【作者】 王铮；

【导师】 董小国；

【作者基本信息】 北京化工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 IPv4协议是目前因特网互联技术公认的标准,然而由于近几年IPv4互联网规模的不断增大以及应用范围不断拓展,它在地址数量,移动性,服务质量和安全性等方面所具有的局限性越来越明显。为此因特网工程任务组IETF提出了新一代的互联协议—IPv6。随着无线接入和通信技术的飞速发展,出现了为移动主机提供网络服务的需求,移动IPv6应运而生,它将逐步取代IPv4成为网络的基础设施,并将对网络技术产生积极深远的影响。它极大地增加了可用地址空间,提供了即插即用的自动配置机制,简化了网络报头格式,增加了对身份验证和私密性的扩展,尤其是更好地支持移动IP功能,在IPv6的协议里,对移动性的要求成为了必须,而不像在IPv4中是可选项。本文首先介绍了IPv6协议的演变进程、国内外的发展现状及趋势,解释了移动IPv6中常用的术语以及实体,详细说明了移动IPv6的工作原理和通信过程。其次,总结了当前移动IPv6网络中上述4个过程中面临的主要威胁,并介绍、分析了相应的应对机制。移动IPv6的安全机制主要有:IPsec、返回路由可达过程(RRP,Return Routibility Procedure)以及加密形成地址(CGA)等。本文着重在移动IPv6的安全性方面做了细致深入的研究,随后介绍了移动IPv6协议的基本内容,并着重对基于移动IPv6的安全机制进行了讨论,讨论的重点是移动节点和通信节点以及家乡代理之间的安全通信。对迂回路由机制及其安全性进行了分析,提出了一种安全增强返回路由可达机制,用以抵御作者给出的攻击,并对增强的迂回路由机制的安全性进行了分析,证明它达到了作者想要实现的目的。最后,在NS环境下对移动IPv6进行了通信模拟,并对已有Mobiwan进行扩展,达到对现有IPv6标准的良好支持。更多还原

【Abstract】 IPv4 has been regarded as the standard protocol in recent Internet technology.However,with the repaid development and the increasingly expanded network,several problems come up to the surface,such as severely lack of IP addresses,insufficient support to mobility,quality of service and security,etc.As a result,the Internet Engineering Task Force(IETF)proposed a new generation internet protocol—IPv6.The new internet protocol solved these problems especially in the aspect in mobility support,because the support to mobility has been a compulsive part but not an optional part in IPv4. This paper is focus on the discussion of the security of the mobile IPv6.The first part of this paper showed the research achievement in the field of mobile IPv6 aboard and domestic respectively,and then explained some terms and substances used in mobile IPv6 network.Security threat for the MIPv6 was analyzed in the following part,we simulate several kinds of usual attacks in the MIPv6 networks and pointed out the harms to the user.In order to solve the problems addressed above,several security systems were introduced including:IPsec which mainly protect the binding update procedure between MN and HA,as well as RRP which hold the responsibility to protect the communication between MN and CN.In addition,we analyzed the asset and defect of each system respectively.In the final part,we introduced an open-source simulation software NS-2, and a new component called Mobiwan which is for the Mipv6 simulation.We extended the Mobiwan in the purpose of doing the simulation of Mipv6 according to RFC3775.The simulation result showed that our extension is a successful one and made a lot of sense for the Mipv6 simulating.更多还原