行動網路內安全多路徑連結架構之設計

Abstract

隨著行動通訊的發展與普及，現今的行動裝置常具有兩種以上的網路介面，稱之為多路徑連結架構網路。在一個多路徑連結架構網路中，行動裝置可以根據不同的應用與需求，即時選擇一個最佳的網路介面，如此可以承受多種網路障礙，網路延遲或封包遺失之情形，進而提升整體網路的傳輸品質。然而，設計一個完善的多路徑連結網路需要多方面的考量，因此本論文將探討以下三項主題： 本論文所要探討的第一個主題是網際網路的擴充問題。在現今的網路架構中，最常用來解決網際網路擴充問題的方式是使用網際網路位址轉譯器 (NAT)。然而網際網路位址轉譯器有許多的缺失，例如無法連結至多階層私有網路中，以及可能存在網際網路位址衝突的問題。因此我們提出了一種解決方案，稱之為 MRSIP 架構，以取代網際網路位址轉譯器。使用 MRSIP 架構將使得在 NAT 架構下的前述問題加以解決。 本論文的第二部份著眼於改進一個在多連結路徑網路下所使用的通訊協定，稱之為資料流控制傳輸協定 (Stream Control Transmission Protocol; SCTP)。然而因為原先資料流控制傳輸協定並不是針對多連結路徑網路而設計，因此我們探討使用該傳輸協定的不足，如路徑選擇及網路轉換效率問題等，並針對這些問題提出一系列的解決方案及加以分析。 在本論文的第三部分中，我們提出了一個新的身份確認及金匙交換協定，以用於多連結路徑網路。在這個協定裡，並不需要有一個公正的第三者以作為金匙交換的中介者，如此可以避免因網路傳輸中斷導致無法進行身份確認的情形。在這個身份確認及金匙交換協定中，我們解決了以前學者發現的問題並加以改良，而且只需從事較少的指數運算及記憶體，因此非常適用於只具備些許運算能力及記憶體的行動裝置中。

With the growth of mobile computing, currently a mobile device may have one or more network interfaces, which is called as ‘multi-homed network.’ In a multi-homed network the data connections can be placed in the best possible interface or forwarded through several paths thereby decreasing end-to-end delivery delay and increasing the network capacity. Also, using a multi-homed network can improve the network performance because it is against network failure or network partitioning. To address these situations, this thesis investigates solutions in multi-homed architecture in mobile networks. Research consists three parts: Part one investigates the solution of Internet scaling problem. The well-known solution of Internet scaling problem is using the Network Address Translator (NAT). However, there are still many problems cannot be solved by NAT. For example, NAT cannot access to multi-level private network, or prevent the address collision. To overcome these problems, we propose the MRSIP framework to replace the NAT. Part two investigates the enhancement of communication protocol to be used in multi-homed network architecture, the Stream Control Transmission Protocol (SCTP). Since the original designing of SCTP protocol is not to be used in multi-homed network, we discuss the drawback of SCTP protocol such as path selection and changeover decision problems, and propose several algorithms to solve these problems in the SCTP protocol. In part three, we propose a new authenticated key agreement protocol to be used in the multi-homed network environment. In the propose protocol, the key information center is needed only when the secure network system is being set up or when new users request to register. Furthermore, our protocol needs fewer exponential computations and memory, which is suitable for the low-end mobile devices. Finally, we discuss the possible extensions and conclude.