在行動虛擬私人網路下以行動代理人為基礎之無縫交遞

Abstract

本論文之基本動機在於同時提供行動性與安全性。要達成這個目標有許多方法，如結合兩個網路協定，讓他們各自負責行動性與安全性。然而單純地結合兩個協定雖然可避免部署新的網路元件，或降低重寫程式的麻煩，但卻犧牲了使用的效能，因為兩個網路層協定在結合時，通常會有不必要繼續存在的協定要素。 除了重複動作的資源浪費外，協定之間還可能有彼此衝突的情況發生，為了完成某協定的程序，可能要犧牲另一協定的功能，或是額外作一些動作來配合。 另外，為了行動性與安全性，當行動端 (Mobile Node) 在切換所在的網域或是改變IP位址的時候，所花的時間將會非常長，使用者可明顯感到連線被中斷，而且有時還會造成通訊或網路協定上的逾時 (timeout)，不符合實際應用。 於是我在原本企業所使用的虛擬私人網路 (Virtual Private Network, VPN) 架構上，加上行動代理人 (Mobile Agent) 的技術與一些Mobile IP機制來同時提供行動性與安全性。 Mobile Agent代替行動端進行預先認證與協調的動作，並搭配Multicast以及Mobile IP的binding list要素，使行動端在切換網域之後，可立即接續之前的連線；VPN的架構除了保障安全性之外，還讓行動端省去第三層換手的動作。如此在傳輸效能與安全性上將與僅使用VPN一樣，而交遞卻比Mobile IP快速且無間斷，使本系統得以支援即時通訊的應用程式。

Supporting mobility and security simultaneously is the basic motivation of this thesis. An intuitive solution may be the combination of two internet protocols, providing mobility and security respectively. Despite direct merging of two protocols reusing existent software and network hardware, reduced system efficiency is further caused by redundant elements shared by both protocols. Besides the resource squander of duplicate proceedings, a conflict may be break out between two protocols. Sacrifice or extra actions of one protocol for processes of other protocols may be caused. When Mobile Node changes its network domain or IP address, it usually needs a lot of procedures for supporting mobility and security. User would feel the break off of the connection, and the communication or internet protocol would suffer timeout in realistic applications. This thesis provides a method and system for mobility and security, comprising Virtual Private Network (VPN), Mobile Agent and some Mobile IP mechanisms. The mobile agent acts as a representative of mobile node, and executes pre-authentication and pre-negotiation with the multicast mechanism and the binding list of Mobile IP protocol to make mobile node continue the previously communication after changing network domain. VPN architecture not only provides security, but saves the handoff latency for mobile node. Therefore, the transmission performance and security of this system are the same as VPN, and the handoff latency is less than Mobile IP to make this system suit real-time protocols.