CN101335985B - Method and system for safe fast switching - Google Patents

Abstract

The present invention relates to a method and system for safe and fast handover. The method includes steps: before the fast handover, establishing a security association between the mobile node and the access router NAR of the target network; during the fast handover process of the mobile node, Use the aforementioned security association to ensure that the mobile node securely accesses the aforementioned NAR. The above device includes: a security association establishment unit and a security protection execution unit. The present invention optimizes the process of generating a shared key in fast handover by adjusting the parameters needed for key generation in the fast handover process (that is, first establishing a security association between the mobile node and the NAR), thereby ensuring the security mechanism during data transmission It does not affect the fast switching process, and makes the switching process within the controllable range of the network.

Description

Method and system for safe and fast switching

technical field

The invention relates to mobile communication technology, in particular to a method and system for safe and fast switching.

Background technique

The mobile IP version 6 (MIPv6, Mobile IP version 6) protocol is a mobile solution proposed by the Internet Engineering Task Force (IETF, Internet Engineering Task Force), which can make the mobile node (MN, Mobile Node) maintain Communication is not interrupted, but it also brings problems such as switching delay and security.

During the handover process, there is a period when the MN cannot determine whether to send or receive data packets, and this period is called handover delay. The main reasons for the handover delay are the delay in the link handover, and the operation process of the MIPv6 protocol, such as movement detection, new care-of address (CoA, Care-of Address) configuration, binding update, etc. In real-time applications such as Voice over IP (VoIP), handover delays are often unacceptable.

The Fast Mobile IP (FMIP, Fast Mobile IP) protocol is defined in the MIP working group of the IETF. The basic idea is to preconfigure relevant information, thereby reducing handover delay and improving handover performance.

In the FMIP protocol, two types of handovers are mainly defined, namely predictive (Predictive) handover and reactive (Reactive) handover.

For predictive handover, the MN predicts the upcoming handover during the moving process and informs the previous access router (PAR, Previous Access Router) of it. The PAR obtains the new CoA used by the MN under the NAR through interaction with the new access router (NAR, New Access Router) or the access router (AR, Access Router) of the target network, thereby avoiding the address configuration process caused delays. At the same time, during the handover process, the data packets sent by the MN to the PAR are sent by the PAR to the NAR through the tunnel mode for buffering, which ensures that the MN can receive the data packets after switching to the new link and avoids the loss of the data packets.

If the MN moves too fast, the MN has already reached the new link before the MN completes the interaction process of obtaining a new CoA on the old link, and the handover in this case is called a reactive handover. Although the above reactive handover cannot reduce the handover delay, it can avoid packet loss caused by the handover.

Currently, MN and AR use AAA, Authentication, Authorization and Accounting (AAA, Authentication, Authorization and Accounting) server to establish a technical solution for security association. This solution does not apply the above two handovers to the FMIP protocol. In the process, the integrity of the message is guaranteed by switching the key (HK, Handover Key), and the public key exchange between the MN and the NAR is completed under the protection of the FMIP protocol, so that the scheme of generating a shared key has not been implemented in practice. application.

The implementation process of key switching, fast switching in predictive mode and fast switching in reactive mode will be described respectively below.

AAA-assisted key management protocol is used to generate HK between MN and AR, which is used to protect signaling messages of FMIP protocol. Therefore, this key management protocol specifies the message exchange between MN and AR and the necessary preconditions. The protocol assumes that the handover master key (HMK, HandoverMaster Key) is shared between the MN and the AAA server, and there is already a security association between the AR and the AAA server. Under this assumption, as shown in Figure 1, it is a schematic diagram of the process of generating a switching key in the prior art, which specifically includes the following steps:

Step 101: First, the MN generates a handover integrity key (HIK, Handover Integrity Key) according to the HMK, the formula is: HIK=gprf+(HMK, "Handover Integrity Key"); then, the MN sends a handover key request (ie HK Req ) message to AR, the message carries message ID, pseudo-random function, CoA, random number nonce1 generated by MN, MN ID and message authentication code (MAC, Message Authentication Code) generated by HIK.

Step 102: After receiving the above HK Req message, the AR packs the message into an Authentication, Authorization and Accounting Request (ie AAA Request) message through the AAA protocol and forwards it to the AAA server.

Step 103: After receiving the AAA Request message, the AAA server uses the MAC generated by HIK to verify the correctness. If the MAC address of the message is incorrect, the AAA server returns a message of verification failure; otherwise, the AAA server sends a successful verification authentication, authorization and accounting response (ie, AAA Response) message to AR, which carries the HK generated by the AAA server and the random number nonce2 generated by the AAA server when generating the HK. Among them, the generation formula of HK is: HK=gprf+(HMK, MN nonce|AAA nonce|MN ID|AR ID|"Handover Key").

Step 104: After receiving the successfully verified AAA Response message, the AR intercepts the HK carried in the message, then packs the rest of the message into a switch key response (ie HK Resp) message, and sends it to the MN, the HK The Resp message also carries a message ID (consistent with HK Req), a pseudo-random function, verification success status information, a Security Parameter Index (SPI, Security Parameter Index) and a MAC generated using HK.

As shown in Figure 2, it is a schematic diagram of the rapid switching process of the prediction mode in the prior art, which specifically includes the following steps:

Step 201: MN sends fast binding update (FBU, Fast Binding Update) message to PAR, and this message carries MN public key (PK, Public Key) and HK Req message, and this HK Req message uses the sharing between MN and PAR The MAC generated by the key HK is used for protection.

Step 202: After the PAR receives the FBU message, it first uses the MAC generated by the HK to verify the correctness. If the verification is passed, the PAR sends a handover initiation (HI, Handover Initiate) message to the NAR, and the HK Req message carried in the message contains MN PK.

Step 203: The NAR obtains the MN PK from the received HI message, and generates a HK Resp message carrying the NAR PK, and then sends it to the PAR through a Handover Acknowledgment (HAck, Handover Acknowledgment) message.

Step 204: PAR adds the MAC generated by HK to the received HK Resp message, and sends it to the MN through Fast Binding Acknowledgment (FBAck, Fast Binding Acknowledgment).

Step 205: The MN verifies the correctness of the MAC of the received FBAck message. If the verification is passed, the MN adopts an asymmetric key mechanism, that is, uses the MN PK and the NAR PK to generate a shared key. When the MN enters the new link where the NAR is located, the MN sends a Fast Neighbor Advertisement (FNA, FastNeighbor Advertisement) message to the NAR, which is protected using the MAC generated by the above shared key, so that the MN completes the handover from the PAR to the NAR.

As shown in Figure 3, it is a schematic diagram of the rapid switching process of the reaction mode in the prior art, which specifically includes the following steps:

Step 301: If the switching of the prediction mode above fails, when the MN arrives at the new link where the NAR is located, it sends an FNA message to the NAR, and the message carries the MN PK and HK Req.

Step 302: After receiving the FNA message, the NAR sends the HK Req to the PAR through the FBU message, and the message also carries the NARPK.

Step 303: After receiving the FBU message, PAR checks the MAC in HK Req, and sends an FBAck message carrying HK Resp to NAR, and the message also carries NAR PK.

Step 304: After receiving the HK Resp message, the NAR forwards the message to the MN. At this point, the MN completes the handover from PAR to NAR.

As can be seen from the technical solutions disclosed above, the prior art also has the following defects:

1. The security mechanism of the existing technology does not generate the shared key completely according to the existing AAA architecture. This asymmetric key generation mechanism is quite different from the existing mechanism, which is not conducive to implementation; at the same time, generating the shared key The calculation of the key is relatively large, which will consume a large amount of computing resources of MN and AR;

2. During the handover process, the AAA server is completely unaware of the above-mentioned shared key, which is not conducive to the operator's management of MN handover;

3. In the fast switching of the existing prediction mode, if the MN does not receive the FBAck message sent by the PAR, it cannot switch, and the computing resources of the NAR for the shared key are wasted;

4. In the fast switching of the existing reaction mode, the safety issue will cause the switching delay.

Contents of the invention

Embodiments of the present invention provide a method and system for secure fast handover, which ensures safe fast handover and reduces handover delay by establishing a security association between a mobile node and an access router of a target network.

An embodiment of the present invention provides a method for safe and fast switching, the method includes the steps of:

Before the fast handover, establish a security association between the mobile node and the access router NAR of the target network;

During the fast handover process of the mobile node, the security association is used to ensure that the mobile node securely accesses the NAR.

In addition, the embodiment of the present invention also provides a system for safe and fast switching, the above-mentioned system includes:

A security association establishment unit is used to establish a security association between the mobile node and the access router NAR of the target network before the fast handover;

The security protection execution unit is configured to use the security association to protect the signaling interaction of the mobile node during the fast handover process of the mobile node, and enable the mobile node to securely access the above NAR.

It can be seen from the above scheme that in the embodiment of the present invention, before the handover of the mobile node, a security association (such as a shared handover key, handover key, etc.) between the mobile node and the access router of the target network is first established, Afterwards, the aforementioned security association is used to ensure that the aforementioned mobile node securely accesses the access router of the target network. That is, by adjusting the parameters required for key generation during the handover process, the generation process of the shared key is optimized, thereby reducing the impact of the security mechanism on fast handover, reducing the handover delay, and ensuring that the handover process is within the controllable range of the network Inside.

Description of drawings

FIG. 1 is a schematic diagram of a flow chart of switching key generation in the prior art;

FIG. 2 is a schematic diagram of a rapid switching process of a prediction mode in the prior art;

FIG. 3 is a schematic diagram of a quick switching process of a reaction mode in the prior art;

FIG. 4 is a flow chart of a method for safe and fast switching according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 1 of the present invention;

FIG. 6 is a schematic diagram of a fast switching process of a prediction mode in Embodiment 2 of the present invention;

Fig. 7 is a schematic diagram of the quick switching process of the reaction mode in the third embodiment of the present invention;

FIG. 8 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 4 of the present invention;

FIG. 9 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 5 of the present invention;

Fig. 10 is a schematic diagram of the quick switching process of the reaction mode in Embodiment 6 of the present invention;

FIG. 11 is a schematic diagram of a fast switching process of a prediction mode according to Embodiment 7 of the present invention;

FIG. 12 is a schematic diagram of a flow chart of fast switching of prediction modes according to Embodiment 8 of the present invention.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

As shown in Figure 4, it is a flow chart of the method for safe and fast switching in the embodiment of the present invention, which specifically includes the following steps:

Step 401: Before the fast handover, establish a security association between the mobile node and the access router of the target network;

Step 402: During the fast handover process of the mobile node, use the security association to ensure that the mobile node is safely handed over to the access router.

In the embodiment of the present invention, the optimization of the generation process of the shared key is realized by adjusting the parameters required for key generation during the handover process.

FIG. 5 is a schematic diagram of the fast switching process of the prediction mode in Embodiment 1 of the present invention. Compared with the prior art, the MN in this embodiment completes handover preparations with multiple candidate ARs before deciding on the handover target, specifically including the following steps:

Step 501: the MN obtains the identification (AP-ID, Access Point-Identifier) of the surrounding access points, and then sends a request agent routing announcement (RtSolPr, Router Solicitation for ProxyAdvertisement) message to the PAR, to obtain the AR corresponding to the target AP-ID -Info.

Step 502: After receiving the above RtSolPr message, the PAR sends a Proxy Router Advertisement (PrRtAdv, Proxy Router Advertisement) message to the MN, which includes the AR-Info corresponding to the target AP-ID.

Step 503: After the MN receives the above-mentioned PrRtAdv message, it sends a handover key request (HK_REQ) message to the NAR, and the identity mark carried by the message can be the Media Access Control layer mark (MAC ID, Media Access Control Identifier) of the mobile node, or Network Access Identifier (NAI, Net Access Identifier). This message uses the original security association between the MN and AAA for integrity protection.

There are three ways to send the above HK_REQ message to NAR:

1. Use the source address as the original care-of address (pCoA, previous Care-of Address) and send the data packet with the destination address as the NAR address. This method can be used in simple IP networks;

2. send with the mode of nesting Internet (IP-in-IP), external IP address is pCoA and PAR address of MN respectively, and internal IP address is pCoA and NAR address of MN respectively, and this method can be used for multicast Internet protocol ( MIP, Multicast Internet Protocol) network;

3. Use the destination address subhead to indicate the destination of the IP packet, and the addresses of the IP header are the pCoA and PAR addresses of the MN. After receiving the IP packet, the PAR reconstructs the IP packet according to the destination address subhead and sends it to To the address represented by the destination address subheader (that is, the NAR address), this method can be used in the MIP network.

Step 504: After receiving the above HK_REQ message, the NAR encapsulates it with an Authentication Authorization Request (AAREQ) message and forwards it to the AAA server.

Step 505: After receiving the above-mentioned AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK_REQ message, and sends the Authentication Authorization Response (AARSP) message carrying the verification result to the NAR. If the verification is passed, the AA RSP message carries the new handover key (nHK, new Handover Key) between the MN and the NAR.

Step 506: The NAR records the MN's identity and nHK, and sends an HK_RSP message to the MN, notifying the MN that the security association has been successfully established.

Step 507: When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message uses the message authentication code pHK_MAC generated by the original handover key (pHK, previous Handover Key) shared by the MN and the PAR for integrity protection.

Step 508: PAR verifies the correctness of the above pHK_MAC. If the verification is successful, PAR and NAR complete the interaction of HI message and HAck message, and send an FBAck message carrying pHK_MAC to the MN.

Step 509: After the MN reaches the new link, it sends an FNA message to the NAR, which carries the identity of the MN, and uses nHK to generate a MAC for protection. At this point, the MN completes the fast handover process from PAR to NAR.

It can be seen from the above steps that the technical solution of Embodiment 1 can be implemented in two stages: before the MN determines the handover target, the MN tries to perform a key exchange process with all NARs whose PrRtAdv message can provide corresponding information, and then the NAR accesses the AAA server Complete the establishment of the security association; after the MN determines the handover target, the MN uses the original security association to protect the FBU message, and uses the corresponding new security association to protect the FNA message.

It can be understood that the embodiment of the present invention can be further modified as follows: in step 503 and step 506, the MN and the NAR configure the new care-of address (nCoA, New Care-of Address) information. In this way, the uniqueness of the nCoA in the HI/HAck interaction message between the PAR and the NAR can be ensured, thereby avoiding handover delays that may be caused by nCoA conflicts.

FIG. 6 is a schematic diagram of a flow chart of fast switching of prediction modes according to Embodiment 2 of the present invention. Steps 601 to 602, and steps 607 to 609 in this embodiment are the same as the corresponding steps in Embodiment 1, and the differences between Steps 603 to 606 and the corresponding steps in Embodiment 1 are as follows:

Step 603: After the MN receives the above-mentioned PrRtAdv message, it sends a handover key request (HK_REQ) message to the PAR, and the identity mark carried in the message can be the Media Access Control layer mark (MAC ID, Media Access Control Identifier) of the mobile node, or Network Access Identifier (NAI, Net Access Identifier). This message uses the original security association between the MN and AAA for integrity protection.

The above three ways of sending the HK_REQ message to the NAR are the same as those in Embodiment 1, and will not be repeated here.

Step 604: After receiving the above HK_REQ message, the PAR encapsulates it with an Authentication Authorization Request (AAREQ) message and forwards it to the AAA server.

Step 605: After receiving the above-mentioned AA REQ message, the AAA server verifies the MAC correctness of the encapsulated HK_REQ message, and sends the authentication authorization response (AA RSP) message carrying the verification result to the PAR. If the verification is passed, the AA RSP message carries the new handover key (nHK, new Handover Key) between the MN and the NAR.

Step 605': The AAA server sends an AA RSP message to the NAR, which carries the switching key nHK between the MN and the NAR.

Step 606: The PAR records the MN's identity and nHK, and sends an HK_RSP message to the MN, notifying the MN that the security association has been successfully established.

It can be seen from the above steps that the difference between the second embodiment and the first embodiment is that the key exchange process between the MN and the NAR is completed through the interaction between the MN and the AAA server indirectly (through PAR, and the NAR does not participate), and then the AAA server Send the key generated for each NAR to each NAR. Therefore, when the MN needs to establish security associations with multiple NARs, the MN and the AAA server only need to complete one interaction process, which saves signaling overhead.

If the fast handover process shown in the above prediction mode embodiment is not successfully completed, take Embodiment 1 as an example, that is, only the first phase of security association establishment is completed, and the MN has reached the location where the NAR is located before sending the FBU message to the PAR. new link, then the switching mode will be converted from the predictive mode in Embodiment 1 to the reactive mode.

FIG. 7 is a schematic flow diagram of the rapid switching of the reaction mode in Embodiment 3 of the present invention. This embodiment is based on the first phase of the above-mentioned predictive mode embodiment (i.e. complete the establishment of the security association), because the MN does not send an FBU message to the PAR before reaching the new link where the NAR is located, so it turns to the reaction mode, The specific steps are as follows:

Step 701: The MN sends an Unsolicited Neighbor Advertisement (UNA, Unsolicited Neighbor Advertisement) message to the NAR, and the message carries the MAC generated by the nHK.

Step 702: MN sends FBU message to PAR, this message carries pCoA, and uses the MAC generated by pHK to carry out integrity protection, because MN has arrived at the new link where NAR is located, therefore, this message can use source address as nCoA, destination IP messages addressed to PAR are sent.

Step 703: After receiving the above FBU message, the PAR verifies the correctness of the pHK_MAC, and sends the FBAck message carrying the verification result to the MN. Since the MN has arrived at the new link where the NAR is located, the message can use the source address It is an IP message sent by nCoA and the destination address is MN. At the same time, the PAR forwards the cached data sent to the pCoA to the nCoA of the MN through the IP-in-IP tunnel.

FIG. 8 is a schematic diagram of a fast switching flow of prediction mode according to Embodiment 4 of the present invention. Compared with the prior art, in this embodiment, before the MN decides to switch the target, the PAR first obtains the random number (AAA nonce) of the AAA server, and prepares for subsequent switching, specifically including the following steps:

Step 801: PAR is triggered by link layer (for example in the media-independent handover in IEEE 802.21, the candidate network inquiry request (MIH_MN_HO_Candidate_Query request) message when MN is handed over) and learns that MN will hand over, but there is no clear handover target, at this time, PAR sends an AAA REQ message to the AAA server, requesting to obtain the AAA nonce. In practical applications, this step should occur after the PrRtAdv message is sent and before the FBU message is sent.

Step 802: After the AAA server receives the AAA REQ message, it sends the generated AAA RSP message to the PAR. The message carries the AAA nonce and its corresponding AAA nonce Index. After receiving the message, the PAR extracts the AAA nonce and Its corresponding AAA nonce Index is saved.

Step 803: When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, which carries nHK_Req requesting the AAA server to generate nHK, and uses the MAC generated by pHK for integrity protection.

Step 804: PAR verifies the correctness of the MAC of the MN, and if the verification is passed, then sends an HI message to the NAR, and the message carries nHK_Req and AAA nonce Index. Wherein, the HI message must be encrypted and protected, and its specific encryption is the same as that of the prior art, and will not be repeated here.

Step 804': PAR sends the FBU acknowledgment message FAck to MN, the message carries AAAnonce, and uses the MAC generated by pHK for integrity protection. The MN verifies the correctness of the MAC of the message, and if the verification is passed, the following formula can be used to generate nHK.

HK＝gprf+(HMK, MN nonce|AAA nonce|MN ID|AR ID|"HandoverKey")

Step 805': After receiving the above HI message, the NAR obtains the nHK_Req carried in the message, and generates an AAA REQ message and sends it to the AAA server, and the message carries the AAA nonce Index. Meanwhile, in step 805, the NAR sends an HAck message to the PAR.

Step 806: After receiving the HAck message, the PAR sends an FBAck message to the MN, and uses the MAC generated by the pHK for protection.

Step 806': After receiving the AAA REQ message carrying the AAA nonce Index, the AAA server queries the corresponding AAA nonce through the Index, generates nHK according to the formula in step 904, and then sends the AAA RSP message carrying nHK to the NAR.

Step 807: When the MN arrives at the new link where the NAR is located, it sends an FNA message to the NAR, and the message is protected by the MAC generated by nHK. At this point, the MN completes the fast handover process from PAR to NAR.

If the fast handover process shown in this embodiment is not successfully completed, that is, the MN does not send an FBU message to the PAR before reaching the new link where the NAR is located, it will enter the reaction mode. For specific implementation, refer to Embodiment 3 of the present invention.

In this embodiment, PAR obtains the random number (nonce) of AAA from AAA in advance, and returns the AAA nonce parameter through a confirmation message after the MN sends the FBU, so that the MN can not receive the fast binding confirmation FBAck Generate a new switching key to complete the switching process.

FIG. 9 is a schematic diagram of the fast switching process of the prediction mode in the fifth embodiment. In the embodiment of the present invention, when the MN decides to switch, it completes the establishment of a temporary security association with the target NAR, thereby realizing safe and fast switching.

The preparation before the MN decides to perform handover includes the following steps:

First, MN and PAR generate HK according to the switching key generation process of the prior art;

Then, the MN and PAR derive the standard handover key (SHK, Standard HandoverKey) and the temporary handover key (THK, Temporary Handover Key) respectively, and the calculation formulas of the two are as follows:

SHK＝gprf(HK,MN pCoA|PAR IP|“normal handover key”)

THK＝gprf(HK,MN pCoA|NAR IP|"temporary handover key")

This embodiment specifically includes the following steps:

Step 901: When the MN decides to perform fast handover, the MN sends an FBU message to the PAR, and the message uses the MAC generated by the SHK for integrity protection.

Step 902: After receiving the FBU message, the PAR verifies the correctness of its MAC. If the verification is passed, the PAR sends a HI message to the NAR, and the message carries THK. The HI message must be encrypted and protected, and its encryption technology is the same as that of the prior art, and will not be repeated here.

Step 903: After receiving the HI message, the NAR extracts the THK from the message, and sends the HAck message to the PAR.

Step 904: After receiving the HAck message, the PAR sends an FBAck message to the MN, and the message uses SHK to generate a MAC for protection.

Step 905: After the MN arrives at the new link where the NAR is located, the MN sends an FNA message to the NAR, and the message is protected by the MAC generated by the THK. At this point, the MN completes the fast handover process from PAR to NAR.

Step 906: After the handover process ends, the MN or PAR immediately obtains new SHK and THK through the handover key generation process shown in the prior art for the next handover.

As can be seen from the above steps, this embodiment adds the key generation levels of SHK and THK on the basis of the existing handover key generation technology, wherein, SHK is used to establish a security association between the MN and PAR, and THK is transmitted from PAR to NAR is used to establish a temporary security association between the MN and the NAR. The above two security associations jointly ensure the safe and fast handover of the MN from PAR to NAR in this embodiment.

If the fast handover process shown in this embodiment is not successfully completed, that is, the MN and PAR have completed the calculation process of SHK and THK, but the MN has reached the new link where the NAR is located before sending the FBU message to the PAR, then the handover method Convert the prediction mode in Example 5 into the corresponding reaction mode.

FIG. 10 is a schematic flow diagram of the rapid switching of the reaction mode in Embodiment 6 of the present invention. This embodiment includes the following steps:

Step 1001: MN sends UNA message to NAR. Optionally, the message can be integrity protected using the MAC generated by THK.

Step 1002: MN sends FBU message to PAR, this message carries pCoA, and uses the MAC generated by pHK to carry out integrity protection, because MN has arrived at the new link where NAR is located, therefore, this message can use source address as nCoA, destination address Sent for IP messages of PAR.

Step 1003: After receiving the FBU message, the PAR verifies the correctness of the MAC. If the verification is passed, an FBAck message carrying the verification result is sent to the NAR. Since the MN has arrived at the new link where the NAR is located, the message can be sent with an IP message whose source address is nCoA and destination address is MN. At the same time, the PAR forwards the cached data sent to the pCoA to the nCoA of the MN through the IP-in-IP tunnel. At this point, the MN completes the fast handover process from PAR to NAR.

Step 1004: After the handover process is over, the MN or NAR will initiate the process of generating a new HK, and the MN and PAR will then derive SHK and THK respectively.

FIG. 11 is a schematic diagram of the fast switching process of the prediction mode in the seventh embodiment. In this embodiment, after the MN decides to perform handover, it establishes multiple security associations with the target NAR successively to ensure that during the handover process of the MN, one of the generated keys must be valid, thereby achieving secure Quick switch.

First, define nHK' as the shared key between MN and PAR, and nHK as the shared key between MN and NAR.

Then, define the calculation formulas of nHK’ and nHK as follows:

Formula 111:

nHK'=gprf+(HMK, MN nonce|MN ID|AR ID|"Handover Key")

Formula 112:

     nHK = prf(nHK’, NAR nonce)

This embodiment includes the following steps:

Step 1101: When the MN decides to perform fast handover, it sends an FBU message to the PAR, which carries nHK_Req requesting the AAA server to generate nHK and uses the MAC generated by pHK for integrity protection.

Step 1102: PAR verifies the correctness of the MN's MAC, and if the verification passes, sends an HI message carrying nHK_Req to NAR. The message must be encrypted and protected, and its specific encryption is the same as that of the prior art, and will not be repeated here.

Step 1103': After receiving the above HI message, the NAR obtains the nHK_Req carried by the message, and generates an AAA REQ message and sends it to the AAA server, and the message carries the NAR nonce. Meanwhile, in step 1103, the NAR sends a HAck message to the PAR, and the message carries the random number NAR nonce of the NAR used to generate nHK.

Step 1104: After receiving the HAck message, the PAR sends an FBAck message to the MN, and uses the MAC generated by the pHK for protection.

Step 1104': After receiving the AAA REQ message carrying the NAR nonce, the AAA server generates nHK' according to formula 111, and sends the AAA RSP message carrying the nHK' to the NAR. The NAR generates nHK according to Formula 112 after receiving the message.

Step 1105: When the MN arrives at the new link where the NAR is located, if the MN has received the FBAck message sent by the PAR, then the FNA message sent by the MN to the NAR is protected using the MAC generated by the nHK; if the MN has not received the FBAck message sent by the PAR, Then the FNA message sent by the MN to the NAR is protected by the MAC generated by nHK'. Correspondingly, if FBU is carried in the FNA message received by NAR, then NAR thinks that MN has not received the FBAck message, so use the MAC generated by nHK' to verify the correctness of the MAC of FBU; if the FNA message received by NAR does not If the FBU is carried, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by the nHK to verify the correctness of the MAC of the FBU. At this point, the MN completes the fast handover process from PAR to NAR.

It can be seen from the above steps that in this embodiment, the MN interacts with the NAR via the PAR to generate the first switching key nHK' and the second switching key nHK; the NAR receives the first switching key nHK' generated by the AAA server , and generate the second handover key nHK accordingly, thus establishing two security associations between the MN and the NAR. When the MN decides to handover, the MN sends an FNA message to the NAR, and the NAR judges the content of the message and decides which handover key to use. Therefore, this embodiment avoids the handover problem caused by the FBAck message in the prior art, and ensures fast and safe handover.

If the fast handover process shown in this embodiment is not successfully completed, that is, the MN does not send an FBU message to the PAR before arriving at the new link where the NAR is located, then the handover mode is converted from the predictive mode of this embodiment to the reactive mode, and its specific implementation is the same as Embodiment 3 of the present invention is similar, except that the UNA message sent by the MN to the NAR is protected by the MAC generated by nHK'. NAR determines which key (nHK or nHK') is used to generate the MAC to verify its correctness by judging the identification bit of UNA; NAR can also use two keys (nHK or nHK') to generate MAC to UNA messages respectively Perform correctness verification, and the corresponding key that passes the verification will be used as a shared key between the NAR and the MN.

The embodiment of the present invention can also be divided into two stages: the first stage, before the MN decides the handover target, the PAR first obtains the random number (AAA nonce) of the AAA server; the second stage, after the MN decides the handover target, the MN and The target NAR establishes multiple security associations one after another to ensure that during the handover process of the MN, one of the generated keys must be valid, thereby realizing safe and fast handover.

FIG. 12 is a schematic diagram of the fast switching process of the prediction mode in the eighth embodiment. The first stage of this embodiment is the same as that of Embodiment 4 of the present invention, and steps 1201 to 1204 are the same as steps 801 to 804 . The second stage of this embodiment specifically includes the following steps:

Step 1205': After receiving the HI message, the NAR obtains the nHK_Req carried in the message, generates an AAA REQ message and sends it to the AAA server, and the message carries the AAA nonce Index. Meanwhile, in step 1205, the NAR sends an HAck message to the PAR.

Step 1206: After receiving the HAck message, the PAR sends the FBAck message carrying the AAA nonce to the MN, and uses the MAC generated by the pHK for protection.

Step 1206': After receiving the above AAA REQ message, the AAA server queries the corresponding AAA nonce through the Index, generates nHK' according to formula 111, and then sends the AAA RSP message carrying nHK' and AAA nonce to NAR. After receiving the message, NAR generates nHK according to formula 112.

Step 1207: When the MN arrives at the new link where the NAR is located, if the MN has received the FBAck message sent by the PAR, the FNA message sent by the MN to the NAR is protected using the MAC generated by the nHK; if the MN has not received the FBAck message sent by the PAR, Then the FNA message sent by the MN to the NAR is protected by the MAC generated by nHK'. Correspondingly, if FBU is carried in the FNA message received by NAR, then NAR thinks that MN has not received the FBAck message, so use the MAC generated by nHK' to verify the correctness of the MAC of FBU; if the FNA message received by NAR does not If the FBU is carried, the NAR considers that the MN has received the FBAck message, and therefore uses the MAC generated by the nHK to verify the correctness of the MAC of the FBU. At this point, the MN completes the fast handover process from PAR to NAR.

If the fast handover process shown in this embodiment is not successfully completed, that is, the MN does not send an FBU message to the PAR before arriving at the new link where the NAR is located, then the handover mode is converted from the predictive mode of this embodiment to the reactive mode, and its specific implementation is the same as Embodiment 6 of the present invention is the same.

In addition, an embodiment of the present invention also provides a system for fast switching for security, which includes: a security association establishment unit and a security protection execution unit. Wherein, the above-mentioned security association establishment unit is used to establish a security association between the mobile node and the access router NAR of the target network before the fast handover; the above-mentioned security protection execution unit is used to use the The aforementioned security association ensures that the mobile node securely accesses the aforementioned NAR.

That is to say, the above-mentioned security association establishing unit is responsible for establishing the security association before the handover occurs. The process of establishing the security association may need to send and receive messages independently, or may be sent together with other messages; The unit obtains the key, and then uses the key to perform integrity protection on the signaling message required for the fast handover (that is, calculates the message authentication code), and sends the message authentication code together with the message. At the same time, it is responsible for triggering various fast switching related messages, providing message content, and responsible for sending and receiving messages.

The above are only preferred embodiments of the present invention, and it should be pointed out that for those of ordinary skill in the art, some improvements and modifications can also be made without departing from the principle of the present invention, and these improvements and modifications should also be considered Be the protection scope of the present invention.

Claims (10)

1. A method for safe and fast switching, comprising: Before the fast handover, establish a security association between the mobile node and the access router NAR of the target network, specifically including: the mobile node performs key exchange with at least one NAR to generate a security association, and the NAR actively or passively accesses the The AAA server completes the establishment of the security association; or the PAR obtains the key information required by the mobile node to generate the key from the AAA server in advance, and returns the key information through a confirmation message after the mobile node sends a fast binding update message, and the mobile node Generate a handover key according to the key information to complete the establishment of the security association; or calculate the standard handover key and temporary handover key between the mobile node and the PAR; when the mobile node is about to handover, the PAR triggers the handover The temporary handover key is sent to the NAR in the message, and a security association between the mobile node and the NAR is established; or the mobile node performs message interaction with the NAR through the PAR, and obtains the key required for generating the key. key information to generate the first and second switching keys; or the AAA server generates the first switching key according to the received key request message, and feeds back the generation result to the NAR, and the NAR then uses the key information to generate a second switching key to complete the establishment of multiple security associations; During the fast handover process of the mobile node, the security association is used to ensure that the mobile node securely accesses the NAR. 2. The method for safe and fast switching according to claim 1, characterized in that, The process of the NAR actively accessing the AAA server to complete the establishment of the security association is as follows: The mobile node sends a switch key request message to at least one NAR for key exchange, the switch key request message includes the identity of the mobile node and the message generated using the key between the mobile node and the AAA server Authentication Code; The NAR forwards the switch key request message to the AAA server; If the AAA server verifies that the message authentication code in the handover key request message is correct, then feeds back a verification message to the NAR, the verification message including the handover key between the mobile node and the NAR; The NAR records the handover key of the mobile node, generates a message authentication code according to the handover key, and feeds back a handover key response, where the handover key response includes a message authentication code generated according to the handover key; If the mobile node verifies that the message authentication code generated according to the handover key is correct, then complete the establishment of the security association; or The procedure for the NAR to passively access the AAA server to complete the establishment of the security association is as follows: The mobile node sends a switch key request message to the AAA server through the source network access router PAR for key exchange. The switch key request message includes the identity of the mobile node and the The message authentication code generated by the key; After the AAA server verifies that the message authentication code in the switch key request message is correct, it uses the message authentication code generated by itself to protect the integrity of the switch key response message fed back to the mobile node; The response message is fed back to the mobile node through the PAR; and the AAA server generates handover keys corresponding to each NAR according to the key exchange information, and sends the handover keys to the NARs respectively; After verifying that the message authentication code generated by the AAA server is correct, the mobile node generates a switching key corresponding to each NAR, and completes the establishment of the security association. 3. The method for safe and fast handover according to claim 2, wherein the mobile node sends the handover key request message to all NARs at least comprising any of the following methods: Send a data packet whose source address is the original care-of address and whose destination address is the address of NAR; Send by means of nested Internet; Use the destination address subheader as the destination address of the IP packet to send. 4. The method for secure fast handover according to claim 2, wherein, for fast handover in predictive mode, when the mobile node is quickly handed over to NAR, the security association is used to ensure that the mobile node securely accesses the The specific process of NAR is: The mobile node sends a fast binding update message to the PAR, and the message is integrity-protected using a message authentication code generated by a handover key between the mobile node and the PAR; After the PAR verifies the message authentication code and interacts with the NAR, it feeds back a fast binding confirmation message carrying the message authentication code of the switching key to the mobile node; The mobile node protects Fast Neighbor Advertisement messages with a message authentication code generated by a handover key between it and the NAR. 5. according to the method for safe quick handover described in claim 2, it is characterized in that, for the fast handover of reaction mode, when mobile node accesses NAR, send the neighbor announcement message that does not request to NAR earlier, utilize mobile node and The message verification code generated by the switching key between the NARs is protected; Then send a fast binding update message to PAR, which carries the original care-of address, and uses the original switching key to generate a message verification code for integrity protection of the message; After verifying that the message verification code is correct, the PAR feeds back a fast binding confirmation message, and forwards the data packet whose target address is the original care-of address to the new care-of address of the mobile node. 6. The method for secure fast handover according to claim 2, wherein the handover key request message also includes new care-of address information for configuring the mobile node; the handover key response message includes the mobile node's The new care-of address. 7. The method for secure fast handover according to claim 1, wherein the process of completing the establishment of a security association in the predictive mode fast handover is: PAR obtains the key information required by the mobile node from the AAA server during handover; When the mobile node is handed over, obtain the key information required for the handover from the PAR through a fast binding update message; wherein the fast binding update message carries a handover key request message, and uses the mobile node and The switching key between PARs protects the message; The mobile node generates a new handover key according to the key information, and sends the key request message and the key information identifier to the AAA server through a handover trigger message; After the AAA server verifies the key request message, it finds the key information according to the key information identifier, generates a new switching key, and sends the new switching key to the NAR, and the establishment of the security association is completed; The process of completing the establishment of the security association in the fast switching of the reaction mode is as follows: The mobile node sends an unsolicited Neighbor Advertisement message to the NAR, which is protected or unprotected using the handover key generated by the mobile node in advance with the NAR; Send a fast binding update message to PAR, which carries the original care-of address, and uses the original switching key to generate a message verification code for integrity protection of the message; After the PAR check, a fast binding confirmation message is fed back, and the data packet of the original care-of address of the target address is forwarded to the new care-of address of the mobile node. 8. The method for safe and fast switching according to claim 1, characterized in that, The process of completing the establishment of the security association in the predictive mode fast switching is as follows: The mobile node sends a fast binding update message carrying a handover key request message to the PAR, the update message uses the handover key between the mobile node and the PAR to generate a message authentication code, and the mobile node generates a first handover key ; After the PAR successfully verifies the message authentication code, it sends the handover key request message to the NAR, and negotiates handover key information at the same time; and sends the negotiated handover key information to the mobile node, and the mobile node generating a second switching key according to the switching key information; The NAR sends the switch request message to the AAA server, and after the AAA server verifies the switch request message, it generates a first switch key and feeds it back to the NAR; The NAR generates a second switching key according to the first switching key and switching key information; When the mobile node arrives at the NAR, it decides to use the first or second handover key to protect the neighbor advertisement message according to whether it receives the fast binding message, and completes the establishment of multiple security associations; The process of completing the establishment of the security association in the fast switching of the reaction mode is as follows: The mobile node sends an unsolicited Neighbor Advertisement message to the NAR, which is protected or unprotected using the handover key generated by the mobile node in advance with the NAR; Then send a fast binding update message to PAR, which carries the original care-of address, and uses the original switching key to generate a message verification code for integrity protection of the message; After the PAR check, a fast binding confirmation message is fed back, and the data packet whose target address is the original care-of address is forwarded to the new care-of address of the mobile node. 9. The method for secure fast handover according to claim 8, wherein the manner of simultaneously negotiating key information comprises: The PAR requests the AAA server to obtain the negotiated key information in advance, and sends the negotiated key information to the NAR; or The NAR first generates key information, and feeds back the key information to the PAR. 10. A system for safe and fast switching, characterized in that it comprises: A security association establishment unit, configured to establish a security association between the mobile node and the access router NAR of the target network before the fast handover; specifically includes: the mobile node performs key exchange with at least one NAR to generate a security association, and The NAR actively or passively accesses the AAA server to complete the establishment of the security association; or the PAR obtains the key information required by the mobile node to generate the key from the AAA server in advance, and passes the confirmation message after the mobile node sends a fast binding update message Return the key information, the mobile node generates a handover key according to the key information, and completes the establishment of the security association; or calculates the standard handover key and the temporary handover key between the mobile node and the PAR; when the mobile node is about to handover , the PAR sends the temporary handover key to the NAR in the handover trigger message, and establishes a security association between the mobile node and the NAR; or the mobile node performs message interaction with the NAR through the PAR, and obtains Generate the first and second switching keys after generating the key information required for the key; or the AAA server generates the first switching key according to the received key request message, and feeds back the generation result to the NAR, so The above NAR generates a second switching key according to the key information, and completes the establishment of multiple security associations; The security protection execution unit is configured to use the security association to protect the security interaction of signaling of the mobile node during the fast handover process of the mobile node, and enable the mobile node to securely access the NAR.

Images