行動通訊網路中漫遊管理與授權驗證之研究

Abstract

行動網路已經使通訊愈來愈方便，在此系統中，行動用戶會經常地到處移動位置，所以在這項科技的許多挑戰中，漫遊管理是相當重要的一個，它包括定位和服務提供(電話撥打和接收)。為了支援漫遊管理，IS-41協定被使用在AMPS, DAMPS和IS-95 CDMA蜂巢式系統中；在GSM系統系列中，則是GSM MAP協定被用來提供類似的功能。在這兩種協定中，都是使用二階層式的機制來追蹤使用者的位置，而HLR和VLR就是在這項機制中的兩種行動性資料庫。 當一個移動的使用者漫遊到另一個定位區時，此區的VLR會產生一個有關此使用者資訊的暫時性紀錄；而當此使用者離開時，這筆暫時性紀錄會從此VLR中被刪除。如果過多的使用者在短時間內擠進同一個定位區，這區的VLR可能會超過它的容量，這個現象叫做VLR滿溢。當一個VLR滿溢時，正要進入此定位區的使用者都無法正常註冊，而會收不到服務，這些使用者被稱為滿溢使用者。有一個滿溢控制法是從已滿的VLR中選擇一筆記錄刪除，將所得的空間用以產生溢位使用者的紀錄。藉由這個方式，溢位使用者仍然可以收到服務。 明顯地，取代法則將是這個滿溢控制法的關鍵所在，凡是不完美的取代都會造成另一次的取代動作，以重建被刪除的紀錄，所以判斷一個取代法則好壞的重要參考指標就是完美取代率。已知的取代法則中，不是有低的完美取代率，就是無法符合現實網路中的限制。為了使VLR滿溢控制的觀念更可行也有效率，論文中提出兩種新的取代法則：二次機會取代法和N階級取代法。 若無滿溢控制，傳統上VLR的容量是根據行動性資料庫規劃中，對來訪使用者人數的預測來估計的；現在有了滿溢控制，無論VLR容量多小，所有的來訪使用者似乎都可以收到服務，然而，事實上VLR的容量是不能無限地減少的。由於被取代的使用者會有較差的服務品質，所以取代的比例或者受影響的使用者比例不該超過某個可容忍的標準。因此，在本文中所提出的取代法則，也被用來評估VLR容量和服務品質標準的關係，此研究有助於行動性資料庫規劃中，適當VLR容量的估計。 行動通訊中一個很重要的安全性議題，就是對簽訂的服務作授權驗證。當一個漫遊者進入一個定位區，此區的VLR將需要HLR的協助才能對此使用者作授權驗證，HLR會要求授權中心產生K組授權三元素，並傳給VLR供後續授權驗證使用。通常每次註冊，發話和收話都需要一組三元素。如果三元素組被用完，VLR會再度向HLR請求，並獲得另外K組三元素，這樣的安排稱為固定K法。請求授權三元素組是一項昂貴的動作，因為需要使用HLR和授權中心，因此傾向於採用較大的K值，以減少請求的次數。然而，固定K法是沒有彈性的，所以造成許多授權三元素組的浪費。論文中提出較具彈性的動態K法，顧名思義，此法可依據每個使用者的收發話活動狀況，決定適當的K值，可降低浪費並減少授權所引起的訊號流量。

The mobile communications networks have made communications more and more convenient. In such a system, the mobile user may move from place to place frequently. One of the main challenges in the technology is mobility management including location tracking and service providing (call origination and delivery). To support mobility management, IS-41 protocol is used in AMPS, DAMPS and IS-95 CDMA cellular systems. In GSM serial systems, the GSM MAP is used for the same function. Both of the protocols use a two-level hierarchical mechanism to trace user location. Home location register (HLR) and visitor location register (VLR) are two kinds of mobility databases in the mechanism. As a mobile user roams to a visited location area (LA), a temporary record containing the user information must be created in the VLR of the LA. While the user leaves, the corresponding record in the VLR will be deleted. The VLR may be full if too many mobile users enter an LA during a short period. This phenomenon is called VLR overflow. As a VLR overflows, the arriving mobile users will fail to register and cannot receive any service. The users are called overflow users. An overflow control scheme selects a record from the full VLR to be replaced with the record of the overflow user. By the scheme, the overflow user can still receive service. Obviously, the replacement policy is critical in this scheme. The imperfect replacement will cause another replacement to reconstruct the replaced record. An important criterion to judge a replacement policy is the perfect replacement rate. The known replacement policies suffer either low perfect replacement rate or limitations in the real networks. To make the concept of VLR overflow control more feasible and efficient, the second-chance replacement policy and the N-class replacement policy are proposed in the thesis. Without overflow control scheme, VLR size is traditionally estimated according to the forecast about the number of visiting users in mobility database planning. All visiting users can receive service by using database overflow control scheme now, no matter what VLR size is. However, the VLR cannot be downsized unlimitedly. Because the quality of service for the replaced users will decrease, the replacement rate or the percentage of affected users should not exceed some tolerable threshold. Hence, the relationship between the VLR size and the QoS threshold is also investigated by using the proposed replacement policies in the thesis. The study is useful to estimate the proper VLR size in mobility database planning. One of the core security issues in mobile communications is the authentication for providing the contracted service. When a roaming user arrives in an LA, the VLR of the LA needs the assistance of the HLR to authenticate the roamer. The HLR asks authentication center (AuC) to generate K 3-tuple and forwards them to the VLR for the subsequent utilization. Each of the registration, call origination and call delivery needs one 3-tuple for authentication operation. If the 3-tuple are used up, the VLR will request again and the HLR offers K new 3-tuple. Such arrangement is called fixed-K strategy. The request for 3-tuple is expensive, because it needs to access the HLR/AuC. Hence, a larger K value is preferred to reduce the number of requests. However, the fixed-K strategy is inflexible and much waste of 3-tuple is observed. The thesis provided a more flexible strategy called Dynamic-K strategy. As implied in the name, the strategy can dynamically determine the K value for each user according to his/her call activity. It reduces the waste and diminishes signaling traffic for authentication.