WO2009003404A1 - A method and an apparatus for fast handover - Google Patents

A method and an apparatus for fast handover Download PDF

Info

Publication number
WO2009003404A1
WO2009003404A1 PCT/CN2008/071483 CN2008071483W WO2009003404A1 WO 2009003404 A1 WO2009003404 A1 WO 2009003404A1 CN 2008071483 W CN2008071483 W CN 2008071483W WO 2009003404 A1 WO2009003404 A1 WO 2009003404A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
nar
key
handover
par
Prior art date
Application number
PCT/CN2008/071483
Other languages
French (fr)
Chinese (zh)
Inventor
Guohui Zou
Bin Xia
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009003404A1 publication Critical patent/WO2009003404A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • the present invention relates to mobile communication technologies, and in particular, to a method and system for secure fast handover.
  • MIPv6, Mobile IP version 6 The Mobile IP Version 6 (MIPv6, Mobile IP version 6) protocol is a mobile solution proposed by the Internet Engineering Task Force (IETF), which enables mobile nodes (MN, Mobile Node) to remain in the process of moving. Communication is not interrupted, but it also brings problems such as handover delay and security.
  • IETF Internet Engineering Task Force
  • the MN cannot determine the time to send or receive a packet during the handover process. This period of time is called the switching delay.
  • the main reasons for the handover delay are delays in link switching and the operation of the MIPv6 protocol, such as motion detection, new Care-of Address (CoA) configuration, and binding update.
  • CoA new Care-of Address
  • binding update In real-time applications, such as handover delays in Voice over IP (VoIP), handover delays are often unacceptable.
  • the IETF's MIP working group defines the Fast Mobile IP (FMIP) protocol.
  • FMIP Fast Mobile IP
  • the fundamental idea is to pre-configure related information to reduce handover delay and improve handover performance.
  • a Predictive type switching In the FMIP protocol, two types of switching are mainly defined, namely, a Predictive type switching and a Reactive type switching.
  • the MN predicts the upcoming handover during the move and informs the original access router (PAR, Previous Access Router).
  • the PAR obtains a new CoA used by the MN under the NAR through interaction with a new access router (NAR, New Access Router) or an access router (AR, Access Router) of the target network, thereby avoiding address configuration.
  • NAR New Access Router
  • AR Access Router
  • the data packet sent by the MN to the PAR during the handover process is sent by the PAR to the NAR for buffering in the tunnel mode, which ensures that the MN can receive the data packet after switching to the new link and avoid the loss of the data packet.
  • the MN moves too fast and the MN does not have time to complete the interaction process for obtaining a new CoA on the old link, the MN has arrived at the new link, and the handover in this case is called reactive handover.
  • the above-described reactive type switching cannot reduce the switching delay, it is possible to avoid packet loss due to handover.
  • the MN and the AR use the authentication, authorization, and accounting (AAA, Authentication, Authorization and Accounting) server to establish a security alliance technical solution.
  • AAA authentication, authorization, and accounting
  • the solution does not apply the above two handovers to the FMIP protocol, that is, in the handover.
  • the integrity of the message is ensured by switching the key (HK, Handover Key), and the public key exchange between the MN and the NAR is completed under the protection of the FMIP protocol, so that the scheme for generating the shared key is not actually obtained. application.
  • the following describes the implementation process of switching key, fast switching in prediction mode, and fast switching in reactive mode.
  • the HK is used to generate the HK between the MN and the AR using the AAA-assisted key management protocol, which is used to protect the signaling messages of the FMIP protocol. Therefore, the key management protocol specifies the message exchange between the MN and the AR and the necessary premise.
  • the protocol assumes that the Handover Master Key (HMK) is shared between the MN and the AAA server, and a security association exists between the AR and the AAA server. Under this assumption, as shown in FIG. 1 is a schematic diagram of a handover key generation process in the prior art, which specifically includes the following steps:
  • a handover integrity key ie, HK) – REQ
  • Step 102 After receiving the foregoing HK-REQ message, the AR forwards the message to the AAA server by using the AAA protocol to encapsulate the authentication, authorization, and accounting request (ie, AAARequest).
  • AAARequest the authentication, authorization, and accounting request
  • Step 103 After receiving the AAA Request message, the AAA server checks the correctness of the MAC carried in the AAA Request message by using the HIK calculated by itself. If the MAC address of the message is incorrect, the AAA server returns a message that the verification fails; otherwise, the AAA server sends a verification successful authentication, authorization, and accounting response (ie, AAAASPonse) message to the AR, which carries the HK and the AAA server generated HK and The random number nonce2 generated by the AAA server when the HK is generated.
  • Step 104 After receiving the successfully verified AAARSPonse message, the AR intercepts the HK carried by the message, and then packages the rest of the message into a handover key response (ie, HK RSP) message, and sends the message to the MN, the HK RSP.
  • the message also carries the message ID (consistent with HK-REQ), pseudo-random function, check success status information, Security Parameter Index (SPI), and integrity protection using the MAC generated by HK.
  • FIG. 2 is a schematic diagram of a fast switching process of a prediction mode in the prior art, which includes the following steps:
  • Step 201 The MN sends a Fast Binding Update (FBU) message to the PAR, where the message carries an MN Public Key (PK, Public Key) and a HK-REQ message, and the HK-REQ message uses between the MN and the PAR.
  • FBU Fast Binding Update
  • Step 202 After receiving the FBU message, the PAR first uses the HK calculated by itself to verify the correctness of the MAC. If the verification succeeds, the PAR sends a handover initiation (HI, Handover Initiate) message to the NAR, and the message carries the HK. – The MN PK is included in the REQ message.
  • HI Handover Initiate
  • Step 203 The NAR obtains the MN PK from the received HI message, and generates a HK RSP message carrying the NAR PK, and then sends the message to the PAR through a handover acknowledgement (HAck, Handover Acknowledgement) message.
  • Hck Handover Acknowledgement
  • Step 204 The PAR performs integrity protection using the MAC generated by the HK in the received HK RSP message, and sends it to the MN through a fast binding confirmation (FBAck, Fast Binding Acknowledgement).
  • FBAck Fast Binding Acknowledgement
  • Step 205 The MN performs correctness verification on the MAC of the received FBAck message. If the authentication passes, the MN adopts an asymmetric key mechanism, that is, uses the MN PK and the NAR PK to generate a shared key. When the MN enters the new link where the NAR is located, the MN sends a Fast Neighbor Advertisement (FNA) message to the NAR, and the message is integrity-protected using the MAC generated by the shared key, so that the MN completes the PAR to the NAR. Switch.
  • FNA Fast Neighbor Advertisement
  • FIG. 3 is a schematic diagram of a fast switching process of a reaction mode in the prior art, which specifically includes the following steps:
  • Step 301 If the switching of the foregoing prediction mode fails, when the MN arrives at the new link where the NAR is located, the FNA sends an FNA message to the NAR, where the message carries the MN PK and the HK_REQ.
  • Step 302 After receiving the FNA message, the NAR sends the HK_REQ through the FBU message. For PAR, the message also carries the NAR PK.
  • Step 303 After receiving the FBU message, the PAR checks the MAC in the HK-REQ, and sends a FBAck message carrying the HK RSP to the NAR, where the message also carries the NAR PK.
  • Step 304 After receiving the HK RSP message, the NAR forwards the message to the UI. At this point, ⁇ completes the switch from PAR to NAR.
  • the prior art security mechanism does not completely generate a shared key according to the existing AAA architecture.
  • This asymmetric key generation mechanism is different from the existing mechanism, which is not conducive to implementation; meanwhile, the sharing is generated.
  • the calculation of the key is large, which will consume a large amount of computing resources of MN and AR;
  • the AAA server is completely agnostic to the shared key, which is not conducive to the operator's management of the MN handover;
  • Embodiments of the present invention provide a method and system for secure fast handover, which establishes a security association between a mobile node and an access router of a target network to ensure secure fast handover and reduce handover delay.
  • the embodiment of the invention provides a method for fast switching, and the method includes the following steps:
  • the MN performs fast mobile handover using the security association to access the NAR.
  • the embodiment of the present invention further provides a fast handover system, where the system includes: a security association establishing unit, configured to establish a security association between the mobile node and the access router NAR of the target network;
  • a security protection execution unit configured to use the security association to enable the mobile node to access the
  • the embodiment of the present invention establishes a security association (such as a shared switching key, a switching key, and the like) between the mobile node and the access router of the target network before the handover of the mobile node, and switches to the target network.
  • a security association such as a shared switching key, a switching key, and the like
  • the above security alliance is used to ensure that the mobile node is securely connected to the target network.
  • Access router that is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network.
  • FIG. 1 is a schematic diagram of a process of generating a handover key in the prior art
  • FIG. 2 is a schematic diagram of a fast switching process of a prediction mode in the prior art
  • FIG. 3 is a schematic diagram of a fast switching process of a reaction mode in the prior art
  • FIG. 4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention.
  • FIG. 6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention.
  • FIG. 7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention.
  • FIG. 8 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 4 of the present invention.
  • FIG. 9 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 5 of the present invention.
  • FIG. 10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention.
  • FIG. 11 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 7 of the present invention.
  • FIG. 12 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 8 of the present invention.
  • FIG. 4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention, which specifically includes the following steps:
  • Step 401 Establish a security association between the mobile node and the access router of the target network before the fast handover;
  • Step 402 In the fast handover process of the mobile node, the security association is used to ensure that the mobile node securely switches to the access router.
  • a security association (such as a shared switching key, a handover key, and the like) between the mobile node and the access router of the target network is established, and after switching to the target network,
  • the above-mentioned security alliance is used to ensure that the above mobile node securely accesses the access router of the target network. That is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network.
  • FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention.
  • the MN in the embodiment of the present invention completes the handover preparation with the multiple candidate ARs before determining the handover target, and specifically includes the following steps:
  • Step 501 The MN obtains an identifier (AP-ID, Access Point-Identifier) of the surrounding access point, and then sends a message requesting RX (RtSolPr, Router Solicitation for Proxy Advertisement) message to the PAR to obtain a message corresponding to the target AP-ID.
  • RX RtSolPr, Router Solicitation for Proxy Advertisement
  • Step 502 After receiving the RtSolPr message, the PAR sends a proxy routing advertisement (PrRtAdv, Proxy Router Advertisement) message to the MN, where the PAR includes the AR information corresponding to the target AP-ID.
  • PrRtAdv Proxy Router Advertisement
  • Step 503 After receiving the foregoing PrRtAdv message, the MN sends a HK_REQ message to all NARs, where the message carries the message ID, the pseudo-random function, the CoA, the random number nonce generated by the MN, the MN ID, and the MAC generated by using the HIK.
  • Sex protection where the MN ID may be a Media Access Control Identifier (MAC ID) of the mobile node, or a Net Access Identifier (NAI).
  • MAC ID Media Access Control Identifier
  • NAI Net Access Identifier
  • the source address is used as the original care-of address (pCoA, previous Care-of Address), and the destination address is sent in the form of a data packet of the NAR address.
  • the method can be used in a simple IP network.
  • IP-in-IP Sended by nested Internet Protocol
  • the external IP address is the pCoA and PAR address of the MN
  • the internal IP address is the pCoA and NAR address of the MN respectively.
  • MIP Multicast Internet Protocol
  • the destination address subheader is used to indicate the IP packet destination.
  • the IP header address is the MN's pCoA and PAR addresses respectively.
  • the PAR reconstructs the IP packet with the destination address subheader as the destination address, and Send it to the address represented by the destination address sub-header (that is, the NAR address). This method can be used in the MIP network.
  • Step 504 After receiving the above HK-REQ message, the NAR encapsulates the HK-REQ message and forwards it to the AAA server.
  • Step 505 After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the NAR. If the verification is passed, the AA RSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
  • AA RSP authentication authorization response
  • Step 506 The NAR records the identity of the MN (such as the MAC_ID) and the nHK, and sends a HK-RSP message to the MN, indicating that the security association is successfully established.
  • Step 507 When determining to perform fast handover, the RP sends an FBU message to the PAR, and the message is completed by using a message authentication code (pHK-MAC) generated by the original handover key (pHK, previous Handover Key) shared by the MN and the PAR.
  • pHK-MAC message authentication code
  • Step 508 PAR verifies the correctness of the above pHK-MAC. If the verification passes, PAR and NAR complete the interaction between the HI message and the HAck message (not shown), and the PAR sends the FBAck message carrying the pHK-MAC to the MN.
  • Step 509 After the MN arrives at the new link, it sends an FNA message to the NAR, where the message carries
  • MN MN's identity, and use nHK to generate MAC for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • the technical solution of the first embodiment can be implemented in two phases: Before the MN determines the handover target, the MN attempts to perform a key interaction process with all the NARs related to the AR information provided by the PrRtAdv message, and then accesses the AAA by the NAR. The server completes the establishment of the security association; after the MN determines the handover target, the MN protects the FBU message with the original security association and protects the FNA message with the corresponding new security association. It can be seen that this embodiment reduces the handover delay in the handover process since the security association has been established before the handover.
  • the embodiment of the present invention may be further modified to: add the configuration of the MN and NAR information to the new care-of address (nCoA) in steps 503 and 506.
  • nCoA new care-of address
  • FIG. 6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention.
  • Steps 601 to 602 and steps 607 to 609 of the embodiment of the present invention are the same as the corresponding steps in the first embodiment:
  • the MN After receiving the foregoing PrRtAdv message, the MN sends a HK-REQ message to the PAR, where the identity carried by the message may be the MAC ID of the mobile node, or the NAI.
  • This message uses the original security association between the MN and AAA for integrity protection.
  • Step 604 After receiving the above HK-REQ message, the PAR passes the authentication authorization request (AA)
  • the REQ) message encapsulates it and forwards it to the AAA server.
  • Step 605 After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the PAR. If the verification is passed, the AARSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
  • AA RSP authentication authorization response
  • Step 605 The AAA server sends an AA RSP message to the NAR, where the message carries the handover key nHK between the MN and the NAR.
  • Step 606 The PAR records the identity of the MN and the nHK, and sends the HK-RSP message to the MN, indicating that the security association is successfully established.
  • the difference between the second embodiment and the first embodiment is that the key interaction process between the MN and the NAR is performed by the MN indirectly interacting with the AAA server (through the PAR, and the NAR is not involved), and then the AAA server.
  • the key generated for each NAR is delivered to each NAR. Therefore, when the MN needs to establish a security association with multiple NARs, the MN and the AAA server only need to complete an interaction process, which saves signaling overhead.
  • the first embodiment is used as an example, that is, only the establishment of the first-stage security alliance is completed, and the MN does not have time to send the FBU message to the PAR to reach the NAR.
  • the new link then, the switching mode will be converted from the prediction mode in the first embodiment to the reaction mode.
  • FIG. 7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention.
  • the embodiment of the present invention is based on the first stage of the foregoing prediction mode embodiment (that is, the establishment of the security association is completed). Since the MN does not send the FBU message to the PAR before reaching the new link where the NAR is located, the MN does not enter the response mode.
  • the specific steps are as follows:
  • Step 701 The MN has not accessed the NAR by sending a FBU message to the PAR, and the MN actively sends an UNA (Unsolicited Neighbor Advertisement) message to the NAR, such as If the MN knows nHK before sending the message, the message is integrity protected by the MAC generated by nHK; if the MN does not know nHK, then integrity protection is not performed.
  • UNA Unsolicited Neighbor Advertisement
  • Step 702 The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message may use the source address as nCoA. The IP message with the address PAR is sent.
  • Step 703 After receiving the FBU message, the PAR performs correctness verification on the pHK-MAC, and sends an FBAck message carrying the verification result to the MN. Since the MN has arrived at the new link where the NAR is located, the message may be used.
  • the IP address of the source address is nCoA and the destination address is MN.
  • PAR forwards the buffered data destined for pCoA to the MN's nCoA through the IP-in-IP tunnel.
  • FIG. 8 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 4 of the present invention.
  • the PAR first obtains the AAA nonce of the AAA server, and prepares for the subsequent handover, which includes the following steps:
  • Step 801 The PAR learns that the MN is about to switch by using a link layer trigger (for example, a media-independent handover in IEEE 802.21, a MIH-MN-Candidate-Query request message), but no A clear handover target.
  • the PAR sends an AAAREQ message to the AAA server requesting to obtain an AAAnonce.
  • this step should occur after the PAR sends a PrRtAdv message to the MN, before the MN sends an FBU message to the PAR.
  • Step 802 After receiving the AAA REQ message, the AAA server sends the generated AAA RSP message to the PAR, where the message carries the AAA nonce and its corresponding AAA nonce index. After the PAR receives the message, The AAA nonce extracted from it and its corresponding AAA nonce Index are saved.
  • Step 803 When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message carries the requesting AAA server to generate nHK_Req of nHK, and uses the pHK MAC generated by the pHK for integrity protection.
  • Step 804 The PAR verifies the correctness of the MN's pHK-MAC. If the verification succeeds, the HI message is sent to the NAR, and the message carries the nHK-Req and the AAAnonce Index. The HI message must be encrypted and protected. The specific encryption is the same as the prior art, and is not mentioned here.
  • Step 804 The PAR sends an acknowledgement message FAck of the FBU to the MN, and the message carries the AAA. Nonce, and pHK-MAC generated by pHK for integrity protection.
  • the MN verifies the correctness of the pHK-MAC of the message. If the verification passes, the following formula can be used to generate nHK.
  • nHK gprf+ (HMK, ⁇ nonce
  • Step 805 After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 805, the NAR sends a HAck message to the PAR.
  • Step 806 After receiving the HAck message, the PAR sends an FBAck message to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 806 After receiving the AAA REQ message carrying the AAA nonce index, the AAA server queries the corresponding AAA nonce through the index, generates nHK according to the formula in step 804, and then sends an AAA RSP message carrying the nHK to the NAR.
  • Step 807 When the MN arrives at the new link where the NAR is located, it sends an FNA message to the NAR, and the message uses the MAC generated by the nHK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • the PAR obtains the AAA nonce parameter from the AAA, and returns the AAA nonce parameter through an acknowledgement message after the MN sends the FBU, so that the MN can generate the fast binding confirmation FBAck without receiving the fast binding confirmation FBAck.
  • New switching key complete the switching process, reduce switching delay
  • FIG. 9 is a schematic diagram of a fast switching process of the prediction mode in the fifth embodiment.
  • the MN decides to switch, the establishment of the temporary security alliance with the target NAR is completed, thereby implementing a secure and fast handover.
  • the preparation before the MN decides to switch includes the following steps:
  • the MN and the PAR generate a HK according to the switching key generation process of the prior art
  • THK gprf (HK, ⁇ pCoA
  • Step 901 When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message uses the MAC generated by the SHK for integrity protection.
  • Step 902 After receiving the FBU message, the PAR performs correctness verification on the MAC. If the verification succeeds, the PAR sends an HI message to the NAR, where the message carries the THK.
  • the HI message must be encrypted.
  • the encryption technology is the same as the prior art and will not be described here.
  • Step 903 After receiving the HI message, the NAR extracts the THK from the message and sends a HAck message to the PAR.
  • Step 904 After receiving the HAck message, the PAR sends an FBAck message to the MN, and the message uses the SHK to generate a MAC for integrity protection.
  • Step 905 After the MN arrives at the new link where the NAR is located, the MN sends an FNA message to the NAR, and the message uses the MAC generated by the THK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • Step 906 After the handover process ends, the MN or PAR immediately acquires the new SHK and THK through the handover key generation process shown in the prior art for the next handover.
  • the embodiment of the present invention adds the key generation hierarchy of SHK and THK based on the existing handover key generation technology, wherein SHK is used to establish a security association between MN and PAR, and THK is transmitted by PAR.
  • the NAR is used to establish a temporary security association between the MN and the NAR.
  • the handover The mode will be converted from the prediction mode in the fifth embodiment to the corresponding reaction mode.
  • FIG. 10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention.
  • Embodiments of the present invention include the following steps:
  • Step 1001 The MN sends an UNA message to the NAR.
  • the message is generated using THK
  • the MAC is integrity protected.
  • Step 1002 The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the pHK-MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message can be sourced with nCoA, The IP address of the destination address is PAR.
  • Step 1003 After receiving the FBU message, the PAR performs correctness verification on its pHK-MAC. If the verification succeeds, the FBAck message carrying the verification result is sent to the MN. Since the MN has arrived at the new link where the NAR is located, the message can be sent by using an IP message whose source address is nCoA and whose destination address is MN. At the same time, the PAR forwards the buffered data destined for the pCoA to the MN's nCoA through the IP-in-IP tunnel. At this point, the MN completes the fast handover process from PAR to NAR.
  • Step 1004 After the handover process ends, the MN or NAR will initiate a new HK generation process, and the MN and the PAR respectively derive SHK and THK.
  • the embodiment of the present invention is relatively easy to implement. Because the symmetric key mechanism is completely used, the calculation amount is small, and the computing resources are saved. In addition, in the handover process, the MN can be completed without accessing the AAA server. The authorization of the handover ensures that after the FNB message is sent on the original link, the MN should not cause handover delay or handover failure for security reasons, nor increase the probability of switching from predictive handover to reactive handover.
  • FIG. 11 is a schematic diagram of a fast switching process of the prediction mode in the seventh embodiment.
  • multiple security associations are established with the target NAR in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby implementing security. Fast switching.
  • nHK is as follows:
  • nHK' gprf + (HMK, solid nonce
  • nHK prf(nHK', NAR nonce)
  • Step 1101 When the MN decides to perform fast handover, send an FBU message to the PAR, where the message carries the nHK_Req requesting the AAA server to generate nHK, and uses the pHK-MAC generated by the pHK. Integrity protection.
  • Step 1102 The PAR verifies the correctness of the pHK-MAC of the MN. If the verification succeeds, the HI message carrying the nHK_Req is sent to the NAR. The message must be cryptographically protected. The specific encryption is the same as the prior art and will not be described here.
  • Step 1103 After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the NAR nonce. At the same time, in step 1103, the NAR sends a HAck message to the PAR, which carries the NAR nones for generating nHK.
  • Step 1104 After receiving the HAck message, the PAR sends an FARck message carrying the NAR nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 1104 After receiving the AAAREQ message carrying the NAR nonce, the AAA server generates ⁇ according to the formula 111, and sends an AAA RSP message carrying the nHK to the NAR. After receiving the message, the NAR generates nHK according to formula 112.
  • Step 1105 When the MN arrives at the new link where the NAR is located, if the MN receives the FBAck message sent by the PAR, and uses the NAR nonce in the message and the formula 112 to generate the nHK, the FNA message sent by the MN to the NAR does not carry the FBU, and is used.
  • the MAC generated by the nHK performs integrity protection (as shown in FIG. 11); if the MN does not receive the FBAck message sent by the PAR, and generates ⁇ ' according to the formula 111, the FNA message sent by the MN to the NAR carries the FBU, and uses nHK, The generated MAC is integrity protected (not shown in Figure 11).
  • the NAR determines whether the MN has received the FBAck according to whether the FNA is carried in the received FNA. If the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the MAC generated by nHK'. The FBU's MAC is correctly verified. If the FNA message received by the NAR does not carry the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by the nHK to perform the correctness-risk on the FBU's MAC. At this point, the MN completes the fast handover process from PAR to NAR.
  • the MN performs message exchange with the NAR via PAR to generate a first handover key nHK, and a second handover key nHK; and the NAR receives the first handover key ⁇ generated by the AAA server. And generating a second handover key nHK accordingly, thereby establishing two security associations between the MN and the NAR.
  • the MN decides to switch, the MN sends an FNA to the NAR.
  • the message, NAR determines the content of the message and decides which switch key to use. Therefore, the embodiment of the present invention avoids the handover problem caused by the FBAck message in the prior art, and ensures fast and secure handover.
  • the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is similar to the third embodiment of the present invention, except that the UNA message sent by the MN to the NAR is integrity protected using the MAC generated by nHK'.
  • the NAR determines which key (nHK or ⁇ ') the MAC used to verify its correctness is determined by judging the UNA flag.
  • the NAR can also use the two keys (nHK or ⁇ ') to generate the MAC-to-UNA message. For correctness verification, the corresponding key verified will be used as the shared key between the NAR and the MN.
  • the embodiment of the present invention can also be divided into two phases: In the first phase, before the MN decides to switch the target, the PAR first acquires the random number of the AAA server (AAA nonce); in the second phase, after the MN decides to switch the target, the MN and the MN
  • the target NAR establishes multiple security alliances in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby achieving secure fast handover.
  • FIG. 12 is a schematic diagram of a fast switching process of a prediction mode in Embodiment 8.
  • the first stage of the embodiment of the present invention is the same as the fourth embodiment of the present invention, and the steps 1201 to 1204 are the same as the steps 801 to 804.
  • the second phase of the embodiment of the present invention specifically includes the following steps:
  • Step 1205' After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 1205, the NAR sends a HAck message to the PAR.
  • Step 1206 After receiving the HAck message, the PAR sends an FBAck message carrying the AAA nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 1206 after receiving the AAA REQ message, the AAA server queries the corresponding AAA nonce through the Index, generates ⁇ ' according to the formula 111, and then sends and carries nHK, and
  • AAA nonce AAA RSP message to NAR. After receiving the message, the NAR generates nHK: according to Equation 112.
  • Step 1207 When the MN arrives at the new link where the NAR is located, if the MN receives the PAR transmission If the FBAck message is sent, the FNA message sent by the MN to the NAR is integrity-protected using the MAC generated by the nHK. If the MN does not receive the FBAck message sent by the PAR, the FNA message sent by the MN to the NAR is completed using the MAC generated by nHK'. Sexual protection.
  • the NAR if the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the generated MAC to verify the correctness of the FBU's MAC; if the NAR receives the FNA message, Carrying the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by nHK to perform correctness-risk on the MAC of the FBU. At this point, the MN completes the fast handover process from PAR to NAR.
  • the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN does not send an FBU message to the PAR before the new link where the NAR is located, the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is the same as that of the sixth embodiment of the present invention.
  • the uniqueness of the nCoA in the HI/HAck interaction message between the PAR and the NAR can be ensured, thereby avoiding the handover delay that may be caused by the nCoA collision.
  • an embodiment of the present invention further provides a system for secure fast handover, where the system includes: a security alliance establishing unit and a security protection executing unit.
  • the security association establishing unit is configured to establish a security association between the mobile node and the access router NAR of the target network before the fast handover; the security protection execution unit is configured to use the security association to access the mobile node. To the NAR.
  • the security association establishing unit includes one or more units in the first type of security alliance establishing unit, the second type of security alliance establishing unit, the third type of security alliance establishing unit, and the fourth type of security alliance establishing unit:
  • the first type of security association establishing unit is configured to perform a key interaction between the mobile node and the at least one NAR to generate a security association, and the NAR interacts with the AAA server to complete the establishment of the security association.
  • the MN performs information exchange with the AAA server through the PAR, and the AAA server generates an security association corresponding to the at least one NAR, and sends the security association to the NAR to complete the establishment of the security association;
  • the second type of security association establishing unit is configured to obtain, in advance, the key information required by the mobile node to generate a key, and return the key information by using a confirmation message after the mobile node sends the fast binding update message.
  • the mobile node generates a handover key according to the key information, and completes the security alliance.
  • the third type of security association establishing unit is configured to calculate a standard handover key and a temporary handover key between the mobile node and the PAR before the fast handover; when the mobile node needs to switch, the PAR is in the handover trigger message Transmitting the temporary handover key to the NAR, establishing a security association between the mobile node and the NAR;
  • the fourth type of security association establishing unit is configured to obtain key information required for generating a key from the mobile node through message interaction between the PAR and the NAR, and generate first and second handovers before the fast change
  • the AAA server generates a first switching key according to the received key request message, and feeds back the generated result to the NAR, and the NAR generates a second switching key according to the key information to complete multiple security alliances.
  • the security association establishing unit is responsible for establishing an security association before the handover occurs, and the security association establishment process may need to send and receive messages independently, or may be sent together with other messages; the security protection execution unit first needs to be established from the security association.
  • the unit obtains the key, and then uses the key to perform integrity protection (ie, calculating the message authentication code) on the signaling message required for fast handover, and sends the message authentication code together with the message.
  • integrity protection ie, calculating the message authentication code

Abstract

A method and an apparatus for fast handover are disclosed in the present invention, the said method comprises steps: establishing a security association between a mobile node MN and an access router NAR of a target network; the said MN using the security association to perform the fast handover to access the said NAR. The corresponding system is also disclosed in the present invention. The present invention optimizes the procedure of generating the shared secret key during the fast handover by adjusting the parameters which are required by the generation of the secret key during the fast handover (i.e. establishing the security association between the mobile node and the NAR in advance), so as to ensure that the security mechanism does not impact the fast handover procedure when communicating data, and to make the handover procedure under the control of the network.

Description

快速切换的方法及系统  Fast switching method and system
本申请要求于 2007 年 6 月 29 日提交中国专利局、 申请号为 200710123591. K 发明名称为 "安全快速切换的方法及系统"的中国专利申请的 优先权, 其全部内容通过引用结合在本申请中。  This application claims the priority of the Chinese Patent Application No. 200710123591. K, entitled "Safe and Fast Switching Method and System", which is incorporated herein by reference. in.
技术领域 Technical field
本发明涉及移动通信技术, 特别是涉及一种安全快速切换的方法及系统。  The present invention relates to mobile communication technologies, and in particular, to a method and system for secure fast handover.
背景技术 Background technique
移动 IP第 6版本( MIPv6, Mobile IP version 6 )协议是互联网工程任务组 ( IETF, Internet Engineering Task Force )提出的移动解决方案, 该方案可以使 移动节点 ( MN, Mobile Node )在移动过程中保持通信不被中断, 但同时也带 来了切换延迟和安全等问题。  The Mobile IP Version 6 (MIPv6, Mobile IP version 6) protocol is a mobile solution proposed by the Internet Engineering Task Force (IETF), which enables mobile nodes (MN, Mobile Node) to remain in the process of moving. Communication is not interrupted, but it also brings problems such as handover delay and security.
MN在切换过程中无法确定发送或接收数据包的时间,这段时间被称为切 换延迟。 导致切换延迟的主要原因有链路切换存在延迟, 以及 MIPv6协议的 操作过程, 例如移动检测、 新的转交地址(CoA,Care-of Address )配置、 绑定 更新等。 在实时应用中, 例如 IP承载语音( VoIP, Voice over IP ) 中切换延迟 经常是不能接受的。  The MN cannot determine the time to send or receive a packet during the handover process. This period of time is called the switching delay. The main reasons for the handover delay are delays in link switching and the operation of the MIPv6 protocol, such as motion detection, new Care-of Address (CoA) configuration, and binding update. In real-time applications, such as handover delays in Voice over IP (VoIP), handover delays are often unacceptable.
IETF的 MIP工作组中定义了快速移动 IP ( FMIP, Fast Mobile IP )协议, 其根本思想是对相关信息进行预配置, 从而降低切换延迟, 改善切换性能。  The IETF's MIP working group defines the Fast Mobile IP (FMIP) protocol. The fundamental idea is to pre-configure related information to reduce handover delay and improve handover performance.
在 FMIP协议中, 主要定义了两种类型的切换, 分别是预测 (Predictive ) 型切换和反应 ( Reactive )型切换。  In the FMIP protocol, two types of switching are mainly defined, namely, a Predictive type switching and a Reactive type switching.
对于预测型切换, MN在移动过程中预测到即将进行的切换, 并将其告知 原接入路由器(PAR, Previous Access Router )。 该 PAR通过与新接入路由器 ( NAR, New Access Router )或者目标网络的接入路由器( AR, Access Router ) 之间的交互, 获得该 MN在 NAR下使用的新的 CoA, 从而避免了地址配置过 程导致的延迟。 同时 , 在切换过程中 MN发送到 PAR的数据包 , 被 PAR通过 隧道模式发送到 NAR进行緩冲, 保证了 MN在切换到新的链路后即可接收数 据包, 且避免数据包的丢失。  For predictive handover, the MN predicts the upcoming handover during the move and informs the original access router (PAR, Previous Access Router). The PAR obtains a new CoA used by the MN under the NAR through interaction with a new access router (NAR, New Access Router) or an access router (AR, Access Router) of the target network, thereby avoiding address configuration. The delay caused by the process. At the same time, the data packet sent by the MN to the PAR during the handover process is sent by the PAR to the NAR for buffering in the tunnel mode, which ensures that the MN can receive the data packet after switching to the new link and avoid the loss of the data packet.
如果 MN移动的速度过快, MN来不及在旧链路上完成获得新的 CoA的 交互过程, 该 MN就已经到达新的链路, 这种情况下的切换称为反应型切换。 上述反应型切换虽然不能降低切换延迟,但是可以避免由于切换导致的丢包现 象。 If the MN moves too fast and the MN does not have time to complete the interaction process for obtaining a new CoA on the old link, the MN has arrived at the new link, and the handover in this case is called reactive handover. Although the above-described reactive type switching cannot reduce the switching delay, it is possible to avoid packet loss due to handover.
目前 , MN和 AR使用认证、授权和计费( AAA, Authentication, Authorization and Accounting )服务器建立安全联盟的技术方案, 该方案并没有将上述两种 切换应用到 FMIP 协议中, 也就是说, 在切换过程中, 通过切换密钥 (HK, Handover Key )来保证消息的完整性, 并在 FMIP协议的保护下完成 MN和 NAR之间的公共密钥交换, 从而生成共享密钥的方案并没有得到实际应用。  Currently, the MN and the AR use the authentication, authorization, and accounting (AAA, Authentication, Authorization and Accounting) server to establish a security alliance technical solution. The solution does not apply the above two handovers to the FMIP protocol, that is, in the handover. In the process, the integrity of the message is ensured by switching the key (HK, Handover Key), and the public key exchange between the MN and the NAR is completed under the protection of the FMIP protocol, so that the scheme for generating the shared key is not actually obtained. application.
下面分别描述切换密钥、预测模式下快速切换和反应模式下快速切换的实 现过程。  The following describes the implementation process of switching key, fast switching in prediction mode, and fast switching in reactive mode.
利用 AAA辅助的密钥管理协议来生成 MN和 AR之间的 HK, 该 HK用 于保护 FMIP协议的信令消息。 因此, 该密钥管理协议指定了 MN和 AR之间 的消息交换和必要的前提假设。 该协议假设切换主密钥 (HMK, Handover Master Key )在 MN和 AAA服务器之间共享, 并且 AR和 AAA服务器之间已 有安全联盟存在。在此假设之下,如图 1所示为现有技术中切换密钥生成流程 示意图, 具体包括如下步骤:  The HK is used to generate the HK between the MN and the AR using the AAA-assisted key management protocol, which is used to protect the signaling messages of the FMIP protocol. Therefore, the key management protocol specifies the message exchange between the MN and the AR and the necessary premise. The protocol assumes that the Handover Master Key (HMK) is shared between the MN and the AAA server, and a security association exists between the AR and the AAA server. Under this assumption, as shown in FIG. 1 is a schematic diagram of a handover key generation process in the prior art, which specifically includes the following steps:
步骤 101:首先, MN根据 HMK生成一个切换完整性密钥( HIK, Handover Integrity Key ), 公式为: HIK = gprf+ (HMK, "Handover Integrity Key"); 然后, MN发送切换密钥请求(即 HK— REQ )消息给 AR, 该消息中携带消息 ID、 伪 随机函数、 CoA、 MN产生的随机数 nonce 1、 MN身份标识(MN ID )和使用 HIK生成的消息认证码 ( MAC, Message Authentication Code )。  Step 101: First, the MN generates a handover integrity key (HIK, Handover Integrity Key) according to the HMK, and the formula is: HIK = gprf+ (HMK, "Handover Integrity Key"); Then, the MN sends a handover key request (ie, HK) – REQ) message to the AR, the message carrying the message ID, the pseudo-random function, the CoA, the random number nonce generated by the MN, the MN identity (MN ID), and the message authentication code (MAC, Message Authentication Code) generated using the HIK .
步骤 102 : AR接收到上述 HK— REQ消息后 , 将该消息通过 AAA协议打 包成认证、 授权和计费请求(即 AAARequest ) 消息转发给 AAA服务器。  Step 102: After receiving the foregoing HK-REQ message, the AR forwards the message to the AAA server by using the AAA protocol to encapsulate the authentication, authorization, and accounting request (ie, AAARequest).
步骤 103: AAA服务器接收到该 AAA Request消息后, 通过自身计算出 来的 HIK检查所述 AAA Request消息中携带的 MAC的正确性。 如果该消息 的 MAC不正确, 则 AAA服务器返回验证失败的消息; 否则, AAA服务器发 送校验成功的认证、 授权和计费响应(即 AAARSPonse )消息给 AR, 该消息 携带 AAA服务器生成的 HK和生成该 HK 时 AAA服务器产生的随机数 nonce2。 其中, HK的生成公式为: HK = gprf+ (HMK, MN nonce | AAA nonce I MN ID I AR ID I "Handover Key")。 步骤 104:该 AR接收到校验成功的 AAARSPonse消息后,截取该消息携 带的 HK, 再将该消息的其余部分打包成切换密钥响应 (即 HK RSP ) 消息, 并发送给 MN, 该 HK RSP消息还携带有消息 ID (与 HK— REQ中一致)、伪随 机函数、 校验成功状态信息、 安全参数索引 (SPI, Security Parameter Index ), 以及使用 HK生成的 MAC进行完整性保护。 Step 103: After receiving the AAA Request message, the AAA server checks the correctness of the MAC carried in the AAA Request message by using the HIK calculated by itself. If the MAC address of the message is incorrect, the AAA server returns a message that the verification fails; otherwise, the AAA server sends a verification successful authentication, authorization, and accounting response (ie, AAAASPonse) message to the AR, which carries the HK and the AAA server generated HK and The random number nonce2 generated by the AAA server when the HK is generated. Among them, the formula for generating HK is: HK = gprf+ (HMK, MN nonce | AAA nonce I MN ID I AR ID I "Handover Key"). Step 104: After receiving the successfully verified AAARSPonse message, the AR intercepts the HK carried by the message, and then packages the rest of the message into a handover key response (ie, HK RSP) message, and sends the message to the MN, the HK RSP. The message also carries the message ID (consistent with HK-REQ), pseudo-random function, check success status information, Security Parameter Index (SPI), and integrity protection using the MAC generated by HK.
如图 2所示为现有技术中预测模式快速切换流程示意图,具体包括如下步 骤:  FIG. 2 is a schematic diagram of a fast switching process of a prediction mode in the prior art, which includes the following steps:
步骤 201: MN发送快速绑定更新( FBU, Fast Binding Update )消息给 PAR, 该消息携带 MN公共密钥 (PK, Public Key)和 HK— REQ消息 , 该 HK— REQ消 息使用 MN和 PAR之间的共享密钥 HK生成的 MAC进行完整性保护。  Step 201: The MN sends a Fast Binding Update (FBU) message to the PAR, where the message carries an MN Public Key (PK, Public Key) and a HK-REQ message, and the HK-REQ message uses between the MN and the PAR. The shared key HK generated MAC is integrity protected.
步骤 202: PAR接收到该 FBU消息后, 首先使用自身计算出来的 HK验 证所述 MAC的正确性, 如果验证通过, 则 PAR发送切换发起(HI, Handover Initiate ) 消息给 NAR, 该消息携带的 HK— REQ消息中包含 MN PK。  Step 202: After receiving the FBU message, the PAR first uses the HK calculated by itself to verify the correctness of the MAC. If the verification succeeds, the PAR sends a handover initiation (HI, Handover Initiate) message to the NAR, and the message carries the HK. – The MN PK is included in the REQ message.
步骤 203: NAR从接收到的 HI消息中获取 MN PK, 并生成携带 NAR PK 的 HK RSP消息 , 然后通过切换确认 ( HAck, Handover Acknowledgement ) 消 息发送给 PAR。  Step 203: The NAR obtains the MN PK from the received HI message, and generates a HK RSP message carrying the NAR PK, and then sends the message to the PAR through a handover acknowledgement (HAck, Handover Acknowledgement) message.
步骤 204: PAR在接收到的 HK RSP消息中使用 HK生成的 MAC进行完 整性保护, 并通过快速绑定确认 ( FBAck, Fast Binding Acknowledgement )发 送给 MN。  Step 204: The PAR performs integrity protection using the MAC generated by the HK in the received HK RSP message, and sends it to the MN through a fast binding confirmation (FBAck, Fast Binding Acknowledgement).
步骤 205: MN对接收到的 FBAck消息的 MAC进行正确性验证, 如果验 证通过, 则 MN采用非对称密钥机制, 即使用 MN PK和 NAR PK生成共享密 钥。 当 MN进入 NAR所在的新链路时, MN发送快速邻居公告 ( FNA, Fast Neighbor Advertisement )消息给 NAR, 该消息使用上述共享密钥生成的 MAC 进行完整性保护 , 从而 MN完成由 PAR到 NAR的切换。  Step 205: The MN performs correctness verification on the MAC of the received FBAck message. If the authentication passes, the MN adopts an asymmetric key mechanism, that is, uses the MN PK and the NAR PK to generate a shared key. When the MN enters the new link where the NAR is located, the MN sends a Fast Neighbor Advertisement (FNA) message to the NAR, and the message is integrity-protected using the MAC generated by the shared key, so that the MN completes the PAR to the NAR. Switch.
如图 3所示为现有技术中反应模式快速切换流程示意图,具体包括如下步 骤:  FIG. 3 is a schematic diagram of a fast switching process of a reaction mode in the prior art, which specifically includes the following steps:
步骤 301 : 如果上述预测模式的切换失败, MN到达 NAR所在的新链路 时, 发送 FNA消息给 NAR, 该消息携带 MN PK和 HK— REQ。  Step 301: If the switching of the foregoing prediction mode fails, when the MN arrives at the new link where the NAR is located, the FNA sends an FNA message to the NAR, where the message carries the MN PK and the HK_REQ.
步骤 302: NAR接收到该 FNA消息后, 通过 FBU消息把 HK— REQ发送 给 PAR, 该消息还携带有 NAR PK。 Step 302: After receiving the FNA message, the NAR sends the HK_REQ through the FBU message. For PAR, the message also carries the NAR PK.
步骤 303: PAR接收到该 FBU消息后, 检查 HK— REQ中的 MAC, 并发 送携带 HK RSP的 FBAck消息给 NAR, 该消息还携带有 NAR PK。  Step 303: After receiving the FBU message, the PAR checks the MAC in the HK-REQ, and sends a FBAck message carrying the HK RSP to the NAR, where the message also carries the NAR PK.
步骤 304: NAR接收到该 HK RSP消息后, 将该消息转发给 ΜΝ。 此时, ΜΝ完成由 PAR到 NAR的切换。  Step 304: After receiving the HK RSP message, the NAR forwards the message to the UI. At this point, ΜΝ completes the switch from PAR to NAR.
由上述公开的技术方案可知, 现有技术还存在以下缺陷:  According to the technical solution disclosed above, the prior art has the following drawbacks:
1.现有技术的安全机制并不完全根据现有的 AAA架构来生成共享密钥, 这种不对称的密钥生成机制与现有机制的区别较大, 不利于实施; 同时, 生成 该共享密钥的计算量较大, 将消耗 MN和 AR的大量计算资源;  1. The prior art security mechanism does not completely generate a shared key according to the existing AAA architecture. This asymmetric key generation mechanism is different from the existing mechanism, which is not conducive to implementation; meanwhile, the sharing is generated. The calculation of the key is large, which will consume a large amount of computing resources of MN and AR;
2.在切换过程中, AAA服务器对上述共享密钥完全不可知, 不利于运营 商对 MN切换的管理;  2. During the handover process, the AAA server is completely agnostic to the shared key, which is not conducive to the operator's management of the MN handover;
3.在现有预测模式的快速切换中,如果 MN没有接收到 PAR发送的 FBAck 消息, 则无法进行切换, 且浪费了 NAR对共享密钥的计算资源;  3. In the fast handover of the existing prediction mode, if the MN does not receive the FBAck message sent by the PAR, the handover cannot be performed, and the computing resources of the shared key by the NAR are wasted;
4.在现有反应模式的快速切换中 , 安全问题将导致切换延迟。  4. In the fast switching of existing reaction modes, security issues will cause switching delays.
发明内容 Summary of the invention
本发明实施例提供一种安全快速切换的方法及系统,通过建立移动节点与 目标网络的接入路由器之间的安全联盟来保证安全的快速切换, 减小切换延 迟。  Embodiments of the present invention provide a method and system for secure fast handover, which establishes a security association between a mobile node and an access router of a target network to ensure secure fast handover and reduce handover delay.
本发明实施例提供一种快速切换的方法, 上述方法包括步骤:  The embodiment of the invention provides a method for fast switching, and the method includes the following steps:
建立移动节点与目标网络的接入路由器 NAR之间的安全联盟;  Establishing a security alliance between the mobile node and the access router NAR of the target network;
所述 MN利用所述安全联盟进行快速移动切换, 接入到所述 NAR。  The MN performs fast mobile handover using the security association to access the NAR.
另外, 本发明实施例还提供一种快速切换的系统, 上述系统包括: 安全联盟建立单元, 用于建立移动节点与目标网络的接入路由器 NAR之 间的安全联盟;  In addition, the embodiment of the present invention further provides a fast handover system, where the system includes: a security association establishing unit, configured to establish a security association between the mobile node and the access router NAR of the target network;
安全保护执行单元, 用于利用所述安全联盟使所述移动节点接入到所述 a security protection execution unit, configured to use the security association to enable the mobile node to access the
NAR。 NAR.
由上述方案可知,本发明实施例在移动节点切换前,先建立移动节点与目 标网络的接入路由器之间的安全联盟(比如共享切换密钥、 切换密钥等), 在 切换到目标网路后,利用上述安全联盟确保上述移动节点安全接入到目标网络 的接入路由器。 即通过调整切换过程中密钥生成所需的参数, 实现对共享密钥 的生成流程的优化, 从而降低安全机制对快速切换的影响, 减小切换延迟, 同 时保证切换过程在网络的可控范围内。 According to the foregoing solution, the embodiment of the present invention establishes a security association (such as a shared switching key, a switching key, and the like) between the mobile node and the access router of the target network before the handover of the mobile node, and switches to the target network. Afterwards, the above security alliance is used to ensure that the mobile node is securely connected to the target network. Access router. That is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network. Inside.
附图说明 DRAWINGS
图 1为现有技术中切换密钥生成流程示意图;  1 is a schematic diagram of a process of generating a handover key in the prior art;
图 2为现有技术中预测模式快速切换流程示意图;  2 is a schematic diagram of a fast switching process of a prediction mode in the prior art;
图 3为现有技术中反应模式快速切换流程示意图;  3 is a schematic diagram of a fast switching process of a reaction mode in the prior art;
图 4为本发明实施例安全快速切换的方法的流程图;  4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention;
图 5为本发明实施例一的预测模式快速切换流程示意图;  FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention; FIG.
图 6为本发明实施例二的预测模式快速切换流程示意图;  6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention;
图 7为本发明实施例三的反应模式快速切换流程示意图;  7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention;
图 8为本发明实施例四的预测模式快速切换流程示意图;  8 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 4 of the present invention;
图 9为本发明实施例五的预测模式快速切换流程示意图;  9 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 5 of the present invention;
图 10为本发明实施例六的反应模式快速切换流程示意图;  10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention;
图 11为本发明实施例七的预测模式快速切换流程示意图;  11 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 7 of the present invention;
图 12为本发明实施例八的预测模式快速切换流程示意图。  FIG. 12 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 8 of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清 楚、 完整地描述, 显然, 所描述的实施例仅是本发明的一部分实施例, 而不是 全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造 性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  BRIEF DESCRIPTION OF THE DRAWINGS The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without departing from the inventive scope are the scope of the present invention.
如图 4所示为本发明实施例安全快速切换的方法的流程图,具体包括如下 步骤:  FIG. 4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention, which specifically includes the following steps:
步骤 401 : 在快速切换前, 建立移动节点与目标网络的接入路由器之间的 安全联盟;  Step 401: Establish a security association between the mobile node and the access router of the target network before the fast handover;
步骤 402: 在该移动节点的快速切换过程中, 利用上述安全联盟确保该移 动节点安全切换到该接入路由器。  Step 402: In the fast handover process of the mobile node, the security association is used to ensure that the mobile node securely switches to the access router.
本发明实施例在移动节点切换前,先建立移动节点与目标网络的接入路由 器之间的安全联盟(比如共享切换密钥、 切换密钥等), 在切换到目标网路后, 利用上述安全联盟确保上述移动节点安全接入到目标网络的接入路由器。即通 过调整切换过程中密钥生成所需的参数, 实现对共享密钥的生成流程的优化, 从而降低安全机制对快速切换的影响, 减小切换延迟, 同时保证切换过程在网 络的可控范围内。 In the embodiment of the present invention, before the mobile node switches, a security association (such as a shared switching key, a handover key, and the like) between the mobile node and the access router of the target network is established, and after switching to the target network, The above-mentioned security alliance is used to ensure that the above mobile node securely accesses the access router of the target network. That is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network. Inside.
如图 5所示为本发明实施例一的预测模式快速切换流程示意图。与现有技 术相比,本发明实施例中的 MN在决定切换目标前与多个候选 AR完成切换准 备, 具体包括如下步骤:  FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention. Compared with the prior art, the MN in the embodiment of the present invention completes the handover preparation with the multiple candidate ARs before determining the handover target, and specifically includes the following steps:
步骤 501: MN获取周围接入点的标识( AP-ID, Access Point-Identifier ), 然后向 PAR发送请求代理路由公告 ( RtSolPr, Router Solicitation for Proxy Advertisement ) 消息 , 以获取与目标 AP-ID对应的 AR信息。  Step 501: The MN obtains an identifier (AP-ID, Access Point-Identifier) of the surrounding access point, and then sends a message requesting RX (RtSolPr, Router Solicitation for Proxy Advertisement) message to the PAR to obtain a message corresponding to the target AP-ID. AR information.
步骤 502: PAR接收到上述 RtSolPr消息后, 向 MN发送代理路由公告 ( PrRtAdv, Proxy Router Advertisement ) 消息, 其中包含与目标 AP-ID对应的 AR信息。  Step 502: After receiving the RtSolPr message, the PAR sends a proxy routing advertisement (PrRtAdv, Proxy Router Advertisement) message to the MN, where the PAR includes the AR information corresponding to the target AP-ID.
步骤 503: MN接收到上述 PrRtAdv消息后 , 向所有 NAR发送 HK— REQ 消息, 该消息携带消息 ID、 伪随机函数、 CoA、 MN产生的随机数 nonce 1、 MN ID和使用 HIK生成的 MAC进行完整性保护 , 其中, MN ID可以是移动 节点的介质访问控制层标识( MAC ID, Media Access Control Identifier ), 或者 网 ^矣入标识符 ( NAI, Net Access Identifier )。该消息使用 MN和 AAA之间的 原安全联盟来进行完整性保护。  Step 503: After receiving the foregoing PrRtAdv message, the MN sends a HK_REQ message to all NARs, where the message carries the message ID, the pseudo-random function, the CoA, the random number nonce generated by the MN, the MN ID, and the MAC generated by using the HIK. Sex protection, where the MN ID may be a Media Access Control Identifier (MAC ID) of the mobile node, or a Net Access Identifier (NAI). This message uses the original security association between the MN and AAA for integrity protection.
上述 HK— REQ消息发送至 NAR的方式有以下三种:  There are three ways to send the above HK-REQ messages to NAR:
1.用源地址作为原转交地址( pCoA, previous Care-of Address ), 目的地址 为 NAR地址的数据包方式发送, 该方法可用于简单 IP网络中;  1. The source address is used as the original care-of address (pCoA, previous Care-of Address), and the destination address is sent in the form of a data packet of the NAR address. The method can be used in a simple IP network.
2.用嵌套互联网协议 ( IP-in-IP ) 的方式发送, 外部 IP地址分别为 MN的 pCoA和 PAR地址, 内部 IP地址分别为 MN的 pCoA和 NAR地址 ,该方法可 用于组播互联网协议 ( MIP, Multicast Internet Protocol ) 网络中;  2. Sended by nested Internet Protocol (IP-in-IP), the external IP address is the pCoA and PAR address of the MN, and the internal IP address is the pCoA and NAR address of the MN respectively. This method can be used for the multicast Internet protocol. (MIP, Multicast Internet Protocol) in the network;
3.用目的地址子头表示 IP包目的地的方式发送, IP头的地址分别为 MN 的 pCoA和 PAR地址, PAR收到 IP包后 , 把目的地址子头作为目标地址重新 构造 IP包, 并将其发往目的地址子头表示的地址(即 NAR地址), 该方法可 用于 MIP网络中。 步骤 504: NAR接收到上述 HK— REQ消息后, 通过认证授权请求( AA REQ ) 消息将其封装, 并转发给 AAA服务器。 3. The destination address subheader is used to indicate the IP packet destination. The IP header address is the MN's pCoA and PAR addresses respectively. After receiving the IP packet, the PAR reconstructs the IP packet with the destination address subheader as the destination address, and Send it to the address represented by the destination address sub-header (that is, the NAR address). This method can be used in the MIP network. Step 504: After receiving the above HK-REQ message, the NAR encapsulates the HK-REQ message and forwards it to the AAA server.
步骤 505: AAA服务器接收到上述 AA REQ消息后 ,对其封装的 HK— REQ 消息的 MAC正确性进行验证 , 并将携带验证结果的认证授权回应 ( AA RSP ) 消息发送给 NAR。如果验证通过, 则 AA RSP消息中携带 MN和 NAR之间的 新切换密钥 ( nHK, new Handover Key )。  Step 505: After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the NAR. If the verification is passed, the AA RSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
步骤 506: NAR记录该 MN的身份标识(比如 MAC— ID )和 nHK, 并向 MN发送 HK— RSP消息, 表明安全联盟建立成功。  Step 506: The NAR records the identity of the MN (such as the MAC_ID) and the nHK, and sends a HK-RSP message to the MN, indicating that the security association is successfully established.
步骤 507: ΜΝ决定进行快速切换时, ΜΝ向 PAR发送 FBU消息, 该消 息使用由 MN与 PAR共享的原切换密钥 ( pHK, previous Handover Key )生成 的消息认证码(pHK— MAC )来进行完整性保护。  Step 507: When determining to perform fast handover, the RP sends an FBU message to the PAR, and the message is completed by using a message authentication code (pHK-MAC) generated by the original handover key (pHK, previous Handover Key) shared by the MN and the PAR. Sexual protection.
步骤 508: PAR对上述 pHK— MAC的正确性进行验证,如果验证通过, PAR 与 NAR完成 HI消息和 HAck消息的交互(图中未示)后 , PAR向 MN发送 携带 pHK— MAC的 FBAck消息。  Step 508: PAR verifies the correctness of the above pHK-MAC. If the verification passes, PAR and NAR complete the interaction between the HI message and the HAck message (not shown), and the PAR sends the FBAck message carrying the pHK-MAC to the MN.
步骤 509: MN到达新的链路后, 向 NAR发送 FNA消息, 该消息中携带 Step 509: After the MN arrives at the new link, it sends an FNA message to the NAR, where the message carries
MN的身份标识, 并使用 nHK生成 MAC进行完整性保护。 此时, MN完成由 PAR到 NAR的快速切换过程。 MN's identity, and use nHK to generate MAC for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
由上述步骤可见, 实施例一的技术方案可以分为两个阶段实现: 在 MN 确定切换目标之前, MN尝试与 PrRtAdv消息提供的 AR信息相关的所有 NAR 进行密钥交互过程,再由 NAR访问 AAA服务器完成安全联盟的建立;在 MN 确定切换目标之后, MN用原安全联盟保护 FBU消息, 用对应的新安全联盟 保护 FNA消息。 由此可见, 该实施例由于在切换前已经建立了安全联盟, 从 而减少切换过程中的切换延迟。  It can be seen from the above steps that the technical solution of the first embodiment can be implemented in two phases: Before the MN determines the handover target, the MN attempts to perform a key interaction process with all the NARs related to the AR information provided by the PrRtAdv message, and then accesses the AAA by the NAR. The server completes the establishment of the security association; after the MN determines the handover target, the MN protects the FBU message with the original security association and protects the FNA message with the corresponding new security association. It can be seen that this embodiment reduces the handover delay in the handover process since the security association has been established before the handover.
可以理解的, 本发明实施例还可以进一步修改为: 在步骤 503和步骤 506 中添加 MN与 NAR对新转交地址( nCoA, New Care-of Address )信息的配置。 由此可以确保 PAR与 NAR的 HI/HAck交互消息中 nCoA的唯一性,从而避免 可能由 nCoA冲突导致的切换延迟。  It can be further understood that the embodiment of the present invention may be further modified to: add the configuration of the MN and NAR information to the new care-of address (nCoA) in steps 503 and 506. This ensures the uniqueness of the nCoA in the HI/HAck interaction message between the PAR and the NAR, thereby avoiding handover delays that may be caused by nCoA collisions.
图 6为本发明实施例二的预测模式快速切换流程示意图。本发明实施例的 步骤 601至步骤 602、 步骤 607至步骤 609与实施例一中的对应步骤相同: 步骤 603: MN接收到上述 PrRtAdv消息后 , 向 PAR发送 HK— REQ消息 , 该消息携带的身份标识可以是移动节点的 MAC ID, 或者 NAI。 该消息使用 MN和 AAA之间的原安全联盟来进行完整性保护。 FIG. 6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention. Steps 601 to 602 and steps 607 to 609 of the embodiment of the present invention are the same as the corresponding steps in the first embodiment: Step 603: After receiving the foregoing PrRtAdv message, the MN sends a HK-REQ message to the PAR, where the identity carried by the message may be the MAC ID of the mobile node, or the NAI. This message uses the original security association between the MN and AAA for integrity protection.
上述 HK— REQ消息发送至 NAR的三种方式, 同实施例一, 不再赘述。 步骤 604: PAR接收到上述 HK— REQ消息后, 通过认证授权请求(AA The above three manners of sending the HK-REQ message to the NAR are the same as those in the first embodiment, and are not described again. Step 604: After receiving the above HK-REQ message, the PAR passes the authentication authorization request (AA)
REQ ) 消息将其封装, 并转发给 AAA服务器。 The REQ) message encapsulates it and forwards it to the AAA server.
步骤 605: AAA服务器接收到上述 AA REQ消息后 ,对其封装的 HK— REQ 消息的 MAC正确性进行验证 , 并将携带验证结果的认证授权回应 ( AA RSP ) 消息发送给 PAR。 如果验证通过, 则 AARSP消息中携带 MN和 NAR之间的 新切换密钥 ( nHK, new Handover Key )。  Step 605: After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the PAR. If the verification is passed, the AARSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
步骤 605,: AAA服务器发送 AA RSP消息给 NAR, 该消息携带 MN和 NAR之间的切换密钥 nHK。  Step 605: The AAA server sends an AA RSP message to the NAR, where the message carries the handover key nHK between the MN and the NAR.
步骤 606: PAR记录该 MN的身份标识和 nHK,并向 MN发送所述 HK— RSP 消息, 表明安全联盟建立成功。  Step 606: The PAR records the identity of the MN and the nHK, and sends the HK-RSP message to the MN, indicating that the security association is successfully established.
由上述步骤可见, 实施例二与实施例一的区别在于, MN与 NAR的密钥 交互过程是通过 MN间接与 AAA服务器交互(通过 PAR进行, 而 NAR未参 与)来完成的,再由 AAA服务器把为每个 NAR生成的密钥下发给各个 NAR。 因此, 当 MN需要与多个 NAR建立安全联盟时, MN与 AAA服务器仅需完 成一次交互过程, 节约了信令开销。  It can be seen from the above steps that the difference between the second embodiment and the first embodiment is that the key interaction process between the MN and the NAR is performed by the MN indirectly interacting with the AAA server (through the PAR, and the NAR is not involved), and then the AAA server. The key generated for each NAR is delivered to each NAR. Therefore, when the MN needs to establish a security association with multiple NARs, the MN and the AAA server only need to complete an interaction process, which saves signaling overhead.
如果上述预测模式实施例所示的快速切换流程没有顺利完成,以实施例一 为例, 即仅完成了第一阶段安全联盟的建立, 而 MN没有来得及向 PAR发送 FBU消息就已经到达 NAR所在的新链路, 那么, 切换方式将由实施例一中的 预测模式转换为反应模式。  If the fast handover procedure shown in the foregoing prediction mode embodiment is not successfully completed, the first embodiment is used as an example, that is, only the establishment of the first-stage security alliance is completed, and the MN does not have time to send the FBU message to the PAR to reach the NAR. The new link, then, the switching mode will be converted from the prediction mode in the first embodiment to the reaction mode.
图 7为本发明实施例三的反应模式快速切换流程示意图。本发明实施例是 以上述预测模式实施例的第一阶段 (即完成安全联盟的建立)为基础的, 由于 MN没有在到达 NAR所在的新链路之前向 PAR发送 FBU消息 , 因此转入反 应模式, 其具体步骤如下:  FIG. 7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention. The embodiment of the present invention is based on the first stage of the foregoing prediction mode embodiment (that is, the establishment of the security association is completed). Since the MN does not send the FBU message to the PAR before reaching the new link where the NAR is located, the MN does not enter the response mode. The specific steps are as follows:
步骤 701: MN还没有在 PAR下发 FBU消息就接入了 NAR, MN主动向 NAR发送主动邻居公告 ( UNA, Unsolicited Neighbor Advertisement )消息, 如 果在发送该消息之前 , MN知道 nHK, 则该消息由 nHK生成的 MAC进行完 整性保护; 如果 MN不知道 nHK, 则不进行完整性保护。 Step 701: The MN has not accessed the NAR by sending a FBU message to the PAR, and the MN actively sends an UNA (Unsolicited Neighbor Advertisement) message to the NAR, such as If the MN knows nHK before sending the message, the message is integrity protected by the MAC generated by nHK; if the MN does not know nHK, then integrity protection is not performed.
步骤 702: MN发送 FBU消息给 PAR, 该消息携带 pCoA, 并使用由 pHK 生成的 MAC进行完整性保护 , 由于 MN已到达 NAR所在的新链路, 因此, 该消息可以用源地址为 nCoA、 目的地址为 PAR的 IP消息发送。  Step 702: The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message may use the source address as nCoA. The IP message with the address PAR is sent.
步骤 703: PAR接收到上述 FBU消息后 ,对 pHK— MAC进行正确性验证 , 并将携带该验证结果的 FBAck消息发送给 MN,由于 MN已到达 NAR所在的 新链路, 因此, 该消息可以用源地址为 nCoA、 目的地址为 MN的 IP消息发 送。同时, PAR将发往 pCoA的緩存数据通过 IP-in-IP隧道转发到 MN的 nCoA。  Step 703: After receiving the FBU message, the PAR performs correctness verification on the pHK-MAC, and sends an FBAck message carrying the verification result to the MN. Since the MN has arrived at the new link where the NAR is located, the message may be used. The IP address of the source address is nCoA and the destination address is MN. At the same time, PAR forwards the buffered data destined for pCoA to the MN's nCoA through the IP-in-IP tunnel.
图 8 为本发明实施例四的预测模式快速切换流程示意图。 与现有技术相 比, 本发明实施例中, 在 MN决定切换目标之前, PAR先获取 AAA服务器的 随机数(AAA nonce ), 为后续的切换做好准备, 具体包括如下步骤:  FIG. 8 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 4 of the present invention. Compared with the prior art, in the embodiment of the present invention, before the MN determines the handover target, the PAR first obtains the AAA nonce of the AAA server, and prepares for the subsequent handover, which includes the following steps:
步骤 801 : PAR通过链路层触发(例如 IEEE 802.21中的媒体无关切换中, MN切换时的候选网络查询请求( MIH—MN—HO— Candidate— Query request ) 消 息)获知 MN将要发生切换, 但没有明确的切换目标, 此时, PAR向 AAA服 务器发送 AAAREQ消息, 请求获取 AAAnonce。 在实际应用中, 该步骤应发 生在 PAR向 MN发送 PrRtAdv消息发送之后 , MN向 PAR发送 FBU消息发 送之前。  Step 801: The PAR learns that the MN is about to switch by using a link layer trigger (for example, a media-independent handover in IEEE 802.21, a MIH-MN-Candidate-Query request message), but no A clear handover target. At this point, the PAR sends an AAAREQ message to the AAA server requesting to obtain an AAAnonce. In practical applications, this step should occur after the PAR sends a PrRtAdv message to the MN, before the MN sends an FBU message to the PAR.
步骤 802: AAA服务器收到 AAA REQ消息后 , 将生成的 AAA RSP消息 发送给 PAR,该消息携带 AAA nonce及其对应的 AAA随机数索弓 ) ( AAA nonce Index ), PAR收到该消息后, 将从中提取出的 AAA nonce及其对应的 AAA nonce Index保存下来。  Step 802: After receiving the AAA REQ message, the AAA server sends the generated AAA RSP message to the PAR, where the message carries the AAA nonce and its corresponding AAA nonce index. After the PAR receives the message, The AAA nonce extracted from it and its corresponding AAA nonce Index are saved.
步骤 803: 当 MN决定进行快速切换时, 该 MN发送 FBU消息给 PAR, 该消息携带请求 AAA服务器生成 nHK 的 nHK— Req, 并使用 pHK生成的 pHK MAC进行完整性保护。  Step 803: When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message carries the requesting AAA server to generate nHK_Req of nHK, and uses the pHK MAC generated by the pHK for integrity protection.
步骤 804: PAR对该 MN的 pHK— MAC进行正确性验证, 如果验证通过, 则发送 HI消息给 NAR, 该消息携带 nHK— Req和 AAAnonce Index。 其中, 该 HI消息必须加密保护, 其具体的加密与现有技术相同, 在此不再赞述。  Step 804: The PAR verifies the correctness of the MN's pHK-MAC. If the verification succeeds, the HI message is sent to the NAR, and the message carries the nHK-Req and the AAAnonce Index. The HI message must be encrypted and protected. The specific encryption is the same as the prior art, and is not mentioned here.
步骤 804,: PAR发送 FBU的确认消息 FAck给 MN, 该消息携带 AAA nonce , 并用 pHK 生成的 pHK— MAC 进行完整性保护。 MN对该消息的 pHK— MAC进行正确性验证, 如果验证通过, 则可利用如下公式生成 nHK。 Step 804: The PAR sends an acknowledgement message FAck of the FBU to the MN, and the message carries the AAA. Nonce, and pHK-MAC generated by pHK for integrity protection. The MN verifies the correctness of the pHK-MAC of the message. If the verification passes, the following formula can be used to generate nHK.
nHK = gprf+ (HMK,匪 nonce | AAA nonce|匪 ID | AR ID | "Handover Key")  nHK = gprf+ (HMK,匪 nonce | AAA nonce|匪 ID | AR ID | "Handover Key")
步骤 805,: NAR接收到上述 HI消息后, 获取该消息携带的 nHK— Req, 并生成 AAA REQ消息发送给 AAA服务器,该消息携带 AAA nonce Index。 同 时 , 在步骤 805中 , NAR发送 HAck消息给 PAR。  Step 805: After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 805, the NAR sends a HAck message to the PAR.
步骤 806: PAR接收到上述 HAck消息后, 发送 FBAck消息给 MN, 并使 用 pHK生成的 pHK— MAC进行完整性保护。  Step 806: After receiving the HAck message, the PAR sends an FBAck message to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
步骤 806,: AAA服务器接收到携带 AAA nonce Index的 AAA REQ消息 后 ,通过该 Index查询到相应的 AAA nonce,并按步骤 804,中的公式生成 nHK, 然后发送携带 nHK的 AAA RSP消息给 NAR。  Step 806: After receiving the AAA REQ message carrying the AAA nonce index, the AAA server queries the corresponding AAA nonce through the index, generates nHK according to the formula in step 804, and then sends an AAA RSP message carrying the nHK to the NAR.
步骤 807: MN到达 NAR所在的新链路时 ,发送 FNA消息给 NAR, 该消 息使用 nHK生成的 MAC进行完整性保护。此时, MN完成由 PAR到 NAR的 快速切换过程。  Step 807: When the MN arrives at the new link where the NAR is located, it sends an FNA message to the NAR, and the message uses the MAC generated by the nHK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
如果本发明实施例所示的快速切换流程没有顺利完成,即 MN没有在到达 NAR所在的新链路之前向 PAR发送 FBU消息, 则转入反应模式, 具体实现 可参见本发明的实施例三。  If the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN does not send the FBU message to the PAR before reaching the new link where the NAR is located, and then proceeds to the reaction mode. For the specific implementation, refer to Embodiment 3 of the present invention.
在本发明实施例中 , PAR予贞先向 AAA获取 AAA nonce参数, 并在 MN 发送 FBU之后通过一个确认消息返回 AAA nonce参数,从而让 MN可以在没 有收到快速绑定确认 FBAck的情况下生成新的切换密钥, 完成切换流程, 减 少了切换延时  In the embodiment of the present invention, the PAR obtains the AAA nonce parameter from the AAA, and returns the AAA nonce parameter through an acknowledgement message after the MN sends the FBU, so that the MN can generate the fast binding confirmation FBAck without receiving the fast binding confirmation FBAck. New switching key, complete the switching process, reduce switching delay
图 9为实施例五预测模式快速切换流程示意图。 本发明实施例中, MN决 定切换时,与目标 NAR完成临时安全联盟的建立,从而实现安全快速的切换。  FIG. 9 is a schematic diagram of a fast switching process of the prediction mode in the fifth embodiment. In the embodiment of the present invention, when the MN decides to switch, the establishment of the temporary security alliance with the target NAR is completed, thereby implementing a secure and fast handover.
MN决定进行切换之前的准备包括如下步骤:  The preparation before the MN decides to switch includes the following steps:
首先, MN与 PAR根据现有技术的切换密钥生成流程, 生成 HK;  First, the MN and the PAR generate a HK according to the switching key generation process of the prior art;
然后, MN与 PAR再分别派生出标准切换密钥 ( SHK, Standard Handover Key )和临时切换密钥 (THK, Temporary Handover Key ), 两者的计算公式如 下: SHK = gprf(HK,匪 pCoA| PAR IP| "normal handover key") Then, MN and PAR respectively derive a standard handover key (SHK, Standard Handover Key) and a temporary handover key (THK, Temporary Handover Key), and the calculation formulas of the two are as follows: SHK = gprf(HK,匪pCoA| PAR IP| "normal handover key")
THK = gprf (HK,丽 pCoA | NAR IP| "temporary handover key")  THK = gprf (HK, 丽 pCoA | NAR IP| "temporary handover key")
本发明实施例具体包括如下步骤:  The embodiment of the invention specifically includes the following steps:
步骤 901 : MN决定要进行快速切换时, MN向 PAR发送 FBU消息, 该 消息使用 SHK生成的 MAC进行完整性保护。  Step 901: When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message uses the MAC generated by the SHK for integrity protection.
步骤 902: PAR接收到该 FBU消息后, 对其 MAC进行正确性验证, 如果 验证通过, 则 PAR向 NAR发送 HI消息, 该消息携带 THK。 HI消息必须加 密保护, 其加密技术与现有技术相同, 此处不再赘述。  Step 902: After receiving the FBU message, the PAR performs correctness verification on the MAC. If the verification succeeds, the PAR sends an HI message to the NAR, where the message carries the THK. The HI message must be encrypted. The encryption technology is the same as the prior art and will not be described here.
步骤 903: NAR接收到该 HI消息后 ,从该消息中提取 THK,并发送 HAck 消息给 PAR。  Step 903: After receiving the HI message, the NAR extracts the THK from the message and sends a HAck message to the PAR.
步骤 904: PAR接收到该 HAck消息后, 发送 FBAck消息给 MN, 该消息 使用 SHK生成 MAC进行完整性保护。  Step 904: After receiving the HAck message, the PAR sends an FBAck message to the MN, and the message uses the SHK to generate a MAC for integrity protection.
步骤 905: MN到达 NAR所在的新链路后 , MN发送 FNA消息给 NAR, 该消息使用 THK生成的 MAC进行完整性保护。此时, MN完成由 PAR到 NAR 的快速切换过程。  Step 905: After the MN arrives at the new link where the NAR is located, the MN sends an FNA message to the NAR, and the message uses the MAC generated by the THK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
步骤 906: 切换过程结束后, MN或 PAR立即通过现有技术所示的切换密 钥生成流程获取新的 SHK和 THK, 用于进行下一次切换。  Step 906: After the handover process ends, the MN or PAR immediately acquires the new SHK and THK through the handover key generation process shown in the prior art for the next handover.
由上述步骤可知,本发明实施例在现有切换密钥生成技术的基础上增加了 SHK与 THK的密钥生成层次, 其中, SHK用于建立 MN和 PAR之间的安全 联盟, THK由 PAR传给 NAR, 用于建立 MN和 NAR之间的临时安全联盟。
Figure imgf000013_0001
It can be seen from the above steps that the embodiment of the present invention adds the key generation hierarchy of SHK and THK based on the existing handover key generation technology, wherein SHK is used to establish a security association between MN and PAR, and THK is transmitted by PAR. The NAR is used to establish a temporary security association between the MN and the NAR.
Figure imgf000013_0001
如果本发明实施例所示的快速切换流程没有顺利完成, 即 MN和 PAR完 成了 SHK和 THK的计算过程,但 MN没有来得及向 PAR发送 FBU消息就已 经到达 NAR所在的新链路, 那么, 切换方式将由实施例五中的预测模式转换 为相应的反应模式。  If the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN and the PAR complete the calculation process of the SHK and the THK, but the MN does not have time to send the FBU message to the PAR and has arrived at the new link where the NAR is located, then, the handover The mode will be converted from the prediction mode in the fifth embodiment to the corresponding reaction mode.
图 10为本发明实施例六的反应模式快速切换流程示意图。 本发明实施例 包括如下步骤:  FIG. 10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention. Embodiments of the present invention include the following steps:
步骤 1001: MN向 NAR发送 UNA消息。 可选的, 该消息利用 THK生成 的 MAC进行完整性保护。 Step 1001: The MN sends an UNA message to the NAR. Optionally, the message is generated using THK The MAC is integrity protected.
步骤 1002: MN发送 FBU消息给 PAR, 该消息携带 pCoA, 并使用 pHK 生成的 pHK— MAC进行完整性保护 , 由于 MN已到达 NAR所在的新链路, 因 此 , 该消息可以用源地址为 nCoA、 目的地址为 PAR的 IP消息发送。  Step 1002: The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the pHK-MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message can be sourced with nCoA, The IP address of the destination address is PAR.
步骤 1003: PAR接收到该 FBU消息后 ,对其 pHK— MAC进行正确性验证。 如果验证通过, 则发送携带验证结果的 FBAck消息给 MN, 由于 MN已到达 NAR所在的新链路, 因此, 该消息可以用源地址为 nCoA、 目的地址为 MN 的 IP消息发送。 同时, PAR把发往 pCoA的緩存数据通过 IP-in-IP隧道转发到 MN的 nCoA。 此时, MN完成由 PAR到 NAR的快速切换过程。  Step 1003: After receiving the FBU message, the PAR performs correctness verification on its pHK-MAC. If the verification succeeds, the FBAck message carrying the verification result is sent to the MN. Since the MN has arrived at the new link where the NAR is located, the message can be sent by using an IP message whose source address is nCoA and whose destination address is MN. At the same time, the PAR forwards the buffered data destined for the pCoA to the MN's nCoA through the IP-in-IP tunnel. At this point, the MN completes the fast handover process from PAR to NAR.
步骤 1004:切换过程结束后 , MN或 NAR将发起新 HK的生成过程, MN 与 PAR再分别派生出 SHK和 THK。  Step 1004: After the handover process ends, the MN or NAR will initiate a new HK generation process, and the MN and the PAR respectively derive SHK and THK.
由此可见, 本发明实施例较容易实现, 由于完全使用对称的密钥机制, 计 算量不大, 节省了计算资源, 此外, 在切换过程中, 不需要访问 AAA服务器 就可以完成对 MN进行快速切换的授权, 从而保证了 MN在原链路发出 FBU 消息后, 不会应为安全原因导致切换延迟或切换失败,也不会增加从预测型切 换转入反应型切换的概率。  It can be seen that the embodiment of the present invention is relatively easy to implement. Because the symmetric key mechanism is completely used, the calculation amount is small, and the computing resources are saved. In addition, in the handover process, the MN can be completed without accessing the AAA server. The authorization of the handover ensures that after the FNB message is sent on the original link, the MN should not cause handover delay or handover failure for security reasons, nor increase the probability of switching from predictive handover to reactive handover.
图 11为实施例七的预测模式快速切换流程示意图。本发明实施例中, MN 决定进行切换后, 与目标 NAR先后建立多个安全联盟, 保证 MN在切换过程 中, 已生成的多个密钥之中必然有一个密钥是有效的,从而实现安全的快速切 换。  FIG. 11 is a schematic diagram of a fast switching process of the prediction mode in the seventh embodiment. In the embodiment of the present invention, after the MN decides to perform the handover, multiple security associations are established with the target NAR in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby implementing security. Fast switching.
首先, 定义 MN与 NAR之间共享密钥: nHK,和和 nHK。  First, define the shared key between MN and NAR: nHK, and nHK.
其中, nHK的计算公式如下:  Among them, the calculation formula of nHK is as follows:
公式 111 :  Formula 111:
nHK' = gprf + (HMK,固 nonce | MN ID | AR ID | "Handover Key") 公式 112:  nHK' = gprf + (HMK, solid nonce | MN ID | AR ID | "Handover Key") Equation 112:
nHK = prf(nHK', NAR nonce)  nHK = prf(nHK', NAR nonce)
本发明实施例包括如下步骤:  Embodiments of the present invention include the following steps:
步骤 1101 : 当 MN决定进行快速切换时, 发送 FBU消息给 PAR, 该消息 携带请求 AAA服务器生成 nHK的 nHK— Req,并使用 pHK生成的 pHK— MAC 进行完整性保护。 Step 1101: When the MN decides to perform fast handover, send an FBU message to the PAR, where the message carries the nHK_Req requesting the AAA server to generate nHK, and uses the pHK-MAC generated by the pHK. Integrity protection.
步骤 1102: PAR对该 MN的 pHK— MAC进行正确性验证,如果验证通过, 则发送携带 nHK— Req的 HI消息给 NAR。 该消息必须加密保护 , 其具体的加 密与现有技术相同, 在此不再赘述。  Step 1102: The PAR verifies the correctness of the pHK-MAC of the MN. If the verification succeeds, the HI message carrying the nHK_Req is sent to the NAR. The message must be cryptographically protected. The specific encryption is the same as the prior art and will not be described here.
步骤 1103,: NAR接收到上述 HI消息后, 获取该消息携带的 nHK— Req, 并生成 AAA REQ消息发送给 AAA服务器, 该消息携带 NAR nonce。 同时, 在步骤 1103中, NAR发送 HAck消息给 PAR, 该消息携带用于生成 nHK的 NAR nones。  Step 1103: After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the NAR nonce. At the same time, in step 1103, the NAR sends a HAck message to the PAR, which carries the NAR nones for generating nHK.
步骤 1104: PAR接收到上述 HAck消息后 ,发送携带 NAR nonce的 FBAck 消息给 MN, 并使用 pHK生成的 pHK— MAC进行完整性保护。  Step 1104: After receiving the HAck message, the PAR sends an FARck message carrying the NAR nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
步骤 1104,: AAA服务器接收到携带 NAR nonce的 AAAREQ消息后,按 照公式 111生成 ηΗΚ, ,并发送携带该 nHK,的 AAA RSP消息给 NAR。该 NAR 接收到该消息后按照公式 112生成 nHK。  Step 1104: After receiving the AAAREQ message carrying the NAR nonce, the AAA server generates ηΗΚ according to the formula 111, and sends an AAA RSP message carrying the nHK to the NAR. After receiving the message, the NAR generates nHK according to formula 112.
步骤 1105: MN到达 NAR所在的新链路时 , 如果 MN接收到了 PAR发 送的 FBAck消息, 利用该消息中的 NAR nonce以及公式 112生成 nHK, 则 MN发送给 NAR的 FNA消息没有携带 FBU, 并使用 nHK生成的 MAC进行 完整性保护(如图 11中所示);如果 MN没有接收到 PAR发送的 FBAck消息, 根据公式 111生成 ηΗΚ' , 则 MN发送给 NAR的 FNA消息携带 FBU, 并使用 nHK,生成的 MAC进行完整性保护 (图 11中未示)。 相应的, NAR才 据接收 到的 FNA中是否携带 FBU来判断 MN是否收到了 FBAck,如果 NAR接收到 的 FNA消息中携带 FBU, 则 NAR认为 MN没有收到 FBAck消息 , 因此使用 nHK'生成的 MAC对 FBU的 MAC进行正确性验证;如果 NAR接收到的 FNA 消息中没有携带 FBU,则 NAR认为 MN接收到了 FBAck消息 ,因此使用 nHK 生成的 MAC对 FBU的 MAC进行正确性 -险证。此时, MN完成由 PAR到 NAR 的快速切换过程。  Step 1105: When the MN arrives at the new link where the NAR is located, if the MN receives the FBAck message sent by the PAR, and uses the NAR nonce in the message and the formula 112 to generate the nHK, the FNA message sent by the MN to the NAR does not carry the FBU, and is used. The MAC generated by the nHK performs integrity protection (as shown in FIG. 11); if the MN does not receive the FBAck message sent by the PAR, and generates ηΗΚ' according to the formula 111, the FNA message sent by the MN to the NAR carries the FBU, and uses nHK, The generated MAC is integrity protected (not shown in Figure 11). Correspondingly, the NAR determines whether the MN has received the FBAck according to whether the FNA is carried in the received FNA. If the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the MAC generated by nHK'. The FBU's MAC is correctly verified. If the FNA message received by the NAR does not carry the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by the nHK to perform the correctness-risk on the FBU's MAC. At this point, the MN completes the fast handover process from PAR to NAR.
由上述步骤可知 , 在本发明实施例中, MN经由 PAR与 NAR进行消息交 互, 生成第一切换密钥 nHK,和第二切换密钥 nHK; NAR接收到 AAA服务器 生成的第一切换密钥 ηΗΚ' , 并据此生成第二切换密钥 nHK, 从而在 MN与 NAR之间建立了两个安全联盟。 当 MN决定切换时, MN向 NAR发送 FNA 消息, NAR判断该消息的内容, 并决定使用哪个切换密钥。 因此, 本发明实 施例避免了现有技术中由 FBAck消息带来的切换问题, 保证了安全的快速切 换。 According to the foregoing steps, in the embodiment of the present invention, the MN performs message exchange with the NAR via PAR to generate a first handover key nHK, and a second handover key nHK; and the NAR receives the first handover key η generated by the AAA server. And generating a second handover key nHK accordingly, thereby establishing two security associations between the MN and the NAR. When the MN decides to switch, the MN sends an FNA to the NAR. The message, NAR determines the content of the message and decides which switch key to use. Therefore, the embodiment of the present invention avoids the handover problem caused by the FBAck message in the prior art, and ensures fast and secure handover.
如果本发明实施例所示的快速切换流程没有顺利完成,即 MN没有在到达 NAR所在的新链路之前向 PAR发送 FBU消息, 则切换模式由本发明实施例 的预测模式转换为反应模式,其具体实现与本发明的实施例三类似, 区别仅在 于 MN发送给 NAR的 UNA消息使用 nHK'生成的 MAC进行完整性保护。 而 NAR则通过判断 UNA的标识位来决定验证其正确性的 MAC使用哪个密钥 ( nHK或者 ηΗΚ' )生成; NAR也可以分别使用两个密钥 (nHK或者 ηΗΚ' ) 生成的 MAC对 UNA消息进行正确性验证,通过验证的相应密钥将作为 NAR 与该 MN之间的共享密钥。  If the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN does not send an FBU message to the PAR before the new link where the NAR is located, the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is similar to the third embodiment of the present invention, except that the UNA message sent by the MN to the NAR is integrity protected using the MAC generated by nHK'. The NAR determines which key (nHK or ηΗΚ') the MAC used to verify its correctness is determined by judging the UNA flag. The NAR can also use the two keys (nHK or ηΗΚ') to generate the MAC-to-UNA message. For correctness verification, the corresponding key verified will be used as the shared key between the NAR and the MN.
本发明实施例还可以分为两个阶段进行: 第一阶段,在 MN决定切换目标 之前, PAR先获取 AAA服务器的随机数(AAA nonce ); 第二阶段, 在 MN 决定切换目标之后, MN与目标 NAR先后建立多个安全联盟, 保证 MN在切 换过程中, 已生成的多个密钥之中必然有一个密钥是有效的,从而实现安全的 快速切换。  The embodiment of the present invention can also be divided into two phases: In the first phase, before the MN decides to switch the target, the PAR first acquires the random number of the AAA server (AAA nonce); in the second phase, after the MN decides to switch the target, the MN and the MN The target NAR establishes multiple security alliances in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby achieving secure fast handover.
图 12为实施例八的预测模式快速切换流程示意图。 本发明实施例的第一 阶段与本发明实施例四相同, 步骤 1201至步骤 1204与步骤 801至步骤 804 相同。 本发明实施例的第二阶段具体包括如下步骤:  FIG. 12 is a schematic diagram of a fast switching process of a prediction mode in Embodiment 8. The first stage of the embodiment of the present invention is the same as the fourth embodiment of the present invention, and the steps 1201 to 1204 are the same as the steps 801 to 804. The second phase of the embodiment of the present invention specifically includes the following steps:
步骤 1205': NAR接收到 HI消息后, 获取该消息携带的 nHK— Req, 并生 成 AAA REQ消息发送给 AAA服务器 , 该消息携带 AAA nonce Index。 同时 , 在步骤 1205中, NAR发送 HAck消息给 PAR。  Step 1205': After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 1205, the NAR sends a HAck message to the PAR.
步骤 1206: PAR接收到上述 HAck消息后 ,发送携带 AAA nonce的 FBAck 消息给 MN, 并使用 pHK生成的 pHK— MAC进行完整性保护。  Step 1206: After receiving the HAck message, the PAR sends an FBAck message carrying the AAA nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
步骤 1206,: AAA服务器接收到上述 AAA REQ消息后, 通过该 Index查 询到相应的 AAA nonce, 并按照公式 111生成 ηΗΚ' , 然后发送携带 nHK,和 Step 1206, after receiving the AAA REQ message, the AAA server queries the corresponding AAA nonce through the Index, generates ηΗΚ' according to the formula 111, and then sends and carries nHK, and
AAA nonce的 AAA RSP消息给 NAR。 NAR接收到该消息后, 按照公式 112 生成 nHK:。 AAA nonce AAA RSP message to NAR. After receiving the message, the NAR generates nHK: according to Equation 112.
步骤 1207: MN到达 NAR所在的新链路时 , 如果 MN接收到了 PAR发 送的 FBAck消息 , 则 MN发送给 NAR的 FNA消息使用 nHK生成的 MAC进 行完整性保护; 如果 MN没有接收到 PAR发送的 FBAck消息, 则 MN发送给 NAR的 FNA消息使用 nHK'生成的 MAC进行完整性保护。相应的 ,如果 NAR 接收到的 FNA消息中携带了 FBU, 则 NAR认为 MN没有收到 FBAck消息 , 因此使用 nHK,生成的 MAC对 FBU的 MAC进行正确性验证; 如果 NAR接 收到的 FNA消息中没有携带 FBU, 则 NAR认为 MN接收到了 FBAck消息 , 因此使用 nHK生成的 MAC对 FBU的 MAC进行正确性-险证。 此时, MN完 成由 PAR到 NAR的快速切换过程。 Step 1207: When the MN arrives at the new link where the NAR is located, if the MN receives the PAR transmission If the FBAck message is sent, the FNA message sent by the MN to the NAR is integrity-protected using the MAC generated by the nHK. If the MN does not receive the FBAck message sent by the PAR, the FNA message sent by the MN to the NAR is completed using the MAC generated by nHK'. Sexual protection. Correspondingly, if the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the generated MAC to verify the correctness of the FBU's MAC; if the NAR receives the FNA message, Carrying the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by nHK to perform correctness-risk on the MAC of the FBU. At this point, the MN completes the fast handover process from PAR to NAR.
如果本发明实施例所示的快速切换流程没有顺利完成,即 MN没有在到达 NAR所在的新链路之前向 PAR发送 FBU消息, 则切换模式由本发明实施例 的预测模式转换为反应模式, 其具体实现与本发明的实施例六相同。  If the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN does not send an FBU message to the PAR before the new link where the NAR is located, the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is the same as that of the sixth embodiment of the present invention.
本发明实施例中由于添加 MN与 NAR对 nCoA信息的配置, 由此可以确 保 PAR与 NAR的 HI/HAck交互消息中 nCoA的唯一性 ,从而避免可能由 nCoA 冲突导致的切换延迟。  In the embodiment of the present invention, by adding the MN and the NAR to configure the nCoA information, the uniqueness of the nCoA in the HI/HAck interaction message between the PAR and the NAR can be ensured, thereby avoiding the handover delay that may be caused by the nCoA collision.
另外, 本发明实施例还提供一种为安全快速切换的系统, 该系统包括: 安 全联盟建立单元和安全保护执行单元。 其中, 上述安全联盟建立单元, 用于在 快速切换前, 建立移动节点与目标网络的接入路由器 NAR之间的安全联盟; 上述安全保护执行单元,用于利用所述安全联盟该移动节点接入到所述 NAR。  In addition, an embodiment of the present invention further provides a system for secure fast handover, where the system includes: a security alliance establishing unit and a security protection executing unit. The security association establishing unit is configured to establish a security association between the mobile node and the access router NAR of the target network before the fast handover; the security protection execution unit is configured to use the security association to access the mobile node. To the NAR.
优选的, 所述安全联盟建立单元包括第一类安全联盟建立单元、第二类安 全联盟建立单元、第三类安全联盟建立单元和第四类安全联盟建立单元中的一 个或多个单元:  Preferably, the security association establishing unit includes one or more units in the first type of security alliance establishing unit, the second type of security alliance establishing unit, the third type of security alliance establishing unit, and the fourth type of security alliance establishing unit:
所述第一类安全联盟建立单元, 用于在快速切换前, 利用移动节点与至少 一个 NAR进行密钥交互, 生成安全联盟, 所述 NAR与 AAA服务器进行信息 交互, 完成所述安全联盟的建立; 或者所述 MN通过 PAR与 AAA服务器进 行信息交互, 由 AAA服务器生成与至少一个 NAR相应的安全联盟, 并下发 给所述 NAR, 完成所述安全联盟的建立;  The first type of security association establishing unit is configured to perform a key interaction between the mobile node and the at least one NAR to generate a security association, and the NAR interacts with the AAA server to complete the establishment of the security association. Or the MN performs information exchange with the AAA server through the PAR, and the AAA server generates an security association corresponding to the at least one NAR, and sends the security association to the NAR to complete the establishment of the security association;
所述第二类安全联盟建立单元,用于在快速切换前, PAR预先获取移动节 点生成密钥所需的密钥信息,并在移动节点发送快速绑定更新消息后通过确认 消息返回密钥信息,移动节点根据所述密钥信息生成切换密钥, 完成安全联盟 的建立; The second type of security association establishing unit is configured to obtain, in advance, the key information required by the mobile node to generate a key, and return the key information by using a confirmation message after the mobile node sends the fast binding update message. The mobile node generates a handover key according to the key information, and completes the security alliance. Establishment
所述第三类安全联盟建立单元,用于在快速切换前,计算移动节点与 PAR 之间标准切换密钥和临时切换密钥; 当移动节点需要切换时, 所述 PAR在切 换触发消息中把所述临时切换密钥发送给 NAR, 建立所述移动节点与所述 NAR之间的安全联盟;  The third type of security association establishing unit is configured to calculate a standard handover key and a temporary handover key between the mobile node and the PAR before the fast handover; when the mobile node needs to switch, the PAR is in the handover trigger message Transmitting the temporary handover key to the NAR, establishing a security association between the mobile node and the NAR;
所述第四类安全联盟建立单元, 用于在快速决换前,从所述移动节点通过 PAR与 NAR进行消息交互中获得生成密钥所需的密钥信息, 并生成第一和第 二切换密钥; AAA服务器根据接收到密钥请求消息生成第一切换密钥, 并反 馈生成结果给所述的 NAR, 所述的 NAR再根据密钥信息生成第二切换密钥 , 完成多个安全联盟的建立。  The fourth type of security association establishing unit is configured to obtain key information required for generating a key from the mobile node through message interaction between the PAR and the NAR, and generate first and second handovers before the fast change The AAA server generates a first switching key according to the received key request message, and feeds back the generated result to the NAR, and the NAR generates a second switching key according to the key information to complete multiple security alliances. The establishment of.
上述四类安全联盟建立单元的具体实现功能和作用详见上述实施例中对 应的功能和作用, 在此不再赞述。  For details of the functions and functions of the above-mentioned four types of security associations, see the corresponding functions and functions in the above embodiments, which are not mentioned here.
也就是说,上述安全联盟建立单元负责在切换发生前建立安全联盟,该安 全联盟建立地过程可能需要独立收发消息,也可能与其他消息一同发送; 上述 安全保护执行单元, 首先要从安全联盟建立单元获取密钥, 然后使用该密钥对 快速切换需要的信令消息进行完整性保护 (即计算消息认证码), 并把消息认 证码与该消息一同发送。 同时负责各种快速切换相关消息的触发, 并提供消息 内容, 以及负责收发消息。  That is to say, the security association establishing unit is responsible for establishing an security association before the handover occurs, and the security association establishment process may need to send and receive messages independently, or may be sent together with other messages; the security protection execution unit first needs to be established from the security association. The unit obtains the key, and then uses the key to perform integrity protection (ie, calculating the message authentication code) on the signaling message required for fast handover, and sends the message authentication code together with the message. At the same time, it is responsible for triggering various fast switching related messages, and provides message content and is responsible for sending and receiving messages.
以上上述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通 技术人员来说, 在不脱离本发明原理的前提下, 还可以做出若干改进和润饰, 这些改进和润饰也应视为本发明的保护范围。  The above is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It is considered as the scope of protection of the present invention.

Claims

权 利 要 求 Rights request
1、 一种快速切换的方法, 其特征在于, 包括:  A method for fast switching, characterized in that it comprises:
建立移动节点 MN与目标网络的接入路由器 NAR之间的安全联盟; 所述 MN利用所述安全联盟进行快速移动切换, 接入到所述 NAR。  Establishing a security association between the mobile node MN and the access router NAR of the target network; the MN uses the security association to perform fast mobile handover and access to the NAR.
2、 根据权利要求 1所述的方法, 其特征在于, 所述建立 MN与 NAR之 间的安全联盟方式包括:  The method according to claim 1, wherein the establishing a security association between the MN and the NAR comprises:
所述 MN与至少一个 NAR进行密钥交互;  The MN performs key interaction with at least one NAR;
所述 NAR从 AAA服务器获取所述 NAR与 MN间的新切换密钥。  The NAR acquires a new handover key between the NAR and the MN from the AAA server.
3、 根据权利要求 2所述的方法, 其特征在于,  3. The method of claim 2, wherein
所述 NAR从 AAA服务器获取所述 NAR与 MN间的新切换密钥的过程为: 所述 NAR接收 MN发送的切换密钥请求消息 , 所述切换密钥请求消息中 包括 MN的身份标识,并利用所述 MN与 AAA服务器之间的密钥生成的第一 消息认证码进行完整性保护;  The process of obtaining the new handover key between the NAR and the MN by the NAR is: the NAR receives a handover key request message sent by the MN, where the handover key request message includes an identity of the MN, and Performing integrity protection by using a first message authentication code generated by a key between the MN and the AAA server;
所述 NAR将所述密钥切换请求消息转发给 AAA服务器;  The NAR forwards the key switch request message to an AAA server;
所述 NAR接收所述 AAA服务器发送的包含所述新切换密钥的验证消息; 所述 NAR记录所述新切换密钥和所述 MN的身份标识 ,并向所述 MN发 送切换密钥响应消息;  The NAR receives a verification message that is sent by the AAA server and includes the new handover key; the NAR records the new handover key and an identity of the MN, and sends a handover key response message to the MN. ;
或者,  Or,
所述 NAR从 AAA服务器获取所述 NAR与 MN间的新切换密钥的过程为: 源网络接入路由器 PAR接收 MN发送的切换密钥请求消息, 并将所述切 换密钥请求消息发送到 AAA服务器, 该切换密钥请求消息中包括 MN的身份 标识 , 该消息使用所述第一消息认证码进行完整性保护;  The process of the NAR acquiring the new handover key between the NAR and the MN from the AAA server is: the source network access router PAR receives the handover key request message sent by the MN, and sends the handover key request message to the AAA. a server, where the handover key request message includes an identity of the MN, where the message uses the first message authentication code for integrity protection;
如果所述 AAA服务器验证所述第一消息认证码正确 ,向所述 PAR和 NAR 发送所述新切换密钥;  And if the AAA server verifies that the first message authentication code is correct, sending the new handover key to the PAR and the NAR;
所述 PAR向所述 MN发送携带所述新切换密钥的切换密钥响应消息。 The PAR sends a handover key response message carrying the new handover key to the MN.
4、 根据权利要求 3所述的方法, 其特征在于, 所述 MN发送所述切换密 钥请求消息的方法具体为: The method according to claim 3, wherein the method for the MN to send the handover key request message is specifically:
用源地址为原转交地址, 目的地址为 NAR的地址的数据包来发送;或者, 利用嵌套互联网协议的方式发送; 或者, 利用目的地址子头作为 IP包的目的地址发送。 Sending with a packet whose source address is the original care-of address and whose destination address is the address of the NAR; or, by means of a nested Internet protocol; or The destination address subheader is used as the destination address of the IP packet.
5、 根据权利要求 3所述的方法, 其特征在于, 对于预测模式快速切换, 所述 MN利用所述安全联盟接入到所述 NAR的具体过程为:  The method according to claim 3, wherein, for the fast switching of the prediction mode, the specific process for the MN to access the NAR by using the security association is:
所述 MN向 PAR发送快速绑定更新消息 ,该消息使用所述 MN与所述 PAR 之间的原切换密钥产生的第二消息验证码进行完整性保护;  Sending, by the MN, a fast binding update message to the PAR, where the message is integrity protected by using a second message verification code generated by the original switching key between the MN and the PAR;
如果所述 PAR验证所述第二消息验证码正确 , 向所述 MN发送携带所述 第二消息认证码的快速绑定确认消息;  And if the PAR verifies that the second message verification code is correct, sending, to the MN, a fast binding acknowledgement message carrying the second message authentication code;
所述 MN向所述 NAR发送快速邻居公告消息, 并采用所述新切换密钥产 生的第三消息认证码进行完整性保护。  The MN sends a fast neighbor advertisement message to the NAR, and uses the third message authentication code generated by the new handover key to perform integrity protection.
6、 根据权利要求 3所述的方法, 其特征在于, 所述 NAR接收 MN发送 的切换密钥请求消息和所述 NAR向 MN发送的切换密钥响应消息都包括 MN 的新转交地址。  The method according to claim 3, wherein the handover request message sent by the NAR receiving MN and the handover key response message sent by the NAR to the MN both include a new care-of address of the MN.
7、 根据权利要求 1所述的方法, 其特征在于, 所述建立 MN与 NAR之 间的安全联盟方式包括:  The method according to claim 1, wherein the establishing a security association between the MN and the NAR comprises:
在 MN决定切换之前, PAR从所述 AAA服务器获取 MN生成密钥所需的 密钥信息。  Before the MN decides to switch, the PAR obtains the key information required by the MN to generate a key from the AAA server.
8、 根据权利要求 7所述的方法, 其特征在于, 对于预测模式快速切换, 所述方法具体为:  The method according to claim 7, wherein, for the fast switching of the prediction mode, the method is specifically:
当发生切换时, 所述 MN向所述 PAR发送携带切换密钥请求的快速绑定 更新消息该消息利用该 MN与所述 PAR之间的原切换密钥生成的第三消息验 证码进行完整性保护;  When a handover occurs, the MN sends a fast binding update message carrying a handover key request to the PAR, and the message is integrity using a third message verification code generated by the original handover key between the MN and the PAR. Protection
如果 PAR对所述第三消息验证码验证通过,则向 NAR发送携带切换密钥 请求和 AAA随机数索引的切换发起消息, 并向 MN发送携带 AAA随机数的 快速绑定更新确认消息 , 该消息利用所述第三消息验证码进行完整性保护; 如果所述 MN对所述第三消息验证码验证通过,根据所述 AAA随机数生 成新切换密钥;  And if the PAR verifies the third message verification code, the handover initiation message carrying the handover key request and the AAA random number index is sent to the NAR, and the fast binding update acknowledgement message carrying the AAA random number is sent to the MN, where the message is sent. Performing integrity protection by using the third message verification code; if the MN verifies the third message verification code, generating a new handover key according to the AAA random number;
所述 NAR将所述切换密钥请求和所述 AAA随机数索引发送给 AAA服务 器;  The NAR sends the handover key request and the AAA random number index to an AAA server;
所述 NAR接收所述 AAA服务器发送的所述新切换密钥。 The NAR receives the new handover key sent by the AAA server.
9、 如权利要求 1或 3或 7所述的方法, 其特征在于, 对于反应模式, 所 述 MN利用所述安全联盟接入到所述 NAR的过程为: 9. The method according to claim 1 or 3 or 7, wherein, for the reaction mode, the process by which the MN accesses the NAR by using the security association is:
MN向 NAR发送主动邻居公告消息, 该消息不进行完整性保护, 或者, 使用所述新切换密钥生成的第四消息验证码进行完整性保护;  The MN sends an active neighbor advertisement message to the NAR, where the message is not integrity protected, or the fourth message verification code generated by using the new handover key is used for integrity protection;
所述 MN向 PAR发送快速绑定更新消息 ,并采用 MN与所述 PAR之间的 原切换密钥第五消息验证码进行完整性保护;  The MN sends a fast binding update message to the PAR, and uses the original switching key fifth message verification code between the MN and the PAR for integrity protection;
如果所述 PAR验证所述第五消息验证码正确 , 向所述 MN发送快速绑定 确认消息。  If the PAR verifies that the fifth message verification code is correct, a fast binding acknowledgement message is sent to the MN.
10、 根据权利要求 1所述的方法, 其特征在于, 所述建立 MN与 NAR之 间的安全联盟的过程包括:  The method according to claim 1, wherein the process of establishing a security association between the MN and the NAR comprises:
计算 MN与 PAR之间的标准切换密钥和临时切换密钥;  Calculating a standard switching key and a temporary switching key between the MN and the PAR;
当 MN要进行切换时, 所述 MN从所述 PAR获取临时切换密钥, 建立所 述安全联盟。  When the MN wants to perform handover, the MN acquires a temporary handover key from the PAR to establish the security association.
11、 根据权利要求 1所述的方法, 其特征在于, 所述建立 MN与 NAR之 间的安全联盟的过程包括:  The method according to claim 1, wherein the process of establishing a security association between the MN and the NAR comprises:
所述 MN通过 NAR向 AAA服务器发送切换密钥请求消息;  The MN sends a handover key request message to the AAA server through the NAR;
所述 NAR接收 AAA服务器发送的第一切换密钥 , 并根据第一切换密钥 生成第二切换密钥。  The NAR receives the first handover key sent by the AAA server, and generates a second handover key according to the first handover key.
12、 ^居权利要求 11所述的方法, 其特征在于, 所述 MN通过 NAR向 AAA服务器发送切换密钥请求消息的过程具体为:  12. The method of claim 11, wherein the process of the MN sending a handover key request message to the AAA server by using the NAR is specifically:
MN向 PAR发送携带切换密钥请求消息的快速绑定更新消息, 并使用所 述 MN与 PAR之间的原切换密钥生成的第六消息认证码进行完整性保护; 如果所述 PAR对所述第六消息认证码验证通过, 将所述切换密钥请求消 息发送给所述 NAR;  The MN sends a fast binding update message carrying the handover key request message to the PAR, and performs integrity protection using the sixth message authentication code generated by the original handover key between the MN and the PAR; The sixth message authentication code is verified, and the switching key request message is sent to the NAR;
所述 NAR向 AAA服务器发送携带切换密钥请求和 NAR的随机数的 AAA 请求消息。  The NAR sends an AAA request message carrying a handover key request and a random number of the NAR to the AAA server.
13、 根据权利要求 12所述的方法, 其特征在于,  13. The method of claim 12, wherein
对于预测模式快速切换, 所述 MN利用所述安全联盟接入到所述 NAR的 过程为: 当 MN到达所述 NAR时, 如果接收到快速绑定确认消息, 则使用第二密 钥生成的验证消息码对邻居公共消息进行完整性保护, 否则,使用第一切换密 钥生成的验证消息码对邻居公告消息进行完整性保护; 或者, For the fast switching of the prediction mode, the process in which the MN accesses the NAR by using the security association is: When the MN arrives at the NAR, if the fast binding acknowledgement message is received, the neighbor message is integrity-protected using the verification message code generated by the second key, otherwise, the verification message code generated by using the first handover key is used. Completely protect neighbor advertisement messages; or,
对于反应模式快速切换, 所述 MN利用所述安全联盟接入到所述 NAR的 过程为:  For the fast switching of the response mode, the process in which the MN accesses the NAR by using the security association is:
MN向 NAR发送主动邻居公告消息, 该消息不进行完整性保护, 或者, 使用所述第一切换密钥生成的消息验证码进行完整性保护;  The MN sends an active neighbor advertisement message to the NAR, where the message is not integrity protected, or the message verification code generated by the first handover key is used for integrity protection;
所述 MN向 PAR发送快速绑定更新消息, 并采用所述第六消息验证码进 行完整性保护;  Sending, by the MN, a fast binding update message to the PAR, and performing integrity protection by using the sixth message verification code;
如果所述 PAR验证所述第六消息验证码正确 , 向所述 MN快速绑定确认 消息。  If the PAR verifies that the sixth message verification code is correct, the MN confirms the message quickly.
14、 一种快速切换的系统, 其特征在于, 包括:  14. A fast switching system, comprising:
安全联盟建立单元, 用于建立移动节点与目标网络的接入路由器 NAR之 间的安全联盟;  a security association establishing unit, configured to establish a security association between the mobile node and the access router NAR of the target network;
安全保护执行单元,用于利用所述安全联盟使所述移动节点快速移动切换 到所述 NAR。  And a security protection execution unit, configured to use the security association to quickly move the mobile node to the NAR.
15、 根据权利要求 14所述的系统, 其特征在于, 所述安全联盟建立单元 包括下述一种或多个单元:  The system according to claim 14, wherein the security association establishing unit comprises one or more of the following units:
第一类安全联盟建立单元,用于在快速切换前,利用 MN与至少一个 NAR 进行密钥交互, 生成安全联盟, 所述 NAR与 AAA服务器进行信息交互, 完 成所述安全联盟的建立; 或者所述 MN通过 PAR与 AAA服务器进行信息交 互,由 AAA服务器生成与至少一个 NAR相应的安全联盟,并下发给所述 NAR, 完成所述安全联盟的建立;  The first type of security association is configured to perform a key interaction between the MN and the at least one NAR to generate a security association, and the NAR interacts with the AAA server to complete the establishment of the security association; The MN performs information exchange with the AAA server through the PAR, and the AAA server generates a security association corresponding to the at least one NAR, and sends the security association to the NAR to complete the establishment of the security association.
第二类安全联盟建立单元,用于在快速切换前, PAR预先获取移动节点生 成密钥所需的密钥信息 ,并在移动节点发送快速绑定更新消息后通过确认消息 返回密钥信息,移动节点根据所述密钥信息生成切换密钥, 完成安全联盟的建 立;  The second type of security association establishing unit is configured to obtain the key information required by the mobile node to generate a key before the fast handover, and return the key information by using the confirmation message after the mobile node sends the fast binding update message. The node generates a switching key according to the key information, and completes establishment of the security association;
第三类安全联盟建立单元, 用于在快速切换前, 计算移动节点与 PAR之 间标准切换密钥和临时切换密钥; 当移动节点需要切换时, 所述 PAR在切换 触发消息中把所述临时切换密钥发送给 NAR, 建立所述移动节点与所述 NAR 之间的安全联盟; A third type of security association establishing unit is configured to calculate a standard handover key and a temporary handover key between the mobile node and the PAR before the fast handover; when the mobile node needs to switch, the PAR is switched. Sending the temporary handover key to the NAR in the trigger message, establishing a security association between the mobile node and the NAR;
第四类安全联盟建立单元,用于在快速决换前,从所述移动节点通过 PAR 与 NAR进行消息交互中获得生成密钥所需的密钥信息, 并生成第一和第二切 换密钥; AAA服务器根据接收到密钥请求消息生成第一切换密钥, 并反馈生 成结果给所述的 NAR, 所述的 NAR再根据密钥信息生成第二切换密钥, 完成 多个安全联盟的建立。  a fourth type of security association establishing unit, configured to obtain key information required for generating a key from the mobile node through a message interaction between the PAR and the NAR, and generate first and second switching keys before the fast change The AAA server generates a first switching key according to the received key request message, and feeds back the generated result to the NAR, and the NAR generates a second switching key according to the key information to complete establishment of multiple security associations. .
PCT/CN2008/071483 2007-06-29 2008-06-30 A method and an apparatus for fast handover WO2009003404A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710123591.1 2007-06-29
CN2007101235911A CN101335985B (en) 2007-06-29 2007-06-29 Method and system for safe fast switching

Publications (1)

Publication Number Publication Date
WO2009003404A1 true WO2009003404A1 (en) 2009-01-08

Family

ID=40198225

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071483 WO2009003404A1 (en) 2007-06-29 2008-06-30 A method and an apparatus for fast handover

Country Status (2)

Country Link
CN (1) CN101335985B (en)
WO (1) WO2009003404A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120268291A1 (en) * 2011-04-19 2012-10-25 John Christopher Boot Systems and method for transmitting data in an advanced metering infrastructure
EP3028487B9 (en) * 2013-08-01 2021-03-31 Nokia Technologies Oy Methods, apparatuses and computer program products for fast handover
CN106664286B (en) * 2014-08-13 2020-09-11 宇龙计算机通信科技(深圳)有限公司 Switching method and switching system between heterogeneous networks
CN109379391B (en) * 2018-12-25 2021-06-01 北京物芯科技有限责任公司 Communication method, device, equipment and storage medium based on IPSec

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455556A (en) * 2003-05-14 2003-11-12 东南大学 Wireless LAN safety connecting-in control method
US20040236939A1 (en) * 2003-02-20 2004-11-25 Docomo Communications Laboratories Usa, Inc. Wireless network handoff key
CN1836404A (en) * 2003-05-27 2006-09-20 思科技术公司 Facilitating 802.11 roaming by pre-establishing session keys
WO2006102565A2 (en) * 2005-03-23 2006-09-28 Nortel Networks Limited Optimized derivation of handover keys in mobile ipv6
WO2006124030A1 (en) * 2005-05-16 2006-11-23 Thomson Licensing Secure handoff in a wireless local area network
EP1775972A1 (en) * 2004-06-30 2007-04-18 Matsushita Electric Industrial Co., Ltd. Communication handover method, communication message processing method, and communication control method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4128395B2 (en) * 2002-05-23 2008-07-30 三菱電機株式会社 Data converter
CN100499649C (en) * 2004-09-15 2009-06-10 华为技术有限公司 Method for realizing safety coalition backup and switching
CN1937836B (en) * 2005-09-19 2011-04-06 华为技术有限公司 Method for updating safety alliance information after mobile terminal switching

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236939A1 (en) * 2003-02-20 2004-11-25 Docomo Communications Laboratories Usa, Inc. Wireless network handoff key
CN1455556A (en) * 2003-05-14 2003-11-12 东南大学 Wireless LAN safety connecting-in control method
CN1836404A (en) * 2003-05-27 2006-09-20 思科技术公司 Facilitating 802.11 roaming by pre-establishing session keys
EP1775972A1 (en) * 2004-06-30 2007-04-18 Matsushita Electric Industrial Co., Ltd. Communication handover method, communication message processing method, and communication control method
WO2006102565A2 (en) * 2005-03-23 2006-09-28 Nortel Networks Limited Optimized derivation of handover keys in mobile ipv6
WO2006124030A1 (en) * 2005-05-16 2006-11-23 Thomson Licensing Secure handoff in a wireless local area network

Also Published As

Publication number Publication date
CN101335985A (en) 2008-12-31
CN101335985B (en) 2011-05-11

Similar Documents

Publication Publication Date Title
JP5211155B2 (en) MIH pre-authentication
CA2760522C (en) Media independent handover protocol security
US7280505B2 (en) Method and apparatus for performing inter-technology handoff from WLAN to cellular network
US8175058B2 (en) Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
KR101574188B1 (en) Method and system for changing asn of ms in communication system
JP4585002B2 (en) High-speed network connection mechanism
KR20070046012A (en) System and method for handover between interworking wlan and eutran access systems
JP2003051818A (en) Method for implementing ip security in mobile ip networks
JP5159878B2 (en) Method and apparatus for combining internet protocol authentication and mobility signaling
WO2009078615A2 (en) Integrated handover authenticating method for next generation network (ngn) with wireless access technologies and mobile ip based mobility control
Chuang et al. A lightweight mutual authentication mechanism for network mobility in IEEE 802.16 e wireless networks
KR20080011004A (en) Security management method in a mobile communication system using proxy mobile internet protocol and system thereof
JP3822555B2 (en) Secure network access method
JP2007194848A (en) Mobile radio terminal authentication method of wireless lan system
WO2009003404A1 (en) A method and an apparatus for fast handover
WO2010130198A1 (en) Method, system and equipment for handover between access networks
Haddar et al. Securing fast pmipv6 protocol in case of vertical handover in 5g network
JP5015324B2 (en) Protection method and apparatus during mobile IPV6 fast handover
WO2008067751A1 (en) A method, device and system for generating and distributing the key based on the diameter server
JP4560432B2 (en) Mobile node authentication method
Lee et al. An efficient performance enhancement scheme for fast mobility service in MIPv6
You et al. Enhancing MISP with fast mobile IPv6 security
Mei et al. A secure fast handover scheme based on AAA protocol in mobile IPv6 networks
KR101540523B1 (en) Method for establishing security association and method for secure fast handover in Proxy Mobile IP
Im et al. Security-Effective local-lighted authentication mechanism in NEMO-based fast proxy mobile IPv6 networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757882

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08757882

Country of ref document: EP

Kind code of ref document: A1