Research On Handover Performance Of MIPv6 With AAA

Mobile IPv6 (MIPv6) was born to meet the requirements that more and more portabledevices and network applications want to enjoy the flexibility of roaming among differentnetworks without manual reconfiguration or interrupting connections. It makes "On-DemandNetworking" possible. Authentication Authorization and Accounting (AAA) is a key infra-structure and a kind of security service of network. AAA is indispensable to all operatingnetworks, including IPv4 networks and (mobile) IPv6 networks. Handover performance isvery important for MIPv6 because longer handover latency may deteriorate the availablequality of service. However, MIPv6 and AAA are developed separately and have their ownarchitecture. Simply co-working together will increase the handover latency of MIPv6. On theother hand, MIPv6 has to resolve all security problems by itself. This makes it much morecomplicated and introduces additional latency. It is therefore a necessity to improve handoverperformance in MIPv6 network with AAA.Whereas the mechanisms of AAA authentication, MIPv6 handover and MIPv6 securityhave great influence on MIPv6 handover performance, knowledge of AAA and MIPv6 is in-vestigated. Handover latencies are categorized into two parts: introduced by handover mecha-nism and introduced by security mechanism. A suite of method for reducing these latencies isproposed based on latest accomplishment. The powerful capacity on computing and securityof AAA is used to help MIPv6. The result is that handover performance of MIPv6 is greatlyimproved by reducing home registration latency, correspondent registration latency and re-mote dynamic address configuration latency and by optimizing end-to-end routing policy.The main creativities of this dissertation are explained as follows:(1) Topologically Aware AAA Overlay Network (TA4ON). Trusted connections are es-tablished and authorized routings are setup among Diameter peers to construct atopologically aware overlay network. Security and signal delivery services are pro-vided for MIPv6. TA4ON is not only an internal security service but also a global in-telligent system. It can serve others actively and effectively.(2) Authenticated Stateful Auto-Configuration (ASAC). Based on pre-IP level accesscontrol, a method called authenticated stateful auto-configuration (ASAC) for MIPv6is proposed, in which both security issues and handover performance are considered.In order not to introduce any vulnerability into network, ASAC information is au-thenticated and signed by mobile node and backend server. To meet the requirementfor handover performance, ASAC is combined together with authentication proce-dure. Therefore, the total latancy of authentication and handover introduced byhandover mechanism is reduced.(3) Methods for identity authentication based on TA4ON. Return Routabilty (RR) pro-cedure introduces into each handover too much latency as well as some securitythreads. A Short Temporary Shared Key (STSK) based on TA4ON is proposed to re-place RR procedure so that security threads and latency are removed. Remote Dy-namic Address Configuration (RDAC) is a special kind of handover. Fast RemoteDynamic Address Configuration (FRDAC) based on TA4ON is proposed to performDRAC for Mobile Node (MN). FRDAC is much faster and securer than DynamicHome Agent (HA) Address Discovery and Mobile Prefix Discovery. Latencies in-troduce by security mechanism, RR and RDAC, in each handover are removed whileno new vulnerability is introduced.(4) Adaptive Asymmetrical End-to-end Routes Selecting (AAERS). There are two bidi-rectional paths between MN and Correspondent Node (CN), one is triangular pathdetouring HA and the other is direct path. It is difficult to tell which one is alwaysbetter than the other is. A method for Adaptive Asymmetrical End-to-end Routes Se-lecting (AAERS) for MIPv6 is proposed. Cost parameters of two paths are collectedby periodically sending probe packet in suitable size along two paths separately. MNand CN make decisions from their own viewpoints, respectively. According the realtime cost parameters, end-to-end routes are selected adaptively to achieve better per-formance.In addition, a WLAN-oriented AAA System based on Diameter for Mobile IPv6 was im-plemented. This specific AAA system was developed in the light of WLAN's link-layer accesscontrol to MIPv6 Node. Peers in this system are connected by Diameter. Functionality of au-thorized routing among different domain is supported. This system is deployed in a realMIPv6 network and the accomplishments of this paper are used.