¡¡Chinese Journal of Computers   Full Text
  TitleA Secured Access Router Mesh of Mobile Networks with Path Selection and Fast Handover Support
  AuthorsHUANG Song-Hua1) SUN Yu-Xing2) HUANG Hao1) CHEN Gui-Hai1)
  Address1)(State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093)
2)(School of Information Science, Nanjing Audit University, Nanjing 211815)
  Year2009
  IssueNo.3(531¡ª542)
  Abstract &
  Background 		Abstract Performance is always the bottleneck for deploying network mobility (NEMO), and the delay resulting from existing authentication mechanism makes it even worse. This paper introduces an efficient authentication method for access router (AR) mesh of multihomed and nested mobile networks, with path selection and fast handover support to promote whole performance of mobile networks, especially to reduce the delay. First a mutual authentication method is presented based on fixed AAA infrastructure and dynamic trusted neighbors, integrated with a behavior evaluation mechanism. And based on this authentication method the algorithms for optimal path selection and recovery of access failure are proposed. In the solution, security association (SA) transfer is to cut down the authentication delay; multi-angular routing and tunnel-in-tunnel problem in nested situation can be eliminated through the Care-of-Address (CoA) configuration of mobile router based on top-level AR prefix; temporary tunnel and reverse routing header (RRH) may be borrowed to leave out the binding procedure in handover; AR evaluation will produce an optimal path to the Internet. Analysis shows that, with efficient SA establishment between mobile networks and the foreign networks, expected node behavior evaluation, and optimized route, the solution in this paper is more efficient than the counterparts in terms of throughput, packet delay and handover delay.
Keywords network mobility; trust transfer; behavior evaluation; optimal path selection; fast handover
Background With the prevalence of portable terminal and IP network, the potential demand for network mobility (NEMO) in military, public traffic, health care etc. is stimulated, and NEMO become a hot topic in the next generation Internet in recent years. NEMO support is concerned with managing the mobility of an entire network, viewed as a single unit that changes its point of attachment to the Internet and thus its reachability in the Internet topology. At present, poor performance, including low throughput, high packet delay, session interruption in handover etc. still stands in the way to NEMO¡¯s application in practice. Meanwhile, lack of appropriate security mechanism makes the situation even worse.
Due to multihoming and nesting, and the changeability of topology, the key factor that guarantees reliable and efficient running of NEMO is trust, including whether the access points can be trusted, in which degree they can be trusted, and vice versa. Thus, researches on how to establish and then evaluate the trust relationship dynamically and quickly in identity, availability, and performance have great significance.
This research work is mainly supported by the National High-Tech Research and Development Program of China (863) under grant No.2007AA01Z409 named ¡°Research on Distributed Trust Computing System¡±. How to evaluate the terminal efficiently for the trusted network connection is one of the important parts of the 863 program. In the past year, the research groups have done a lot of related work including terminal reliability evaluation based on distributed network service, trust transfer between mobile devices or platforms based on trust chain or attestation and so on. In the future, a whole prototype of Trusted Operating System and Trusted Network Connect, combined with AAA infrastructure, will be implemented to test all the techniques proposed by the authors. Also the work is supported in part by the National Basic Research Program of China (973) under grant No.2006CB303004, Jiangsu High-Tech Research Program of China (BG2007039), and the Natural Science Foundation of China (NSF) under grant Nos.60303023, 60573131, 60673154, 60721002, 60825205.