摘要
为解决移动IPv6路由优化过程当中绑定更新消息的安全问题,结合返回路径可达协议和CAM协议的优点,提出一种基于加密生成地址(CGA)技术的绑定更新安全机制。该机制在没有部署PKI的环境下,利用CGA技术实现了跨信任域的2个节点基于地址的身份认证,可有效防止攻击者伪造、篡改绑定更新消息,解决路由优化过程中存在的反射式攻击问题。
In order to solve the security issues of the binding update message in the IPv6 route optimization process, this paper presents a new security mechanism based on Cryptographically Generated Addresses(CGA) through the analysis of the Return Routability Procedure (RRP) and CAM protocols. Security analysis proves that the mechanism can authenticate the nodes based on IPv6 address without PKI infrastructure, and prevent the forged binding update messages and the reflecting attack.
出处
《计算机工程》
CAS
CSCD
北大核心
2008年第6期167-169,共3页
Computer Engineering
关键词
路由优化
绑定更新
移动IPV6
返回路径可达
加密生成地址
route optimization
binding update
mobile IPv6
Return Routability Procedure(RRP)
Cryptographically Generated Addresses(CGA)
