WO2009003404A1 - Procédé et appareil permettant un transfert rapide - Google Patents

Procédé et appareil permettant un transfert rapide Download PDF

Info

Publication number
WO2009003404A1
WO2009003404A1 PCT/CN2008/071483 CN2008071483W WO2009003404A1 WO 2009003404 A1 WO2009003404 A1 WO 2009003404A1 CN 2008071483 W CN2008071483 W CN 2008071483W WO 2009003404 A1 WO2009003404 A1 WO 2009003404A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
nar
key
handover
par
Prior art date
Application number
PCT/CN2008/071483
Other languages
English (en)
Chinese (zh)
Inventor
Guohui Zou
Bin Xia
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009003404A1 publication Critical patent/WO2009003404A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • the present invention relates to mobile communication technologies, and in particular, to a method and system for secure fast handover.
  • MIPv6, Mobile IP version 6 The Mobile IP Version 6 (MIPv6, Mobile IP version 6) protocol is a mobile solution proposed by the Internet Engineering Task Force (IETF), which enables mobile nodes (MN, Mobile Node) to remain in the process of moving. Communication is not interrupted, but it also brings problems such as handover delay and security.
  • IETF Internet Engineering Task Force
  • the MN cannot determine the time to send or receive a packet during the handover process. This period of time is called the switching delay.
  • the main reasons for the handover delay are delays in link switching and the operation of the MIPv6 protocol, such as motion detection, new Care-of Address (CoA) configuration, and binding update.
  • CoA new Care-of Address
  • binding update In real-time applications, such as handover delays in Voice over IP (VoIP), handover delays are often unacceptable.
  • the IETF's MIP working group defines the Fast Mobile IP (FMIP) protocol.
  • FMIP Fast Mobile IP
  • the fundamental idea is to pre-configure related information to reduce handover delay and improve handover performance.
  • a Predictive type switching In the FMIP protocol, two types of switching are mainly defined, namely, a Predictive type switching and a Reactive type switching.
  • the MN predicts the upcoming handover during the move and informs the original access router (PAR, Previous Access Router).
  • the PAR obtains a new CoA used by the MN under the NAR through interaction with a new access router (NAR, New Access Router) or an access router (AR, Access Router) of the target network, thereby avoiding address configuration.
  • NAR New Access Router
  • AR Access Router
  • the data packet sent by the MN to the PAR during the handover process is sent by the PAR to the NAR for buffering in the tunnel mode, which ensures that the MN can receive the data packet after switching to the new link and avoid the loss of the data packet.
  • the MN moves too fast and the MN does not have time to complete the interaction process for obtaining a new CoA on the old link, the MN has arrived at the new link, and the handover in this case is called reactive handover.
  • the above-described reactive type switching cannot reduce the switching delay, it is possible to avoid packet loss due to handover.
  • the MN and the AR use the authentication, authorization, and accounting (AAA, Authentication, Authorization and Accounting) server to establish a security alliance technical solution.
  • AAA authentication, authorization, and accounting
  • the solution does not apply the above two handovers to the FMIP protocol, that is, in the handover.
  • the integrity of the message is ensured by switching the key (HK, Handover Key), and the public key exchange between the MN and the NAR is completed under the protection of the FMIP protocol, so that the scheme for generating the shared key is not actually obtained. application.
  • the following describes the implementation process of switching key, fast switching in prediction mode, and fast switching in reactive mode.
  • the HK is used to generate the HK between the MN and the AR using the AAA-assisted key management protocol, which is used to protect the signaling messages of the FMIP protocol. Therefore, the key management protocol specifies the message exchange between the MN and the AR and the necessary premise.
  • the protocol assumes that the Handover Master Key (HMK) is shared between the MN and the AAA server, and a security association exists between the AR and the AAA server. Under this assumption, as shown in FIG. 1 is a schematic diagram of a handover key generation process in the prior art, which specifically includes the following steps:
  • a handover integrity key ie, HK) – REQ
  • Step 102 After receiving the foregoing HK-REQ message, the AR forwards the message to the AAA server by using the AAA protocol to encapsulate the authentication, authorization, and accounting request (ie, AAARequest).
  • AAARequest the authentication, authorization, and accounting request
  • Step 103 After receiving the AAA Request message, the AAA server checks the correctness of the MAC carried in the AAA Request message by using the HIK calculated by itself. If the MAC address of the message is incorrect, the AAA server returns a message that the verification fails; otherwise, the AAA server sends a verification successful authentication, authorization, and accounting response (ie, AAAASPonse) message to the AR, which carries the HK and the AAA server generated HK and The random number nonce2 generated by the AAA server when the HK is generated.
  • Step 104 After receiving the successfully verified AAARSPonse message, the AR intercepts the HK carried by the message, and then packages the rest of the message into a handover key response (ie, HK RSP) message, and sends the message to the MN, the HK RSP.
  • the message also carries the message ID (consistent with HK-REQ), pseudo-random function, check success status information, Security Parameter Index (SPI), and integrity protection using the MAC generated by HK.
  • FIG. 2 is a schematic diagram of a fast switching process of a prediction mode in the prior art, which includes the following steps:
  • Step 201 The MN sends a Fast Binding Update (FBU) message to the PAR, where the message carries an MN Public Key (PK, Public Key) and a HK-REQ message, and the HK-REQ message uses between the MN and the PAR.
  • FBU Fast Binding Update
  • Step 202 After receiving the FBU message, the PAR first uses the HK calculated by itself to verify the correctness of the MAC. If the verification succeeds, the PAR sends a handover initiation (HI, Handover Initiate) message to the NAR, and the message carries the HK. – The MN PK is included in the REQ message.
  • HI Handover Initiate
  • Step 203 The NAR obtains the MN PK from the received HI message, and generates a HK RSP message carrying the NAR PK, and then sends the message to the PAR through a handover acknowledgement (HAck, Handover Acknowledgement) message.
  • Hck Handover Acknowledgement
  • Step 204 The PAR performs integrity protection using the MAC generated by the HK in the received HK RSP message, and sends it to the MN through a fast binding confirmation (FBAck, Fast Binding Acknowledgement).
  • FBAck Fast Binding Acknowledgement
  • Step 205 The MN performs correctness verification on the MAC of the received FBAck message. If the authentication passes, the MN adopts an asymmetric key mechanism, that is, uses the MN PK and the NAR PK to generate a shared key. When the MN enters the new link where the NAR is located, the MN sends a Fast Neighbor Advertisement (FNA) message to the NAR, and the message is integrity-protected using the MAC generated by the shared key, so that the MN completes the PAR to the NAR. Switch.
  • FNA Fast Neighbor Advertisement
  • FIG. 3 is a schematic diagram of a fast switching process of a reaction mode in the prior art, which specifically includes the following steps:
  • Step 301 If the switching of the foregoing prediction mode fails, when the MN arrives at the new link where the NAR is located, the FNA sends an FNA message to the NAR, where the message carries the MN PK and the HK_REQ.
  • Step 302 After receiving the FNA message, the NAR sends the HK_REQ through the FBU message. For PAR, the message also carries the NAR PK.
  • Step 303 After receiving the FBU message, the PAR checks the MAC in the HK-REQ, and sends a FBAck message carrying the HK RSP to the NAR, where the message also carries the NAR PK.
  • Step 304 After receiving the HK RSP message, the NAR forwards the message to the UI. At this point, ⁇ completes the switch from PAR to NAR.
  • the prior art security mechanism does not completely generate a shared key according to the existing AAA architecture.
  • This asymmetric key generation mechanism is different from the existing mechanism, which is not conducive to implementation; meanwhile, the sharing is generated.
  • the calculation of the key is large, which will consume a large amount of computing resources of MN and AR;
  • the AAA server is completely agnostic to the shared key, which is not conducive to the operator's management of the MN handover;
  • Embodiments of the present invention provide a method and system for secure fast handover, which establishes a security association between a mobile node and an access router of a target network to ensure secure fast handover and reduce handover delay.
  • the embodiment of the invention provides a method for fast switching, and the method includes the following steps:
  • the MN performs fast mobile handover using the security association to access the NAR.
  • the embodiment of the present invention further provides a fast handover system, where the system includes: a security association establishing unit, configured to establish a security association between the mobile node and the access router NAR of the target network;
  • a security protection execution unit configured to use the security association to enable the mobile node to access the
  • the embodiment of the present invention establishes a security association (such as a shared switching key, a switching key, and the like) between the mobile node and the access router of the target network before the handover of the mobile node, and switches to the target network.
  • a security association such as a shared switching key, a switching key, and the like
  • the above security alliance is used to ensure that the mobile node is securely connected to the target network.
  • Access router that is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network.
  • FIG. 1 is a schematic diagram of a process of generating a handover key in the prior art
  • FIG. 2 is a schematic diagram of a fast switching process of a prediction mode in the prior art
  • FIG. 3 is a schematic diagram of a fast switching process of a reaction mode in the prior art
  • FIG. 4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention.
  • FIG. 6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention.
  • FIG. 7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention.
  • FIG. 8 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 4 of the present invention.
  • FIG. 9 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 5 of the present invention.
  • FIG. 10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention.
  • FIG. 11 is a schematic flowchart of a fast switching mode of a prediction mode according to Embodiment 7 of the present invention.
  • FIG. 12 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 8 of the present invention.
  • FIG. 4 is a flowchart of a method for secure fast handover according to an embodiment of the present invention, which specifically includes the following steps:
  • Step 401 Establish a security association between the mobile node and the access router of the target network before the fast handover;
  • Step 402 In the fast handover process of the mobile node, the security association is used to ensure that the mobile node securely switches to the access router.
  • a security association (such as a shared switching key, a handover key, and the like) between the mobile node and the access router of the target network is established, and after switching to the target network,
  • the above-mentioned security alliance is used to ensure that the above mobile node securely accesses the access router of the target network. That is, by adjusting the parameters required for key generation in the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is controllable in the network.
  • FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention.
  • the MN in the embodiment of the present invention completes the handover preparation with the multiple candidate ARs before determining the handover target, and specifically includes the following steps:
  • Step 501 The MN obtains an identifier (AP-ID, Access Point-Identifier) of the surrounding access point, and then sends a message requesting RX (RtSolPr, Router Solicitation for Proxy Advertisement) message to the PAR to obtain a message corresponding to the target AP-ID.
  • RX RtSolPr, Router Solicitation for Proxy Advertisement
  • Step 502 After receiving the RtSolPr message, the PAR sends a proxy routing advertisement (PrRtAdv, Proxy Router Advertisement) message to the MN, where the PAR includes the AR information corresponding to the target AP-ID.
  • PrRtAdv Proxy Router Advertisement
  • Step 503 After receiving the foregoing PrRtAdv message, the MN sends a HK_REQ message to all NARs, where the message carries the message ID, the pseudo-random function, the CoA, the random number nonce generated by the MN, the MN ID, and the MAC generated by using the HIK.
  • Sex protection where the MN ID may be a Media Access Control Identifier (MAC ID) of the mobile node, or a Net Access Identifier (NAI).
  • MAC ID Media Access Control Identifier
  • NAI Net Access Identifier
  • the source address is used as the original care-of address (pCoA, previous Care-of Address), and the destination address is sent in the form of a data packet of the NAR address.
  • the method can be used in a simple IP network.
  • IP-in-IP Sended by nested Internet Protocol
  • the external IP address is the pCoA and PAR address of the MN
  • the internal IP address is the pCoA and NAR address of the MN respectively.
  • MIP Multicast Internet Protocol
  • the destination address subheader is used to indicate the IP packet destination.
  • the IP header address is the MN's pCoA and PAR addresses respectively.
  • the PAR reconstructs the IP packet with the destination address subheader as the destination address, and Send it to the address represented by the destination address sub-header (that is, the NAR address). This method can be used in the MIP network.
  • Step 504 After receiving the above HK-REQ message, the NAR encapsulates the HK-REQ message and forwards it to the AAA server.
  • Step 505 After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the NAR. If the verification is passed, the AA RSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
  • AA RSP authentication authorization response
  • Step 506 The NAR records the identity of the MN (such as the MAC_ID) and the nHK, and sends a HK-RSP message to the MN, indicating that the security association is successfully established.
  • Step 507 When determining to perform fast handover, the RP sends an FBU message to the PAR, and the message is completed by using a message authentication code (pHK-MAC) generated by the original handover key (pHK, previous Handover Key) shared by the MN and the PAR.
  • pHK-MAC message authentication code
  • Step 508 PAR verifies the correctness of the above pHK-MAC. If the verification passes, PAR and NAR complete the interaction between the HI message and the HAck message (not shown), and the PAR sends the FBAck message carrying the pHK-MAC to the MN.
  • Step 509 After the MN arrives at the new link, it sends an FNA message to the NAR, where the message carries
  • MN MN's identity, and use nHK to generate MAC for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • the technical solution of the first embodiment can be implemented in two phases: Before the MN determines the handover target, the MN attempts to perform a key interaction process with all the NARs related to the AR information provided by the PrRtAdv message, and then accesses the AAA by the NAR. The server completes the establishment of the security association; after the MN determines the handover target, the MN protects the FBU message with the original security association and protects the FNA message with the corresponding new security association. It can be seen that this embodiment reduces the handover delay in the handover process since the security association has been established before the handover.
  • the embodiment of the present invention may be further modified to: add the configuration of the MN and NAR information to the new care-of address (nCoA) in steps 503 and 506.
  • nCoA new care-of address
  • FIG. 6 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 2 of the present invention.
  • Steps 601 to 602 and steps 607 to 609 of the embodiment of the present invention are the same as the corresponding steps in the first embodiment:
  • the MN After receiving the foregoing PrRtAdv message, the MN sends a HK-REQ message to the PAR, where the identity carried by the message may be the MAC ID of the mobile node, or the NAI.
  • This message uses the original security association between the MN and AAA for integrity protection.
  • Step 604 After receiving the above HK-REQ message, the PAR passes the authentication authorization request (AA)
  • the REQ) message encapsulates it and forwards it to the AAA server.
  • Step 605 After receiving the AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK-REQ message, and sends an authentication authorization response (AA RSP) message carrying the verification result to the PAR. If the verification is passed, the AARSP message carries a new handover key (nHK, new Handover Key) between the MN and the NAR.
  • AA RSP authentication authorization response
  • Step 605 The AAA server sends an AA RSP message to the NAR, where the message carries the handover key nHK between the MN and the NAR.
  • Step 606 The PAR records the identity of the MN and the nHK, and sends the HK-RSP message to the MN, indicating that the security association is successfully established.
  • the difference between the second embodiment and the first embodiment is that the key interaction process between the MN and the NAR is performed by the MN indirectly interacting with the AAA server (through the PAR, and the NAR is not involved), and then the AAA server.
  • the key generated for each NAR is delivered to each NAR. Therefore, when the MN needs to establish a security association with multiple NARs, the MN and the AAA server only need to complete an interaction process, which saves signaling overhead.
  • the first embodiment is used as an example, that is, only the establishment of the first-stage security alliance is completed, and the MN does not have time to send the FBU message to the PAR to reach the NAR.
  • the new link then, the switching mode will be converted from the prediction mode in the first embodiment to the reaction mode.
  • FIG. 7 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 3 of the present invention.
  • the embodiment of the present invention is based on the first stage of the foregoing prediction mode embodiment (that is, the establishment of the security association is completed). Since the MN does not send the FBU message to the PAR before reaching the new link where the NAR is located, the MN does not enter the response mode.
  • the specific steps are as follows:
  • Step 701 The MN has not accessed the NAR by sending a FBU message to the PAR, and the MN actively sends an UNA (Unsolicited Neighbor Advertisement) message to the NAR, such as If the MN knows nHK before sending the message, the message is integrity protected by the MAC generated by nHK; if the MN does not know nHK, then integrity protection is not performed.
  • UNA Unsolicited Neighbor Advertisement
  • Step 702 The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message may use the source address as nCoA. The IP message with the address PAR is sent.
  • Step 703 After receiving the FBU message, the PAR performs correctness verification on the pHK-MAC, and sends an FBAck message carrying the verification result to the MN. Since the MN has arrived at the new link where the NAR is located, the message may be used.
  • the IP address of the source address is nCoA and the destination address is MN.
  • PAR forwards the buffered data destined for pCoA to the MN's nCoA through the IP-in-IP tunnel.
  • FIG. 8 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 4 of the present invention.
  • the PAR first obtains the AAA nonce of the AAA server, and prepares for the subsequent handover, which includes the following steps:
  • Step 801 The PAR learns that the MN is about to switch by using a link layer trigger (for example, a media-independent handover in IEEE 802.21, a MIH-MN-Candidate-Query request message), but no A clear handover target.
  • the PAR sends an AAAREQ message to the AAA server requesting to obtain an AAAnonce.
  • this step should occur after the PAR sends a PrRtAdv message to the MN, before the MN sends an FBU message to the PAR.
  • Step 802 After receiving the AAA REQ message, the AAA server sends the generated AAA RSP message to the PAR, where the message carries the AAA nonce and its corresponding AAA nonce index. After the PAR receives the message, The AAA nonce extracted from it and its corresponding AAA nonce Index are saved.
  • Step 803 When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message carries the requesting AAA server to generate nHK_Req of nHK, and uses the pHK MAC generated by the pHK for integrity protection.
  • Step 804 The PAR verifies the correctness of the MN's pHK-MAC. If the verification succeeds, the HI message is sent to the NAR, and the message carries the nHK-Req and the AAAnonce Index. The HI message must be encrypted and protected. The specific encryption is the same as the prior art, and is not mentioned here.
  • Step 804 The PAR sends an acknowledgement message FAck of the FBU to the MN, and the message carries the AAA. Nonce, and pHK-MAC generated by pHK for integrity protection.
  • the MN verifies the correctness of the pHK-MAC of the message. If the verification passes, the following formula can be used to generate nHK.
  • nHK gprf+ (HMK, ⁇ nonce
  • Step 805 After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 805, the NAR sends a HAck message to the PAR.
  • Step 806 After receiving the HAck message, the PAR sends an FBAck message to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 806 After receiving the AAA REQ message carrying the AAA nonce index, the AAA server queries the corresponding AAA nonce through the index, generates nHK according to the formula in step 804, and then sends an AAA RSP message carrying the nHK to the NAR.
  • Step 807 When the MN arrives at the new link where the NAR is located, it sends an FNA message to the NAR, and the message uses the MAC generated by the nHK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • the PAR obtains the AAA nonce parameter from the AAA, and returns the AAA nonce parameter through an acknowledgement message after the MN sends the FBU, so that the MN can generate the fast binding confirmation FBAck without receiving the fast binding confirmation FBAck.
  • New switching key complete the switching process, reduce switching delay
  • FIG. 9 is a schematic diagram of a fast switching process of the prediction mode in the fifth embodiment.
  • the MN decides to switch, the establishment of the temporary security alliance with the target NAR is completed, thereby implementing a secure and fast handover.
  • the preparation before the MN decides to switch includes the following steps:
  • the MN and the PAR generate a HK according to the switching key generation process of the prior art
  • THK gprf (HK, ⁇ pCoA
  • Step 901 When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message uses the MAC generated by the SHK for integrity protection.
  • Step 902 After receiving the FBU message, the PAR performs correctness verification on the MAC. If the verification succeeds, the PAR sends an HI message to the NAR, where the message carries the THK.
  • the HI message must be encrypted.
  • the encryption technology is the same as the prior art and will not be described here.
  • Step 903 After receiving the HI message, the NAR extracts the THK from the message and sends a HAck message to the PAR.
  • Step 904 After receiving the HAck message, the PAR sends an FBAck message to the MN, and the message uses the SHK to generate a MAC for integrity protection.
  • Step 905 After the MN arrives at the new link where the NAR is located, the MN sends an FNA message to the NAR, and the message uses the MAC generated by the THK for integrity protection. At this point, the MN completes the fast handover process from PAR to NAR.
  • Step 906 After the handover process ends, the MN or PAR immediately acquires the new SHK and THK through the handover key generation process shown in the prior art for the next handover.
  • the embodiment of the present invention adds the key generation hierarchy of SHK and THK based on the existing handover key generation technology, wherein SHK is used to establish a security association between MN and PAR, and THK is transmitted by PAR.
  • the NAR is used to establish a temporary security association between the MN and the NAR.
  • the handover The mode will be converted from the prediction mode in the fifth embodiment to the corresponding reaction mode.
  • FIG. 10 is a schematic diagram of a fast switching process of a reaction mode according to Embodiment 6 of the present invention.
  • Embodiments of the present invention include the following steps:
  • Step 1001 The MN sends an UNA message to the NAR.
  • the message is generated using THK
  • the MAC is integrity protected.
  • Step 1002 The MN sends an FBU message to the PAR, where the message carries the pCoA, and uses the pHK-MAC generated by the PHK for integrity protection. Since the MN has reached the new link where the NAR is located, the message can be sourced with nCoA, The IP address of the destination address is PAR.
  • Step 1003 After receiving the FBU message, the PAR performs correctness verification on its pHK-MAC. If the verification succeeds, the FBAck message carrying the verification result is sent to the MN. Since the MN has arrived at the new link where the NAR is located, the message can be sent by using an IP message whose source address is nCoA and whose destination address is MN. At the same time, the PAR forwards the buffered data destined for the pCoA to the MN's nCoA through the IP-in-IP tunnel. At this point, the MN completes the fast handover process from PAR to NAR.
  • Step 1004 After the handover process ends, the MN or NAR will initiate a new HK generation process, and the MN and the PAR respectively derive SHK and THK.
  • the embodiment of the present invention is relatively easy to implement. Because the symmetric key mechanism is completely used, the calculation amount is small, and the computing resources are saved. In addition, in the handover process, the MN can be completed without accessing the AAA server. The authorization of the handover ensures that after the FNB message is sent on the original link, the MN should not cause handover delay or handover failure for security reasons, nor increase the probability of switching from predictive handover to reactive handover.
  • FIG. 11 is a schematic diagram of a fast switching process of the prediction mode in the seventh embodiment.
  • multiple security associations are established with the target NAR in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby implementing security. Fast switching.
  • nHK is as follows:
  • nHK' gprf + (HMK, solid nonce
  • nHK prf(nHK', NAR nonce)
  • Step 1101 When the MN decides to perform fast handover, send an FBU message to the PAR, where the message carries the nHK_Req requesting the AAA server to generate nHK, and uses the pHK-MAC generated by the pHK. Integrity protection.
  • Step 1102 The PAR verifies the correctness of the pHK-MAC of the MN. If the verification succeeds, the HI message carrying the nHK_Req is sent to the NAR. The message must be cryptographically protected. The specific encryption is the same as the prior art and will not be described here.
  • Step 1103 After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the NAR nonce. At the same time, in step 1103, the NAR sends a HAck message to the PAR, which carries the NAR nones for generating nHK.
  • Step 1104 After receiving the HAck message, the PAR sends an FARck message carrying the NAR nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 1104 After receiving the AAAREQ message carrying the NAR nonce, the AAA server generates ⁇ according to the formula 111, and sends an AAA RSP message carrying the nHK to the NAR. After receiving the message, the NAR generates nHK according to formula 112.
  • Step 1105 When the MN arrives at the new link where the NAR is located, if the MN receives the FBAck message sent by the PAR, and uses the NAR nonce in the message and the formula 112 to generate the nHK, the FNA message sent by the MN to the NAR does not carry the FBU, and is used.
  • the MAC generated by the nHK performs integrity protection (as shown in FIG. 11); if the MN does not receive the FBAck message sent by the PAR, and generates ⁇ ' according to the formula 111, the FNA message sent by the MN to the NAR carries the FBU, and uses nHK, The generated MAC is integrity protected (not shown in Figure 11).
  • the NAR determines whether the MN has received the FBAck according to whether the FNA is carried in the received FNA. If the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the MAC generated by nHK'. The FBU's MAC is correctly verified. If the FNA message received by the NAR does not carry the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by the nHK to perform the correctness-risk on the FBU's MAC. At this point, the MN completes the fast handover process from PAR to NAR.
  • the MN performs message exchange with the NAR via PAR to generate a first handover key nHK, and a second handover key nHK; and the NAR receives the first handover key ⁇ generated by the AAA server. And generating a second handover key nHK accordingly, thereby establishing two security associations between the MN and the NAR.
  • the MN decides to switch, the MN sends an FNA to the NAR.
  • the message, NAR determines the content of the message and decides which switch key to use. Therefore, the embodiment of the present invention avoids the handover problem caused by the FBAck message in the prior art, and ensures fast and secure handover.
  • the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is similar to the third embodiment of the present invention, except that the UNA message sent by the MN to the NAR is integrity protected using the MAC generated by nHK'.
  • the NAR determines which key (nHK or ⁇ ') the MAC used to verify its correctness is determined by judging the UNA flag.
  • the NAR can also use the two keys (nHK or ⁇ ') to generate the MAC-to-UNA message. For correctness verification, the corresponding key verified will be used as the shared key between the NAR and the MN.
  • the embodiment of the present invention can also be divided into two phases: In the first phase, before the MN decides to switch the target, the PAR first acquires the random number of the AAA server (AAA nonce); in the second phase, after the MN decides to switch the target, the MN and the MN
  • the target NAR establishes multiple security alliances in succession to ensure that one of the multiple keys generated by the MN is valid during the handover process, thereby achieving secure fast handover.
  • FIG. 12 is a schematic diagram of a fast switching process of a prediction mode in Embodiment 8.
  • the first stage of the embodiment of the present invention is the same as the fourth embodiment of the present invention, and the steps 1201 to 1204 are the same as the steps 801 to 804.
  • the second phase of the embodiment of the present invention specifically includes the following steps:
  • Step 1205' After receiving the HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message to be sent to the AAA server, where the message carries the AAA nonce Index. At the same time, in step 1205, the NAR sends a HAck message to the PAR.
  • Step 1206 After receiving the HAck message, the PAR sends an FBAck message carrying the AAA nonce to the MN, and uses the pHK-MAC generated by the pHK for integrity protection.
  • Step 1206 after receiving the AAA REQ message, the AAA server queries the corresponding AAA nonce through the Index, generates ⁇ ' according to the formula 111, and then sends and carries nHK, and
  • AAA nonce AAA RSP message to NAR. After receiving the message, the NAR generates nHK: according to Equation 112.
  • Step 1207 When the MN arrives at the new link where the NAR is located, if the MN receives the PAR transmission If the FBAck message is sent, the FNA message sent by the MN to the NAR is integrity-protected using the MAC generated by the nHK. If the MN does not receive the FBAck message sent by the PAR, the FNA message sent by the MN to the NAR is completed using the MAC generated by nHK'. Sexual protection.
  • the NAR if the FNA message received by the NAR carries the FBU, the NAR considers that the MN does not receive the FBAck message, and therefore uses the generated MAC to verify the correctness of the FBU's MAC; if the NAR receives the FNA message, Carrying the FBU, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by nHK to perform correctness-risk on the MAC of the FBU. At this point, the MN completes the fast handover process from PAR to NAR.
  • the fast handover procedure shown in the embodiment of the present invention is not successfully completed, that is, the MN does not send an FBU message to the PAR before the new link where the NAR is located, the handover mode is converted into the response mode by the prediction mode of the embodiment of the present invention, and the specific The implementation is the same as that of the sixth embodiment of the present invention.
  • the uniqueness of the nCoA in the HI/HAck interaction message between the PAR and the NAR can be ensured, thereby avoiding the handover delay that may be caused by the nCoA collision.
  • an embodiment of the present invention further provides a system for secure fast handover, where the system includes: a security alliance establishing unit and a security protection executing unit.
  • the security association establishing unit is configured to establish a security association between the mobile node and the access router NAR of the target network before the fast handover; the security protection execution unit is configured to use the security association to access the mobile node. To the NAR.
  • the security association establishing unit includes one or more units in the first type of security alliance establishing unit, the second type of security alliance establishing unit, the third type of security alliance establishing unit, and the fourth type of security alliance establishing unit:
  • the first type of security association establishing unit is configured to perform a key interaction between the mobile node and the at least one NAR to generate a security association, and the NAR interacts with the AAA server to complete the establishment of the security association.
  • the MN performs information exchange with the AAA server through the PAR, and the AAA server generates an security association corresponding to the at least one NAR, and sends the security association to the NAR to complete the establishment of the security association;
  • the second type of security association establishing unit is configured to obtain, in advance, the key information required by the mobile node to generate a key, and return the key information by using a confirmation message after the mobile node sends the fast binding update message.
  • the mobile node generates a handover key according to the key information, and completes the security alliance.
  • the third type of security association establishing unit is configured to calculate a standard handover key and a temporary handover key between the mobile node and the PAR before the fast handover; when the mobile node needs to switch, the PAR is in the handover trigger message Transmitting the temporary handover key to the NAR, establishing a security association between the mobile node and the NAR;
  • the fourth type of security association establishing unit is configured to obtain key information required for generating a key from the mobile node through message interaction between the PAR and the NAR, and generate first and second handovers before the fast change
  • the AAA server generates a first switching key according to the received key request message, and feeds back the generated result to the NAR, and the NAR generates a second switching key according to the key information to complete multiple security alliances.
  • the security association establishing unit is responsible for establishing an security association before the handover occurs, and the security association establishment process may need to send and receive messages independently, or may be sent together with other messages; the security protection execution unit first needs to be established from the security association.
  • the unit obtains the key, and then uses the key to perform integrity protection (ie, calculating the message authentication code) on the signaling message required for fast handover, and sends the message authentication code together with the message.
  • integrity protection ie, calculating the message authentication code

Abstract

La présente invention concerne un procédé et un appareil permettant un transfert rapide. Ledit procédé comprend les étapes suivantes : l'établissement d'une association de sécurité entre un nœud mobile MN et un routeur d'accès NAR d'un réseau cible ; ledit nœud mobile MN utilisant l'association de sécurité pour effectuer le transfert rapide afin d'accèder audit routeur d'accès NAR. Le système correspondant est également divulgué dans la présente invention. La présente invention optimise la procédure de génération de la clé secrète partagée pendant le transfert rapide par ajustement des paramètres qui sont requis par la génération de la clé secrète pendant le transfert rapide (à savoir l'établissement à l'avance de l'association de sécurité entre le nœud mobile et le routeur d'accès NAR) de sorte à garantir que le mécanisme de sécurité n'a pas d'effet sur la procédure de transfert rapide lors d'une communication de données et à mettre la procédure de transfert sous la commande du réseau.
PCT/CN2008/071483 2007-06-29 2008-06-30 Procédé et appareil permettant un transfert rapide WO2009003404A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710123591.1 2007-06-29
CN2007101235911A CN101335985B (zh) 2007-06-29 2007-06-29 安全快速切换的方法及系统

Publications (1)

Publication Number Publication Date
WO2009003404A1 true WO2009003404A1 (fr) 2009-01-08

Family

ID=40198225

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071483 WO2009003404A1 (fr) 2007-06-29 2008-06-30 Procédé et appareil permettant un transfert rapide

Country Status (2)

Country Link
CN (1) CN101335985B (fr)
WO (1) WO2009003404A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120268291A1 (en) * 2011-04-19 2012-10-25 John Christopher Boot Systems and method for transmitting data in an advanced metering infrastructure
US9924416B2 (en) 2013-08-01 2018-03-20 Nokia Technologies Oy Methods, apparatuses and computer program products for fast handover
WO2016023198A1 (fr) * 2014-08-13 2016-02-18 宇龙计算机通信科技(深圳)有限公司 Procédé de commutation et système de commutation entre des réseaux hétérogènes
CN109379391B (zh) * 2018-12-25 2021-06-01 北京物芯科技有限责任公司 一种基于IPSec的通信方法、装置、设备和储存介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1455556A (zh) * 2003-05-14 2003-11-12 东南大学 无线局域网安全接入控制方法
US20040236939A1 (en) * 2003-02-20 2004-11-25 Docomo Communications Laboratories Usa, Inc. Wireless network handoff key
CN1836404A (zh) * 2003-05-27 2006-09-20 思科技术公司 利用预先建立的会话密钥来辅助802.11漫游
WO2006102565A2 (fr) * 2005-03-23 2006-09-28 Nortel Networks Limited Derivation optimisee de cles de transfert dans l'ipv6 mobile
WO2006124030A1 (fr) * 2005-05-16 2006-11-23 Thomson Licensing Transfert securise dans un reseau local sans fil
EP1775972A1 (fr) * 2004-06-30 2007-04-18 Matsushita Electric Industrial Co., Ltd. Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4128395B2 (ja) * 2002-05-23 2008-07-30 三菱電機株式会社 データ変換装置
CN100499649C (zh) * 2004-09-15 2009-06-10 华为技术有限公司 一种实现安全联盟备份和切换的方法
CN1937836B (zh) * 2005-09-19 2011-04-06 华为技术有限公司 移动终端切换后更新安全联盟信息的方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236939A1 (en) * 2003-02-20 2004-11-25 Docomo Communications Laboratories Usa, Inc. Wireless network handoff key
CN1455556A (zh) * 2003-05-14 2003-11-12 东南大学 无线局域网安全接入控制方法
CN1836404A (zh) * 2003-05-27 2006-09-20 思科技术公司 利用预先建立的会话密钥来辅助802.11漫游
EP1775972A1 (fr) * 2004-06-30 2007-04-18 Matsushita Electric Industrial Co., Ltd. Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication
WO2006102565A2 (fr) * 2005-03-23 2006-09-28 Nortel Networks Limited Derivation optimisee de cles de transfert dans l'ipv6 mobile
WO2006124030A1 (fr) * 2005-05-16 2006-11-23 Thomson Licensing Transfert securise dans un reseau local sans fil

Also Published As

Publication number Publication date
CN101335985B (zh) 2011-05-11
CN101335985A (zh) 2008-12-31

Similar Documents

Publication Publication Date Title
JP5211155B2 (ja) Mih事前認証
CA2760522C (fr) Securite de protocole de transfert intracellulaire independant du support
US7280505B2 (en) Method and apparatus for performing inter-technology handoff from WLAN to cellular network
US8175058B2 (en) Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
KR101574188B1 (ko) 통신 시스템에서 단말의 접속 서비스 네트워크 변경 방법 및 시스템
JP4585002B2 (ja) 高速ネットワーク接続機構
KR20070046012A (ko) 무선랜과 이동통신 시스템간 핸드오버 방법 및 시스템
JP2003051818A (ja) モバイルipネットワークにおけるipセキュリティ実行方法
JP5159878B2 (ja) インターネットプロトコル認証とモビリティシグナリングとを結合するための方法と装置
WO2009078615A2 (fr) Procédé d'authentification intégrée de transfert pour réseau de la génération suivante (ngn) utilisant des technologies d'accès sans fil, et surveillance ip des déplacements d'un terminal mobile
Chuang et al. A lightweight mutual authentication mechanism for network mobility in IEEE 802.16 e wireless networks
KR20080011004A (ko) 프락시 모바일 아이피를 사용하는 이동통신 시스템에서보안 관리 방법 및 그 시스템
JP3822555B2 (ja) 安全なネットワークアクセス方法
JP2007194848A (ja) 無線lanシステムの移動無線端末認証方法
WO2009003404A1 (fr) Procédé et appareil permettant un transfert rapide
WO2010130198A1 (fr) Procédé, système et équipement de transfert entre réseaux d'accès
Haddar et al. Securing fast pmipv6 protocol in case of vertical handover in 5g network
JP5015324B2 (ja) モバイルipv6高速ハンドオーバ中の保護方法及び装置
WO2008067751A1 (fr) Procédé, dispositif et système pour générer et distribuer la clé en fonction du serveur de diamètre
JP4560432B2 (ja) モバイルノードの認証方法
Lee et al. An efficient performance enhancement scheme for fast mobility service in MIPv6
You et al. Enhancing MISP with fast mobile IPv6 security
Mei et al. A secure fast handover scheme based on AAA protocol in mobile IPv6 networks
KR101540523B1 (ko) 프락시 모바일 아이피를 위한 보안 연결 설정 방법 및 안전하고 빠른 핸드오버 처리 방법
Im et al. Security-Effective local-lighted authentication mechanism in NEMO-based fast proxy mobile IPv6 networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757882

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08757882

Country of ref document: EP

Kind code of ref document: A1