MIPv6透過選擇性起始位址及路徑之位置更新認證研究

Abstract

MIPv6是下一代的行動IP網路通訊協定，它是在IPv6網路通訊協定下所作的延伸，有鑑於MIPv4在傳統IPv4的網路架構下的複雜延展， MIPv6在路徑繞送做了相當的簡化，由改良MIPv4的客端代理(Foreign Agent)的間接轉送，轉變為移動點(Mobile Node)與本籍代理者(Home Agent)的直接的聯繫，因為少掉了客端代理的轉送機制，相對簡化了移動點與本籍代理及通訊節點(Correspond Node)間，溝通時的複雜度及延遲。MIPv6繼承了IPv6的特性，除了在IP位址不足的問題做了解決之外，對其安全性、擴充性、服務品質等方面的弱點也做了改善，並針對MIPv4做了許多改進。 在行動設備高速成長趨勢之下，將對現行的網際網路帶來衝擊。讓人類的從溝通型態、娛樂方式、交易/消費行為有了戲劇性的變革，進而改變了許多現代人的生活模式；而這些變革也同時對網際網路帶來不斷推陳出新、且非實體性的攻擊與資訊竊奪，成為網路科技進步下的的陰影，造成人們對於網際網路的安全有著莫大的恐慌和疑慮。有鑑於此，許多專家學者紛紛提出防禦及保護的技術及研究，特別是針對行動技術的安全性研究上。畢竟，IP網路的未來是Mobile IP的世界,而因應MIPv6的安全性所做的防禦措施是必要且急迫的。事實上，MIPv6在設計之初，便考量援用IPv6內建的安全性協定(IPSec)，然而在PKI發展遲滯的狀態之下，讓專家學者不得不尋求過渡性方案，或者是替代性的方案。然而，在沒有周慮的安全考量下，對許多的新興的網路服務而言，都可能會是個很大的障礙。 本篇論文將針對已發覺MIPv6位置更新時的安全性弱點提出解決方案，讓移動中的行動點能夠透過Multiple source address 及Seletive routing path的RR Test認證機制，來防止駭客偽造行動點，及進行Man in the middle方式的攻擊，裨益CN(Correspond Node)在更新CoA的位置資訊快取時，得到可靠的確認；在相容於現有之RR Test 認證機制並整合SCTP multi-homing 技術之研究下，提出一些新的概念及想法，冀望對於MIPv6在安全性的研究上能有所貢獻。

MIPv6 is the protocol of next generation Mobile IP, extending from IPv6. In consideration of complicated structure of MIPv4, MIPv6 makes a progress in routing optimization which greatly reduces known delay. Through simplifying routing path, MIPv6 eliminates Foreign Agent in MIPv4 and is able to communicate with Home Agent and Correspondent Node directly. MIPv6 inherits characteristics from IPv6, like solving insufficient address problem, improving vulnerability in IPv4 security, enhancing extensibility, reforming several Qualities of Services issues and, above all, greatly changing the infrastructure of MIPv4. Rapid growing of mobile devices brings great impact to current Internet ecosystem and dramatically changes our lifestyle, such as the way we communicate, entertain, conduct business and consume. At the same time, this kind of change brings out non-physical Internet attack and information stealing that cast the shadow on human beings for the fear of unsecure trading, privacy prying and even personal properties tampering as Internet technology grows. In response to this fear, experts and scholars devote their researches to the protection and the defensive mechanisms against known weaknesses, especially those on mobile networks. Eventually, the future of IP network is mobility. It’s imperative to work out a good way for resolving security issues while facing the future of mobility. In fact, at the very beginning of designing IPv6, researchers already envision of what future network will be. There are numerous IAs (Intelligent Appliance) with a variety of functions: autoconfiguration, network sensibility, infrastructureless, mobility, and carrying multimedia capability. Those infinite creativity encourages us to develop more and more products and features. Nevertheless, without sound security, all of them will become mere nightmares. This thesis aims at solving the known vulnerability of current MIPv6. By changing source IP address and selecting routing path, our approach prevents the hacker from forging the source IP address or eavesdropping packets through Man-in-the-middle attack. This kind of enhanced RR Test results in a more stringent authentication which inherits the original RR Test and integrate Multi-homing feature of SCTP. Consequently, this thesis has certain contributions toward academic research.