TS). Mobile node 135, correspondent node 140, and wireless base station communication network 150
Communicate with each other using CDMA, W-CDMA or similar digital data communication techniques. The configuration, arrangement and function of the wireless base station communication network 150 (that is, the network of the BTS 155) are conventional and general. Similarly, mobile node 135 and BT
In S155, the CD is recorded by the conventional general technique.
Digital data communication technologies such as MA and W-CDMA are mounted.

Each node transmits and receives packets according to the OSI standard. The OSI standard defines communication protocols in seven layers (that is, application layer (seventh layer), presentation layer (sixth layer), session layer (fifth layer), transport layer (fourth layer), and network layer (third layer).
Layer), a data link layer including a Media Access Control (MAC) layer (second layer), and a physical layer (first layer)). According to the OSI standard, control (Contr) starts from the highest layer (7th layer) of the transmitting node.
ol) is sequentially passed one layer at a time to the lower layer to the lowermost layer (first layer). Then, the control (Control) is passed to the destination node via the communication network, and is sequentially passed from the lowermost layer to the upper layer of the destination node to the uppermost layer.

Of these layers, the lower three layers (first to third layers)
Layer) contains the underlying communication protocol. For example, in the first layer, bit data is transmitted / received to / from the BTS, but information regarding the meaning of the transferred bits is not included in the transmission / reception. The first layer deals with the electrical properties of the signals and the mechanical properties of the wiring scheme. B in the second layer
The validity and integrity of the communication with the TS is dealt with. That is, the communication protocol with the BTS, which interprets the meaning of bits to some extent, is handled. The third layer is responsible for setting a communication path on the network. This layer interprets the meaning of the data and handles address allocation, routing and security protocols.

In the entire data communication network 100, the mobility of the mobile node includes macro mobility,
There are three mobilities: intermediate mobility and micro mobility. Macromobility is a change in location of a mobile node, such as a mobile node moving away from a home network (HN) to a communication network belonging to another agent (that is, a foreign agent). In other words, the link (or connection) point of the mobile node to the data communication network changes from one agent to another.
Macro mobility includes a change in position between a home agent and a foreign agent, or a change in position between foreign agents, and is also called inter-agent mobility. Intermediate mobility is a change in the position of a mobile node that changes from one radio base station communication network to another radio base station communication network to a link (connection) point of the mobile node to the network. Micromobility is a change in the position of a mobile node within the radio base station communication network 150, where the link (connection) point of the mobile node to the network does not change.

How to handle intermediate mobility and micromobility in mobile radio communication networks is well known. For example, if the mobile node 135 changes its position on the micro mobility scale, the BTS 150
There is a technique for detecting and processing inter-communication handoff using beacon signal strength. Similarly, techniques are known for detecting and handling communication handoffs between wireless base station communication networks when mobile node 135 relocates beyond the boundaries of the wireless base station communication networks.

As shown in FIG. 2, the data communication network 100 includes an IP fixed core network (IPv6 network) 120 and a router (agent) 145 connected to the network. When the mobile node 135 at location A moves in the network 120 to location C via location B, the handoff process is initiated. In the illustrated example, the mobile node 135 is operating in the home network and the home agent 14
5 is connected to the network 120. The mobile node 135 preferably performs wireless communication with the home agent 145 via a wireless base station communication network (not shown) using, for example, CDMA, W-CDMA, or similar wideband spread spectrum wireless signal technology.

Mobile IPv6 and Mobile
In both IPv4 standards, a mobility detection function and a handoff function are provided. In any of the standards, the mobility of the mobile node 135 is
or Discovery) mechanism, when the mobile node leaves the area covered by the first agent and moves to the area covered by the second agent, the network connection of the mobile node from the first agent to the second agent. Will be handed off. Therefore, in the example shown in the figure, the MobileIPv6 communication network is described.
The same applies to the eIPv4 communication network.

When the mobile node 135 moves from location A to location B, the movement is detected by the IP movement detection method or a combination of available methods. Mobile
The main detection methods in IPv6 are Router Discovery and Unreachability Detection (Neighbo).
The neighbor discovery function of IPv6 including r Unreachability Detection) is used. The details are detailed in RFC2461. This method is based on MobileIPv6.
In the Internet draft of MobileI
It is recommended to do this for a Pv6 mobile node.

While moving from position A to position C via position B, mobile node 135 can utilize router discovery to connect to a new router (agent), ie, on (on).
-Link) Look for a subnet prefix. In the router discovery process, the mobile node 135 broadcasts a router solicitation message. When the first foreign agent (FA1) 145 is close enough to the mobile node 135 to receive the router solicitation message, the foreign agent FA1 sends a router advertisement message to the mobile node 135.
To send directly to. Alternatively, mobile node 135 may simply
It may be just waiting for the router advertisement message transmitted from A1 periodically. When the mobile node 135 receives the router advertisement message from FA1, it holds the entry of FA1 in its default router list and the entry of the subnet prefix of FA1 in its prefix list. Thus, FA1 is identified by the default router list as a candidate for a default agent that may be used when mobile node 135 newly sets up a communication network connection.

The mobile node 135 is the home agent 1
It is important for the mobile node to be able to quickly detect when it is unable to communicate with the home agent and switch to a new agent and new care-of address when leaving the area covered by 45.
In order to detect when it becomes impossible to communicate with the home agent (default agent), the mobile node 135
Uses unreachability detection. When the mobile node 135 reaches the intermediate point B and moves in the direction of the position C as shown in FIG. 2, the network connection state via the home agent 145 starts to deteriorate from a certain point. Degradation of communication conditions manifests itself in a decrease in L2 beacon signal strength and an increase in communication errors detected by the MAC layer. Whether the signal is reachable from home agent 145
(1) When the mobile node 135 is communicating with the home agent 145, TCP acknowledgments from the home agent 145 responding to the packet.
Loss level of (2) voluntary multicast router advertisement message from home agent 145, or (3) whether or not a router advertisement message is received from home agent 145 according to an explicit router solicitation message. It is determined based on.

When the mobile node 135 detects that the communication state with the home agent 145 begins to deteriorate, it starts the handoff process, and completes the home agent 14 operation.
The process must be completed before the communication with 5 becomes impossible. The mobile node 135 first searches the default router list to find FA1. Next, the mobile node 135 sets a communication link with the FA 1 and disconnects the communication link with the home agent 145. For handoff processing from home agent 145 to FA1,
Mobile node 135 is the new foreign agent FA
It is necessary to set a care-of IP address that identifies 1
A preferred method of automatic addressing is specified in RFC2462. In this method, the new care-of address of the mobile node is generated from the subnet prefix of FA1 notified from FA1 in the prefix list. In this way, the handoff process is completed by the time the mobile node 135 reaches the new position C, and then the connection to the network is set up via the foreign agent FA1.

FIG. 3 illustrates the completion of the handoff process.
It is a figure which shows the process of registration of a new care-of address, and route optimization. The mobile node 135 performs a handoff process from the home agent HA 145 to the foreign agent FA1 (step S1). Next, mobile node 1
35 generates its own care-of address on the basis of the subnet prefix of FA1 transmitted from FA1 (step S2), and updates the binding including the own care-of address via FA1 to home agent HA 145.
Send to. Upon receiving the binding update, the home agent HA 145 registers the care-of address in the binding cache for the mobile node 135,
This associates the home address of the mobile node 135 with the current care-of address. A valid period is set for the association in the binding cache, and after the valid period expires, the association becomes invalid.

The mobile node 135 makes the network connection F
After handing off to A1, the destination node CN 140 starts communication with the mobile node 135. Furthermore, it is assumed that the correspondent node 140 has not communicated with the mobile node 135 and does not have information about the current position of the mobile note other than the home address fixed to the mobile node 135. In this case, the correspondent node transmits the first packet to the home network of the mobile node (step S3). Home agent 145 intercepts the first packet sent from destination node 140 and retrieves the current care-of address of mobile node 135 from the binding cache. Next, the home agent 14
5 encapsulates this first packet and embeds it in another packet, and tunnels the encapsulated packet to the mobile node 135 at the current care-of address of the mobile node 135 via FA1.

Internet Draft "MobileI
Route Optimization in Mobile
In the proposed extension of Mobile IPv4 defined in "IP)", a direct communication path is set between the mobile node 135 and the destination node 140 to avoid the home agent, thereby optimizing the packet path. it can. The gist of this extension proposal is incorporated into the MobileIPv6 standard. The mobile node 135 receives the packet encapsulated and tunnel-transmitted from the home agent 145, so that the correspondent node 140 has binding information that associates the home address of the mobile node with the current care-of address of the mobile node. Recognize that not. Next, the mobile node 135 sends a binding update to the correspondent node 140 (step S4). Upon receiving the binding update, the correspondent node 140 holds the entry of the care-of address of the mobile node in its binding cache in association with the home address fixed in the mobile node. After that, all packets from the destination node 140 addressed to the mobile node 135 will be sent from the destination node 140 to the mobile node 1
It is directly routed to 35 (step S5). By thus performing the route optimization, the problem of packet delay due to the triangular routing is solved.

During the above-mentioned binding process, between the mobile node 135 and the destination node 140 or the mobile node 13
Authentication and security association (SA) is performed between the nodes such as 5 and FA1. The security association ensures that communication with the mobile node 135 is actually legitimate, and the security association avoids eavesdropping, active replay attacks, other attacks, and unauthorized access to confidential data. can do. In particular, if the mobile node 135 transmitting the binding update is not authenticated at the correspondent node 140, or if the security association for future communication between the mobile node 135 and the correspondent node 140 is not established, Route optimization features can cause serious security problems.

The IPsec protocol provides a group of security services including authentication and confidentiality (encryption).
IPsec is an Authentication Header (A)
H) and encrypted payload (Encapsulating Security P
It is implemented by using two communication security protocols (ayload, ESP) and an encryption key management procedure (protocol). For details on the authentication header AH and the encrypted payload ESP, which play important roles in implementing IPsec, refer to RFC2402 “IP Authentication.
Header "and RFC 2406" IP Encapsulating Sec "
urity Payload ”. Regarding the encryption key management procedure (protocol), RFC2408 "In
ternetSecurity Association and Key Management Prot
ocol (ISAKMP) ”.

In particular, the security association (S
A) is important in the implementation of IPsec. This S
A is a relationship between two nodes that describe a security service that the two nodes use in agreement to safely communicate between the two nodes. In particular,
Before communication is performed between the nodes, negotiation (negotiation) is performed and the security association SA is set. Thereafter, each node stores its security association SA for the set validity period.

Security Association (SA)
Is uniquely identified by three items: a security parameter index (SPI), a destination node IP address, and a security protocol (AH or ESP) identifier. The IP destination address indicates the home address or care-of address of the node at the other end of the communication. A node has one SA for each node that it is currently communicating with or has already communicated with. A valid period is set for each SA, and the SA expires when a predetermined time elapses. The security association SA is set up before beginning to exchange packets containing data to be protected between the nodes.

The setting of the security association SA is an important part of the key management protocol in cryptographic IPsec. The basic idea behind crypto-based IPsec is that the two nodes share a secret session key used in encrypting and decrypting communications between the two nodes. Therefore, when setting the SA, the setting for sharing the secret session key is required.

There are two methods for setting this key sharing. One is a method called key transport, in which a trusted third party, the Key Distribution Center (KDC), holds the secret session keys of all nodes within the network domain and initiates communication between the nodes. Distribute the same secret session key to the nodes you want to use.

The other is a method called key generation.
As an example of this key generation, Diffie-Hellman (D-
H) A secret session key is generated using the algorithm. In the DH algorithm, public information is exchanged between two nodes. Each node mathematically combines the other party's public information and its own secret information to calculate a common secret value. This secret value is used as an encryption key when encrypting a session key or a randomly generated session key.

However, it is obvious that packet delay increases when user authentication and SA setting are performed. An increase in packet delay causes an increase in lost packets. Therefore, the communication cost also increases. This is because the communication cost is calculated based on the number of lost packets in the transmitted packets. Thus, the present invention is a non-synchronized SA.
There is a need to resolve the packet delay caused by. When starting communication between nodes for the first time, first S
It is preferable to set A to ensure security in data packet exchange between nodes. If nodes have previously communicated with each other, each node has already stored the SA set in its cache. Therefore, if the SA that has already been stored is used, a new S
Since it is not necessary to set A, the delay in communication between nodes is reduced.

FIG. 4 is a flow chart showing the execution process of IPsec including the process of setting the security association SA between the nodes. The data communication network 100 shown in FIG. 4 is the same as that in FIG. That is, it is a data communication network or wireless LAN based on the mobile wireless Internet protocol of the third generation or later. Therefore, the network 100
It conforms to both the Pv4 standard and the IPv6 standard. Also,
The network complies with the IMT-2000 standard,
Mobile radio connections can be made using CDMA, W-CDMA or similar wideband spread spectrum radio signal technology and the like. The network in this embodiment handles real-time interactive multimedia data communication such as VoIP.

In FIG. 4, the destination node CN 140
Is about to initiate communication with mobile node 135. Furthermore, it is assumed that the binding cache of the correspondent node 140 has not yet been updated to the current care-of address of the mobile node 135. Destination node 1
The 40 transmits the first packet addressed to the mobile node 135 to the home network of the mobile node (step S).
1). The first packet is a control packet, the content of which may vary depending on the application that needs to be implemented, but in the case of VoIP, for example, it is just a connection request. Here, the first packet usually contains no protected data, so the first packet is IP
It may be sent without sec protection.

Next, the first packet is intercepted by the home agent HA and tunneled from the home agent HA to the mobile node MN (step S
2). However, depending on the application installed in the correspondent node CN 140, the first packet may not be a control packet but a packet containing data to be protected by IPsec before being transmitted to the mobile node 135. In this case, steps S1 and S
2 is omitted and the process directly moves to step S3, and the security association (SA) is set between the partner node 140 and the mobile node 135.

The correspondent node CN 140 searches its own security association cache to see if the SA set for communication with the mobile node 135 is stored (step S3). The security association cache can store a plurality of security association (SA) entries for a plurality of communications. Each of the SA entries has a destination node CN1.
40 corresponds to the node with which communication is currently performed or the node with which communication has been performed in the past.

Security Association (SA)
Are identified by a plurality of parameters including a security parameter index SPI, a security protocol identifier and an IP destination address. The SA further includes two parameters called “IP destination home address” and “first packet flag”. I
The home address of the node of the communication partner is stored in the P destination home address. The first packet flag is
It is turned on when the first packet is transmitted to a node for which SA is not set with the node, and is turned off when SA is set with the node. A valid period is set in SA, and the SA expires after a certain period of time. That is, when the valid period elapses, the corresponding SA entry is deleted from the SA cache.

S for mobile node 135 in SA cache
If the A entry is stored, the destination node CN1
40 sends all packets sent after this to SA
It is encrypted using the session key identified by the security parameter index SPI stored in the entry and transmitted to the mobile node 135. If the correspondent node CN 140 has never communicated with the mobile node 135, the SA cache contains an S for the mobile node 135.
There is no A entry. Even when the correspondent node CN 140 has communicated with the mobile node 135, the valid period of the SA has already passed and the mobile node 1
It is possible that there is no SA entry for 35. If the valid period of the SA has passed, it is necessary to set a new SA for the mobile node 135 before transmitting the data packet. When the SA entry for the mobile node 135 is not stored in the SA cache in this manner, the destination node CN 140 sets a new SA for the mobile node 135 in step S5. Destination node CN1
40 sets SA for the mobile node 135 (step S5).

When the destination node CN 140 has communicated with the mobile node 135 within the valid period of SA,
SA must be stored in the cache of both nodes. However, since the storage capacity of the SA is limited in the mobile node 135, for example, the mobile node 135
May have already deleted the SA. In this case, the mobile node 135 has no SA entry, but the correspondent node CN 140 has a corresponding SA entry, and the SA is not synchronized between the mobile node 135 and the correspondent node 140.

Here, the destination node 140 is the SA of its own.
It is judged that the SA entry is stored in the cache,
Consider the case of transmitting encrypted data to the mobile node 135. Since the mobile node 135 cannot recognize the packet transmitted from the destination node 140, it tries to set SA between both nodes. That is, the SA is not synchronized at this point. Specifically, when the mobile node 135 receives the first packet from the correspondent node 140, it recognizes that SA is not set. The mobile node 135 updates the binding by the destination node 1.
40, the partner node 140 updates the binding cache, and when the partner node 140 receives the binding update from the mobile node 135, SA is set. In this way, the SA is set by the mobile node 135 transmitting the binding update to the correspondent node 140. Since the SA is reset in this way, packet delay may occur. Furthermore, a problem arises that a new SA is stored in the partner node 140 without deleting the old SA.

SA has a set validity period, and S
In the communication between the nodes to which A is set, the SA once set may be used many times during the valid period. Since the SA has a long validity period, many SA entries can be set in the node. In this way, one node deletes the SA before the SA expires,
The correspondent node holds the SA and S between both nodes
If A is not synchronized, a packet delay will occur due to setting SA for subsequent communication between the nodes.

There are a number of scenarios in which the SA may not be synchronized. For example, this is the case when the mobile node 135 does not have a sufficient storage area (SA cache) for storing many SA entries. Mobile node 135 S
When the amount of SA stored in the A cache approaches the capacity of the SA cache, the mobile node 135 deletes one of the SAs stored in the SA cache and stores the new SA. Secure. Alternatively, the mobile node 135 may delete the SA based on the longest unused time control method (LRU control method). In particular,
Delete the SA that has not been used for the longest time. In another example, the SA may not be synchronized even if one node deletes the SA without notifying the other node while the two nodes are communicating. This is because the destination node may store the SA until the SA valid period expires.

In order to solve such a problem of SA asynchronization, the present invention introduces an advanced SA management server for synchronizing SA between nodes connected to the communication network.

It is desirable that the SA is kept synchronized until the SA valid period elapses. Therefore, when the SA becomes out of synchronization, it is desirable that the subsequent communication can be performed based on the SA by detecting the lost SA and resynchronizing the SA. Furthermore, SA no longer needed
It is desirable to detect and delete. Specifically, it is an SA whose validity period has expired, an SA that may not already have security guarantees, or an SA when one node sends a deletion notification. Furthermore, "r
It is desirable to decide whether or not to perform the "e-key" process, that is, the key reissue process.

FIG. 5 shows the altitude S in the embodiment of the present invention.
A network provided with an A management server 160 is shown. Mobile node 135 communicates with various correspondent nodes CN 140, home agent HA 145, and foreign agent FA 145. Mobile node 135
Sets SA for each communication and stores it in the cache. However, since the cache capacity of the mobile node 135 is limited, it is possible to ensure SA synchronization of the mobile node 135 by managing the amount of SA stored in the cache using the SA management server 160. preferable. The SA management server 160 is the mobile node 1
35 and is configured to manage the SA of the mobile node 135 according to the SA management protocol. S
The A management server 160 similarly manages SAs for other nodes on the network such as the plurality of mobile nodes 135 and CN 140.

Specifically, the SA management server 160 stores and manages information regarding each communication between nodes and information regarding SA set in the communication. The information stored in the SA management server 160 includes the source address and destination address of communication, the protocol type and port number set for communication, and the security policy agreed by both nodes for communication. Has been. S
The A management server 160 further stores information about the node such as cache capacity. By analyzing the information, the SA management server 160 determines the S stored in the node so that the synchronization state of the SA is optimized.
Determine the appropriate SA management protocol for A.

More specifically, the SA management server 160
Determines, using the SA management protocol, whether the SA stored in the cache of the node such as the mobile node 135 should be stored in the cache or should be deleted. If you decide to delete the SA from the node, SA
The management server 160 instructs the node to delete the SA. Further, the SA management server 160 may detect that the SAs are not synchronized and may instruct the node to perform a key redistribution process (Re-key process) on the partner node. In this way, the SA management server 160 manages the SA entry stored in the cache of the node on the network, thereby ensuring the synchronization of the SA stored in the node.

Each SA according to the SA management protocol
The level of protection required for is determined. For example, the SA management server 160 may use the SAs based on the communication information.
The level of protection required for the "high level" (SA
SA protection protocol can be determined for each of the "medium level" and "low level". S requiring a high level of protection
A is, for example, SA set between the mobile node 135 and the HA 145. The reason is that the SA between these nodes is set more frequently than the SA between other nodes. On the other hand, for communication that is rarely used or communication that may have a low security level,
A low level security management protocol should be set. Therefore, the SA management server 160 determines the level of integrity for the SA and provides higher priority SAs to the higher priority SAs than lower priority SAs based on this determination. In this way, the SA management server 1
60 determines a communication protection level according to the SA management protocol and based on the SA protection level.

The SA management server 160 is the mobile node 135.
When it is decided to delete the SA stored in the cache of the mobile node 135, the mobile node 135 communicates with the mobile node 135 and instructs the mobile node 135 to delete the SA from the cache. Also, the amount of SA stored in the cache of the mobile node 135 approaches the cache capacity (eg, reaches 70% of the cache capacity).
In this case, the mobile node 135 may communicate with the SA management server 160 to determine which SA should be deleted.

The SA management server 160 may combine various known SA security methods or SA management factors according to the SA management protocol determined for each SA to ensure the integrity of the SA at the node. S
The A management server 160 uses the SA management protocol to
Determine the appropriate method of managing the SA. The SA management factor stores (1) SA management performed based on the SA priority, (2) SA management performed based on the overflow method, and (3) SA for communication with the node. Keep-alive negotiation for the purpose of guaranteeing the reachability with existing nodes, (4) The S that the SA corresponding to has disappeared
Notification of deletion with keep-alive negotiation for the purpose of deleting A, or (5)
Key reissue processing (Re-key) for the lost SA
Processing) is included.

When using SA management factors based on priority, the SA management server 160 determines which SA should be deleted based on the priority of the various SAs stored in each node. SA with high priority is SA with low priority
Is deleted after is deleted. For example, S with high priority
A is VoIP communication, and SA having low priority is e-mail communication. As a specific method of SA management based on priority, the longest unused time control method (L
There is a method of deleting SA according to the RU control method). In this way, the oldest used SA is deleted.
However, this method may delete the SA with high priority. Therefore, the SA management server 16
For 0, it is preferable to use another SA management factor to secure the integrity of SA with high priority.

As another SA management factor, there is one that uses keep-alive negotiation between nodes as described above. Specifically, the SA management server 160 instructs each node to periodically exchange information packets and determine whether or not the node as a communication partner can communicate. If it is determined that communication with the node is not possible, the SA management server 160 determines that the SA is unnecessary, and the SA is judged from the cache for the node.
Instruct to delete.

Further, the SA management server 160 instructs each node to issue a deletion notice to the SA management server 160 when the nodes become unable to communicate so that the nodes can be synchronized. In addition, the SA management server 160
Keep-alive negotiation may be used to instruct the nodes to exchange SPI lists. By exchanging the SPI list, the node can discover the lost SA and decide whether to delete or reconfigure the SA. Considering the communication cost of performing the keep-alive negotiation, it is preferable that the SA management server 160 perform the keep-alive negotiation in combination with other SA management factors only for the SA with high priority.

As another SA management factor used by the SA management server 160 for the purpose of SA synchronization, there is a method of performing a key redistribution process (Re-key) process for each SA. Specifically, when the SA management server 160 determines that a certain SA has already disappeared, it instructs the node to perform a key redistribution process for the SA. However, if the key redistribution process may cause an overflow, the SA management server 160 determines whether the key redistribution process is appropriate based on another SA management factor and the SA management protocol of the SA. to decide.

According to the level of integrity determined by the SA management server 160 for each SA, the SA management server 1
60 determines how to combine SA management factors to ensure the confidentiality of the SA. For example, the SA management server 160 uses all SA management factors for SA synchronization for SAs requiring high security, and based on priority for SAs that may have a low security level. Only SA control factors can be used.

Although the preferred embodiments of the present invention have been described above, each embodiment is merely an example and does not limit the essence of the present invention. Further, it is easily understood by those skilled in the art that various modifications and additions can be made to the present invention while maintaining the novel and advantageous features of the present invention without departing from the spirit of the present invention.
Accordingly, the scope of the invention is to be determined solely by the claims as properly interpreted.

[0083]

As described above, between the two nodes,
Highly manageable synchronization of Security Associations (SA).

[Brief description of drawings]

FIG. 1 is a diagram showing a third-generation mobile radio communication IP network to which the present invention is applied.

FIG. 2 is a simplified diagram showing macro mobility of a mobile node in a third generation mobile radio communication IP network in which MobileIP is used.

FIG. 3 is a simplified diagram showing macro mobility and route optimization of a mobile node in a third generation mobile radio communication IP network in which MobileIP is used.

FIG. 4 is a flowchart showing an IPsec execution process.

FIG. 5 is a simplified diagram illustrating a MobileIP network implemented with an advanced security association manager that synchronizes security associations of multiple nodes.

[Explanation of symbols]

100 ... Mobile wireless data communication IP network (mobile IP network) 120 ... IP fixed core network 130 ... Gateway router 135 ... Mobile node 140 ... Destination node 145 ... Router (home agent Or foreign agent) 150 ... Wireless base station communication network 155 ... Wireless base station (BTS) FA Foreign agent HA Home agent MN Mobile node CN Destination node

Claims (17)

[Claims] 1. A first step of setting a security association for communication between a first node and a second node, and storing the security association in the first node and the second node. An IP, comprising: a second step; and a third step in which a security association policy server synchronizes a security association established for communication between the first node and the second node. A method of implementing Internet Protocol security in a base mobile communication network. 2. The third step is a step of setting communication between the first node and the security association policy server, and the communication between the first node and the second node in the security association policy server. The address of the first node associated with the second
The address of the node, the protocol used in the communication,
A process of storing information including a port number used in the communication and a security policy for the security association, and a security association based on information associated with the communication between the first node and the second node. A step of selecting a management protocol, a step of deciding whether to delete the security association stored in the first node according to the selected security association management protocol, and a step of determining that the security association is not synchronized. The method according to claim 1, further comprising the step of notifying the first node that the security association is to be deleted. 3. A process of determining whether or not to delete the security association according to a use priority of a security association stored in the first node, and an overflow prevention method in a security association database of the first node. , Determining whether to delete the security association stored in the first node, and determining whether to delete the security association stored in the first node based on a keep-alive negotiation protocol. A step of deciding whether to delete the security association stored in the first node based on a deletion notification using the keep-alive negotiation protocol, and a step of deciding based on the key redistribution processing protocol. 3. The implementation according to claim 2, further comprising the step of: setting a security association management protocol, the step of determining whether to delete the security association stored in the first node. Method. 4. The mounting method according to claim 1, wherein the first node is a mobile node. 5. The security association is valid until a validity period elapses, and is used in a plurality of communication sessions between the first node and the second node until the validity period elapses. The mounting method according to claim 1, wherein the mounting method is a mounting method. 6. The mounting method according to claim 1, wherein the communication is real-time bidirectional digital data communication. 7. The mounting method according to claim 6, wherein the real-time two-way digital communication is performed by a VoIP protocol. 8. The communication network is IMT-200.
The mounting method according to claim 1, wherein the mounting method complies with the 0 standard. 9. An Internet protocol-based communication network, comprising: a plurality of nodes that perform mutual communication via the communication network and store security associations for the mutual communication; and a plurality of nodes provided on the communication network. A communication network comprising: at least one security policy server that communicates with a plurality of nodes and synchronizes a security association between the plurality of nodes according to a security association management protocol. 10. The at least one security association policy server is associated with communication between the plurality of nodes, and includes a source address, a destination address, a protocol type, a port number, and a security policy for the communication. The communication network according to claim 9, wherein information including and is stored. 11. The communication of claim 10, wherein the at least one security association policy server sets a security association management protocol based on information associated with communication between the plurality of nodes. network. 12. The at least one security association policy server stores, in each of the plurality of nodes, a security association stored in each of the plurality of nodes according to the security association management protocol and a plurality of security association management factors. The network according to claim 11, wherein the network determines whether to delete from the area. 13. The plurality of security association management factors include a priority of a security association stored in each of the plurality of nodes, an overflow of a security association database, a keep alive negotiation, and a keep alive negotiation during. 13. The communication network according to claim 12, further comprising a deletion notification of the above and a key re-setting process. 14. The communication network of claim 9, wherein the communication is real-time two-way digital data communication. 15. The communication network according to claim 14, wherein the real-time two-way digital data communication is performed by a VoIP protocol. 16. The communication network is IMT-20.
The communication network according to claim 9, which is compliant with the 00 standard. 17. A method for synchronizing security associations of a node in an internet protocol-based communication network, wherein the mobile node stores a security association for communication between the mobile node and a correspondent node with a valid period. And a step of storing the data related to the security association stored in the mobile node in the security association policy server, analyzing the data related to the security association according to a predetermined standard, and storing the data in the mobile node. Security association synchronization method, comprising the step of determining whether a security association that has been deleted should be deleted before the expiration of its validity period.