在移動網路上建構一個具有安全性的動態網域名稱伺服器

Abstract

由於現行的IPv4位址逐漸飽和，新一代的IPv6將成為未來必然發展趨勢，IPv6的位址組成比IPv4複雜而難以記憶，為了讓網路使用者方便取得對方IP位址，網域名稱系統(Domain Name System，DNS)也愈趨重要。隨著網際網路的普及與行動通訊裝置的發展，許多有關在各網路間漫遊之效能與安全性等問題一一浮現，當使用者會因漫遊到其他網路就要重新取得IP位址和網路組態設定，而產生服務中斷，IETF制定的以IPv6為基礎移動式網路(Network Mobility，NEMO)就是針對這樣的情況，能在移動的網路環境下，繼續保有網際網路的服務。然而，在移動式網路裡並未詳細討論網域名稱服務機制與標準，因此，本論文設計出一個解決方案，建構一個具有安全性的動態網域名稱伺服器，在效能方面經由實驗結果分析，在無安全機制下，移動網路節點的域名更新速度比起IETF草案提升了73.5%，加上安全機制後雖然比IETF草案慢了28.4%，但在安全方面可免於資料竊取、IP欺騙與阻斷式攻擊的威脅。

Due to the exhaustion of IPv4 address, IPv6 as next generation will become successor in the future. The composition of IPv6 address is more complicated then IPv4 so that it’s hard to memorize. Domain Name System (DNS) is getting more important and help network user get the IP address easier. As wireless network become universal and mobile communication devices’ development, many problems emerge such as efficiency, security while roaming among different networks. When user roams to other network, the original connection will break and thus get the new IP address and network configuration. IPv6-based Network Mobility (NEMO) by IETF provide the solution upon such problems, it allows session continuity for every node in the Mobile Network as the network moves. However, there are no DNS mechanisms and standards in NEMO. Thus, we provide a solution to make a secure and dynamic domain name server for mobile networks. From the efficiency experiment result compared with IETF draft method, the domain name update speed of mobile network nodes increases by 73.5% without security mechanism and decreases by 28.4% with security mechanism but can prevent from security threats such as data interception, IP spoofing, and DoS attack.