下一代无线网络安全及切换机制研究
|
摘要
随着通信、计算机与集成电路等技术的不断进步,人们对无线通信和移动性的需求也越来越高。现有移动通信系统更新换代的同时,支持高移动性的无线接入技术也在不断涌现,这些都为下一代无线网络的发展奠定了很好的基础。下一代无线网络能够融合各种网络,具有接入方式多样化、数据传输宽带化、终端高速移动化和全IP统一化等特点,以期为用户提供无时无刻、无处不在的高效安全网络服务。异构网络融合技术是下一代无线网络发展的关键所在,是一项非常复杂的系统工程,不仅面临现有各种普通网络的安全问题,也面临着异构网络互联所产生额外的安全问题。比如,如何实现异构网络间统一接入认证问题;如何在复杂的网络环境中实现更为严格的授权控制机制;如何降低网络间密钥协商的复杂管理和密钥负荷;如何实现异构融合网络间的无缝切换等。
本论文深入研究和探讨了异构无线网络融合的安全架构,通过对其接入认证、授权控制、密钥协商和自适应保障等机制的完善,提高了异构无线网络的整体性能和效率,主要工作体现如下:
1.首先对无线通信网络的发展与演进进行了总结;其次对下一代无线网络的特点、支撑的关键技术、面临的安全问题以及研究现状进行了分析和归纳;最后对异构网络安全架构的设计原则与实现方法进行了阐述。
2.从整体上考虑异构多接入网络的安全认证问题,提出了一种基于移动IPv6协议的统一认证机制,能够面向上层通用协议,屏蔽不同的链路层技术。通过对多种通信优化方法进行综合分析与比较,采用了一种绑定信息与部署架构相联合的优化方式,并针对移动节点当前是否进行网络漫游的情况分别进行讨论。为了避免移动节点在外地域通信时网络拓扑信息容易泄露的问题,提出了优化的密钥分发机制,阐述了密钥产生与交互过程。通过实验分析,证明了此通信优化策略机制,能够在保证通信安全的同时,降低网络切换时的认证注册时延,从而使得异构融合网络具有真正的可运营性。
3.针对复杂的异构网络环境,在多接入网络统一认证的基础上,提出了一种异构网络的优化授权架构,根据基于角色访问控制的设计思想,采用SAML和XACML相融合策略,为用户分配角色属性来获取网络资源接入,实现异构网络的优化授权与管理。本文综合分析了异构网络环境下的多种应用场景:根据用户当前所在的位置,分为域内和域间场景,根据用户获取网络资源方式的不同,分为Pull场景和Push场景,并根据不同的应用场景,完成了异构网络优化授权架构的不同工作流程设计,从而使得异构融合网络能够满足移动用户多样化的网络资源应用需求,提高了异构网络的服务质量。核心功能模块的实验床实现,也为将来异构网络优化授权架构的发展奠定了坚实的基础。
4.针对异构网络安全存在的问题进行了阐述,给出了相应的安全需求说明。在对不同密钥体制算法进行分析后,选择了一种基于迹离散函数对数问题的XTR4算法,并在此基础上,提出了一种高效的认证与密钥协商机制,设置了三种不同作用域的密钥,即:随机协商密钥、身份验证密钥和用户认证密钥,建立了一次性的匿名验证机制,实现了移动用户在家乡域和外地域不同的密钥协商。通过实验仿真分析,证明了此密钥协商机制能够满足相应的网络安全需求,优于现有的一般密钥协商机制。
5.为了实现异构融合网络间的无缝切换,提出了一种基于跨层思想的自适应切换机制,能够综合当前网络的动态变化参数和终端用户的移动速度,实时预估测不同网络间的切换阈值以保证充足有效的切换时间。本文所提出的自适应切换机制允许不同层次协议之间进行信令交互,利用链路层和IP层的切换初始化信息触发TCP层的优化机制,自适应的调整移动切换过程中的TCP传输方式,从而能够在移动IPv6机制下,进行不同网络间切换时,保证良好的TCP传输性能。相应的仿真分析也证明了该机制在降低网络切换错误率的同时,增强了TCP层的传输能力。
本文所提出的面向下一代无线网络安全及切换机制研究内容,具有明确的概念和功能描述、架构机制设计简单、不仅在理论上值得深入研究,而且还具有较好的应用价值。
With the development of communication engineering, computer network and integrated circuit technologies, mobile communication and wireless network become highly desirable. Due to the progress of IT technologies, mobile communication systems are highly developed and various new radio access technologies come forth, which paves the way for the next generation wireless network. The next generation wireless network combines the merits of different wireless networks, thereby featuring diversified access method, high speed data transmission, ultra mobility and all IP integration. Users therefore easily enjoy the ubiquitous high performance network service provided by the next generation wireless network. Heterogeneous wireless network integration is the key technology to the next generation wireless network. As a highly complicated system engineering, the heterogeneous wireless network not only has similar problems to the traditional network, but also faces additional security problems caused by the interconnection of heterogeneous networks. These extra security problems with the heterogeneous wireless network include how to realize unified security acess among different wireless networks; how to realize strict access control in the complicated heterogeneous network; how to simplify the complex key management of AKA mechanism and reduce the large key size; and how to make seamless handover in heterogeneous network.
In this thesis, the security architecture of heterogeneous network is investigated and explored. The performance and efficiency of heterogeneous network is enhanced significantly with the improved access authentication, authorization control, key agreement and adaptive adjusted mechanisms. The main contributions of this thesis are listed as follows:
1. The evolution of wireless network is summarized. The characteristics, key technologies, and major security problems of the next generation wireless networks are carefully investigated and concluded. Furthermore, the design principles of the security architecture of heterogeneous network are provided. The methods to improve the system performance are presented as well.
2. An unified authentication mechanism for upper protocol based on mobile IPv6 protocol to mask different link layer access is proposed in this thesis. Based on the comprehensive analysis and comparison of different communication optimization methods, an optimization method with the integration of binding information and architecture deployment is proposed. The new optimization method considers whether the mobile node roams in the foreign domain. Furthermore, specified packet format is designed to support different scenarios. In order to avoid divulging the topological information of the home domain when the mobile node communicates with other nodes in the foreign domain, an improved key framework is introduced in the thesis. The process of the key generation and exchange is provided. The simulation results indicate that the novel optimization method reduces the delay of the authentication and login process significantly and maintains the security of the system. The realizable operation of the heterogeneous network is therefore achieved.
3. Based on the unitifed authentication mechanism of different access wireless networks, optimum authorization architecture in heterogeneous network is proposed to deal with the complex environment. Based on the concept of role-based access control model, SAML and XACML are combined to assign roles and attributes of visiting domain to users, thereby realizing optimum authorization and management performance of the heterogeneous network. Different application scenarios in heterogeneous network are analyzed systematically in this thesis. Based on users'location, the heterogeneous network has intra-domain and inter-domain applications. Alternatively, the heterogeneous network has Pull application scenario and Push application scenario according to the method in which users obtain network resource. Specific workflows in different application scenarios are analyzed and designed for the optimum authorization architecture of the heterogeneous network. The proposed heterogeneous network satisfies users'various requirements for network resource applications with the new architecture. Furthermore, the quality of service is improved significantly. The test bench of the key function module lays a solid foundation for the development of the optimum authorization architecture of the heterogeneous network in the future.
4. Potential security hazards in the heterogeneous network are analyzed. Correspondent security requirements are presented in this thesis. Based on the analysis of different cryptography algorithms, an XTR4 algorithm based on subgroup-trace discrete algorithm is chosen for key agreement mechanism. Furthermore, an authentication and key agreement mechanism is proposed for the optimum authorization architecture of the heterogeneous network. Three kinds of keys are used in different scopes to accomplish different negotiation processes for users in home domain and visiting domain. Simulation results show that this authentication and key agreement mechanism satisfies the security requirement and is superior to the traditional key agreement mechanism.
5. In order to realize seamless handover in the heterogeneous network, an adaptive handover mechanism based on cross-layer design is proposed. With comprehensive consideration of travelling speed parameter of users and dynamic parameters of current network connection, the heterogeneous network pre-estimates the real-time handover threshold and provides enough reservation time for handover. Handover initiation information from link layer and IP layer can be used to trigger optimum congestion control mechanism and adjust the TCP transmission mode adaptively for mobile handover information in the protocol of one layer is allowed to be transmitted and interacted with the protocols of another layer. High TCP transmission performance is guaranteed for handover among different networks in mobile IPv6 environment. Simulation results show that this adaptive handover mechanism not only reduces the handover error rate, but also enhances the TCP transmission performance when handover happens.
In conclusion, security architecture and handover mechanism for the next generation wireless network proposed in this thesis has clear definitions and functional descriptions. The architecture is easy to implement and friendly to the engineers. The novel wireless network is not only worth in-depth theoretical research, but also has high application value for projects.
本论文深入研究和探讨了异构无线网络融合的安全架构,通过对其接入认证、授权控制、密钥协商和自适应保障等机制的完善,提高了异构无线网络的整体性能和效率,主要工作体现如下:
1.首先对无线通信网络的发展与演进进行了总结;其次对下一代无线网络的特点、支撑的关键技术、面临的安全问题以及研究现状进行了分析和归纳;最后对异构网络安全架构的设计原则与实现方法进行了阐述。
2.从整体上考虑异构多接入网络的安全认证问题,提出了一种基于移动IPv6协议的统一认证机制,能够面向上层通用协议,屏蔽不同的链路层技术。通过对多种通信优化方法进行综合分析与比较,采用了一种绑定信息与部署架构相联合的优化方式,并针对移动节点当前是否进行网络漫游的情况分别进行讨论。为了避免移动节点在外地域通信时网络拓扑信息容易泄露的问题,提出了优化的密钥分发机制,阐述了密钥产生与交互过程。通过实验分析,证明了此通信优化策略机制,能够在保证通信安全的同时,降低网络切换时的认证注册时延,从而使得异构融合网络具有真正的可运营性。
3.针对复杂的异构网络环境,在多接入网络统一认证的基础上,提出了一种异构网络的优化授权架构,根据基于角色访问控制的设计思想,采用SAML和XACML相融合策略,为用户分配角色属性来获取网络资源接入,实现异构网络的优化授权与管理。本文综合分析了异构网络环境下的多种应用场景:根据用户当前所在的位置,分为域内和域间场景,根据用户获取网络资源方式的不同,分为Pull场景和Push场景,并根据不同的应用场景,完成了异构网络优化授权架构的不同工作流程设计,从而使得异构融合网络能够满足移动用户多样化的网络资源应用需求,提高了异构网络的服务质量。核心功能模块的实验床实现,也为将来异构网络优化授权架构的发展奠定了坚实的基础。
4.针对异构网络安全存在的问题进行了阐述,给出了相应的安全需求说明。在对不同密钥体制算法进行分析后,选择了一种基于迹离散函数对数问题的XTR4算法,并在此基础上,提出了一种高效的认证与密钥协商机制,设置了三种不同作用域的密钥,即:随机协商密钥、身份验证密钥和用户认证密钥,建立了一次性的匿名验证机制,实现了移动用户在家乡域和外地域不同的密钥协商。通过实验仿真分析,证明了此密钥协商机制能够满足相应的网络安全需求,优于现有的一般密钥协商机制。
5.为了实现异构融合网络间的无缝切换,提出了一种基于跨层思想的自适应切换机制,能够综合当前网络的动态变化参数和终端用户的移动速度,实时预估测不同网络间的切换阈值以保证充足有效的切换时间。本文所提出的自适应切换机制允许不同层次协议之间进行信令交互,利用链路层和IP层的切换初始化信息触发TCP层的优化机制,自适应的调整移动切换过程中的TCP传输方式,从而能够在移动IPv6机制下,进行不同网络间切换时,保证良好的TCP传输性能。相应的仿真分析也证明了该机制在降低网络切换错误率的同时,增强了TCP层的传输能力。
本文所提出的面向下一代无线网络安全及切换机制研究内容,具有明确的概念和功能描述、架构机制设计简单、不仅在理论上值得深入研究,而且还具有较好的应用价值。
With the development of communication engineering, computer network and integrated circuit technologies, mobile communication and wireless network become highly desirable. Due to the progress of IT technologies, mobile communication systems are highly developed and various new radio access technologies come forth, which paves the way for the next generation wireless network. The next generation wireless network combines the merits of different wireless networks, thereby featuring diversified access method, high speed data transmission, ultra mobility and all IP integration. Users therefore easily enjoy the ubiquitous high performance network service provided by the next generation wireless network. Heterogeneous wireless network integration is the key technology to the next generation wireless network. As a highly complicated system engineering, the heterogeneous wireless network not only has similar problems to the traditional network, but also faces additional security problems caused by the interconnection of heterogeneous networks. These extra security problems with the heterogeneous wireless network include how to realize unified security acess among different wireless networks; how to realize strict access control in the complicated heterogeneous network; how to simplify the complex key management of AKA mechanism and reduce the large key size; and how to make seamless handover in heterogeneous network.
In this thesis, the security architecture of heterogeneous network is investigated and explored. The performance and efficiency of heterogeneous network is enhanced significantly with the improved access authentication, authorization control, key agreement and adaptive adjusted mechanisms. The main contributions of this thesis are listed as follows:
1. The evolution of wireless network is summarized. The characteristics, key technologies, and major security problems of the next generation wireless networks are carefully investigated and concluded. Furthermore, the design principles of the security architecture of heterogeneous network are provided. The methods to improve the system performance are presented as well.
2. An unified authentication mechanism for upper protocol based on mobile IPv6 protocol to mask different link layer access is proposed in this thesis. Based on the comprehensive analysis and comparison of different communication optimization methods, an optimization method with the integration of binding information and architecture deployment is proposed. The new optimization method considers whether the mobile node roams in the foreign domain. Furthermore, specified packet format is designed to support different scenarios. In order to avoid divulging the topological information of the home domain when the mobile node communicates with other nodes in the foreign domain, an improved key framework is introduced in the thesis. The process of the key generation and exchange is provided. The simulation results indicate that the novel optimization method reduces the delay of the authentication and login process significantly and maintains the security of the system. The realizable operation of the heterogeneous network is therefore achieved.
3. Based on the unitifed authentication mechanism of different access wireless networks, optimum authorization architecture in heterogeneous network is proposed to deal with the complex environment. Based on the concept of role-based access control model, SAML and XACML are combined to assign roles and attributes of visiting domain to users, thereby realizing optimum authorization and management performance of the heterogeneous network. Different application scenarios in heterogeneous network are analyzed systematically in this thesis. Based on users'location, the heterogeneous network has intra-domain and inter-domain applications. Alternatively, the heterogeneous network has Pull application scenario and Push application scenario according to the method in which users obtain network resource. Specific workflows in different application scenarios are analyzed and designed for the optimum authorization architecture of the heterogeneous network. The proposed heterogeneous network satisfies users'various requirements for network resource applications with the new architecture. Furthermore, the quality of service is improved significantly. The test bench of the key function module lays a solid foundation for the development of the optimum authorization architecture of the heterogeneous network in the future.
4. Potential security hazards in the heterogeneous network are analyzed. Correspondent security requirements are presented in this thesis. Based on the analysis of different cryptography algorithms, an XTR4 algorithm based on subgroup-trace discrete algorithm is chosen for key agreement mechanism. Furthermore, an authentication and key agreement mechanism is proposed for the optimum authorization architecture of the heterogeneous network. Three kinds of keys are used in different scopes to accomplish different negotiation processes for users in home domain and visiting domain. Simulation results show that this authentication and key agreement mechanism satisfies the security requirement and is superior to the traditional key agreement mechanism.
5. In order to realize seamless handover in the heterogeneous network, an adaptive handover mechanism based on cross-layer design is proposed. With comprehensive consideration of travelling speed parameter of users and dynamic parameters of current network connection, the heterogeneous network pre-estimates the real-time handover threshold and provides enough reservation time for handover. Handover initiation information from link layer and IP layer can be used to trigger optimum congestion control mechanism and adjust the TCP transmission mode adaptively for mobile handover information in the protocol of one layer is allowed to be transmitted and interacted with the protocols of another layer. High TCP transmission performance is guaranteed for handover among different networks in mobile IPv6 environment. Simulation results show that this adaptive handover mechanism not only reduces the handover error rate, but also enhances the TCP transmission performance when handover happens.
In conclusion, security architecture and handover mechanism for the next generation wireless network proposed in this thesis has clear definitions and functional descriptions. The architecture is easy to implement and friendly to the engineers. The novel wireless network is not only worth in-depth theoretical research, but also has high application value for projects.
引文
[1]N. Passas, K.Apostolis, KD. Wong,"Architectures and protocols for mobility management in All-IP mobile network ", IEEE Wireless Communications,2008.
[2]3GPP2 S.R0037-0, "IP network architecture model for cdma2000 spread spectrum systems",2002.
[3]IEEE 802.21/D00.01, "Draft IEEE standard for local and metropolitan area networks:media independent handover services", July 2005.
[4]秦刘,智英建,贺磊,“802.1 x协议研究及其安全性分析”,计算机工程,第33卷,第7期,2007.04.
[5]R.Prasad, A.Mihovska," New Horizons in Mobile and Wireless Communications: Networks, services, and applications", Volume 2, ARTECH House Press,2009.
[6]IEEE 802.21/D00.01, "Draft IEEE standard for local and metropolitan area networks:media independent handover services", July 2005.
[7]M. Nicolas, N. Thomas, "Handover management for mobile nodes in IPv6 network" [J], IEEE Communication Magazine,40(8), pp.38-43,2004.
[8]S.Y.Hui, K.H.Yeung, " Challenges in the migration to 4G mobile systems ",IEEE Communications Magazine 41(12), pp.54-59,2003
[9]R.M.Lopez, A.G.Skarmeta, J.Bournelle," Improved EAP keying framework for a secure mobility access service", in Proceedings of International Conference On Communications And Mobile Computing, New York, USA,2006.
[10]S.J. Wang, J.F. Chang, "Smart card based secure password authentication scheme", Computers & Security. Vol.15, no.3, pp.231-257.1996
[11]R. Housley, W.Polk, D.Solo, "Internet public key infrastructure, Part I:X.509 certificate and CRL profile", Request for Comments(RFC) 3280, Apr.2002.
[12]S. Jha, N. Li, M. Tripunitara, Q. Wang, W.Winsborough, "Towards formal verification of role-based access control policies", IEEE Transaction on Dependable and Secure Computing, issue 4, pp.242-255,2008.
[13]L.I.W Pesonen, D.M Eyers, J.Bacon," A capability-based access control architecture for multi-domain publish/subscribe systems", International Symposium on Applications and the Internet, pp.23-27 Jan.2006.
[14]S. Cantor "OASIS security assertion markup language (SAML):SSO use cases and scenarios", OASIS Draft, Jan.2003.
[15]J.Beatty, et al. "Liberty protocols and schema specification version 1.1. Liberty Allicance Project", Jan.2003.
[16]S. Cantor, "Shibboleth architecture:protocols and profiles", Feb.2005,
[17]张浩军,修光亚,“无线局域网认证安全基础架构研究与设计”,信息工程大学,博士论文,2006年9月;
[18]A.R. Prasad, P. Schoo and H. Wang, "An Evolutionary Approach towards Ubiquitous Communications:A Security Perspective", in Proceedings of the 2004 International Symposium on Application and the Internet Workshops(SAINTW'04), pp 689-695, Jan.2004.
[19]L. Salgarelli, M. Buddhikot, J. Garay, S. Patel and S. Miller, "Efficient authentication and key distribution in wireless IP networks", IEEE wireless communications, Vol.10, No.6, pp.52-61, Dec.2003.
[20]H. Wang and A.R Prasad, "Security context transfer in vertical handover", in Proc. Of the 14th.International Symposium on personal, Indoor, Mobile Radio Communication (PIMRC 2003). Beijing, China, Sep 2003.
[21]刘东苏.移动通信系统的若干安全问题研究.博士论文.西安电子科技大学,2004.
[22]张毅,崔天喜,唐红,“基于ECC组合公钥的GSM双向认证”,计算机工程与应用,44(19),2008.
[23]H. Yokota, A. Idoue, T. Hasegawa, and T. Kato, "Link Layer Assisited Mobile IP Fast Handoff Method over Wireless LAN Networks" Proc. ACM MOBICOM'02, pp.131-139, Sep.2002.
[24]I.F.Akyildiz and W.Wang,"A predictive user mobility profile for wireless multimedia networks ", IEEE/ACM Trans. Networking vol.12, no.6, pp.1021-1035, Dec,2004.
[25]I.F. Akyildiz, J.Xie, and S. Mohanty, "A survery on mobility management in next generation all-IP based wireless systems." IEEE Wireless Comm,. Vol.11, no.4, pp.16-28, Aug.2004.
[26]A. Cheng et al., "Secure transparent mobile IP for intelligent transportation systems." Proc.2004 IEEE Int'l Conf.Networking, Sensing and Controls, Mar.2004.
[27]J. McNair, I.F.Akyildiz, and M. Bender, "An inter-system handoff technique for the IMT-2000 system." Proc. IEEE INFOCOM 2000, Mar.2000.
[28]N.Banerjee, K.Basu, and S.Das, "Handoff delay analysisi in SIP-based mobility management in wireless netowrks", Proc. Int'l Workshop on Wireless, Mobile and Ad Hoc Networks, Apr.2003.
[29]RLE, B.Patil, C.E Perkins."Diameter Mobile IPv6 application", Internet IETF Draft[S]. draft-le-aaa-diameter-mobileipv6-04,2004.
[30]S. Deering, R. Hinden. Version 6 (IPv6) Specification. RFC 2460, December 1998.
[31]J, Wiley,"The 3G IP multimedia subsystem:merging the internet and the cellular world", published 2004.
[32]A Cuevas, JI Moreno, P Vidales, H Einsiedler,"The IMS service platform:a solution for next-generation network operators to be more than bit pipes", IEEE Communications Magazine. Vol.44, no.8, pp.75-81. Aug.2006.
[33]M. Nakhjiri, M. Nakhjiri," AAA and Network Security For Mobile Access", John Wiley & Sons. P1-P2,2005.
[34]Open Diameter Software Architecture, http://diameter.sourceforge.net/diameter-architecture/index.html.
[35]R.Housley. Cryptographic Message Syntax(CMS). RFC 3852. July,2004.
[36]B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. Levkowetz:Extensible Authentication Protocoll (EAP), IETF RFC 3748, June 2004.
[37]D.Forsberg, Y. ohba, B Patil,"Protocol for carrying authentication for network access(PANA)",[S]. draft-ietf-pana-09, Aug.2009.
[38]Y.Ohba, "AAA-Key derivation with channel binding.", draft-ohba-eap-aaakey-Binding-00.txt, Work in progress, May 2005.
[39]Linux下移动IPv6实现, http://www.mipl.mediapoli.com/,2010年
[40]李新,异构网络中切换机制研究及实验系统实现,[学位论文],北京邮电大学,2009年.
[41]I.Fajardo,"Open Diameter C++API",www.opendiameter.org, Jan 4,2005.
[42]I.Fajardo,"Open Diameter Software Architecture",www.opendiameter.org,Jun, 2004.
[43]Y. Chen, S. Yang, T. He, "A Solution Based on Hierarchy Management for Stream Transparency of MIPv6 QoS" Computer Science,31(7), pp.41-44, 2004.
[44]R.Vidya, M.Vaddagiri, R.A. Shankar,"Authorized Authorization Set in RBAC Model", freepatentsonline.com,2010
[45]J.Crampton, "Specifying and enforcing constraints in role-based access control", In Proc.8th ACM Symposium on Access Control Models and Technologies.New York:ACM Press, pp43-50,2003.
[46]G. Garzoglio, M.Altunay, K.Chadwick,"Definition and implementation of a SAML-XACML profile for authorization interoperability across grid middleware in OSG and EGEE", pp297-307, J Grid Computing(2009).
[47]P. Harding, L. Johansson, N. Klingenstein, " Dynamic Security Assertion Markup Language:Simplifying Single Sign-On", IEEE Transaction on Security and Privacy, Issue 2,2008.
[48]S. Cantor,J. Kemp, "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML)V2.0", OASIS Standard, Mar 2005.
[49]贾雯,”基于XACML的普适计算下的访问控制与研究实现”,[学位论文],2008年,华东师范大学;
[50]努尔买买提黑力力,罗振兴,“基于XACML的访问控制与RBAC限制”,计算机工程,第34卷,第8期,2008年4月.
[51]张大鹏,“基于Diameter RBAC和SAML的MIPv6认证授权研究”,[学位论文],吉林大学,2008年。
[52]K.Gaaloul, E.Zahoor, F. Charoy, C.Godart," Dynamic Authorisation Policies for Event-based Task Delegation", The 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10),2010.
[53]Akenti,"Distributed access control", http://www.itg.lbl.gov/Akenti, July 2004.
[54]J. Beatty. "Literty prtocols and schema specification version 1.1." Liberty Alliance Project, http://www.projectliberty.org/, Jan 2003.
[55]B. Galbraith. "Professional web service security", published in 2003.
[56]N. Ragouzis, "Security Assertion Markup Language(SAML)V2.0 Technical Overview", sstc-saml-tech-overview-2.0-draft-10, http://www.oasis-open.org/, Oct,2006.
[57]S. Cantor,,OpenSAML 2 User Manual,https://spaces.internet2.edu/display/ OpenSAML/OSTwoUserManual, Apr,2008.
[58]"How to Write an Open Diameter Client or Server Application" www.opendiameter.org, Oct.2008.
[59]W.J.Ma; M.Song, "An optimal authorization method based on integrated AAA architecture with PANA mechanism in heterogeneous network"; IEEE International Conference MMIT 2008, Dec,2008.
[60]J. Krumm,"Ubiquitous Computing Fundamentals ", CPC Press,2009.
[61]D. Micciancio," The RSA Group is Pseudo-Free", Journal of Cryptology, Volume 23, Number 2, Apr,2010.
[62]K. Douglas R.Stinson," Cryptography Theory and Practice (Third Edition) July,2009.
[63]丁秀欢,“基于XTR公钥体制的密码算法的分析与设计”,[学位论文],中南大学,2009年.
[64]H.Xu, P. Shah, and D.Sharma, "Fast Algorithm in ECC for Wireless Sensor network", Proceedings of the International MultiConference of Engineers and Computer Scientists 2010 Vol Ⅱ, Hong Kong, Mar,2010.
[65]王泽辉,“XTR公钥密制的改进及可证明安全通信协议”,通信学报, 2007.28-1.
[66]X.F. CHEN, Y.M.WANG, "A survey of public key cryptography". Journal on Communications, vol 25(8), pp109-118,2004.
[67]W. Stallings, "Cryptography and Network Security:Principles and Practice", Prentice Hall Press,2010.
[68]K. Arijen, R.Eric, "The XTR public key system", Advanced in Cryptology—CRYPTO 2000.
[69]I.F. Akyildiz, J.Xie, "A survey on mobility management in next generation all-IP based wireless systems", IEEE Wireless comm, vol.11, no.4, pp.16-28, Aug.2004.
[70]A. Valko, "Celluar IP:A New Approach to Internet Host Mobility," ACM SIGMOBILE Computer Comm, Rev, vol.29, no.1, pp.50-65, Jan.1999.
[71]A.Misra, S.Das, A.Dutta, "IDMP-based fast handoffs and paging in IP-based 4G mobile networks", IEEE Comm. Magazine, vol.40, no.3, pp.138-145, Mar. 2002.
[72]R.Ramjee, K. Varadhan, "HAWAII:A Domain-based approach for supporting mobility in wide-area wireless networks", IEEE/ACM Trans. Networking, vol.10, no.3, pp.396-410, Jun.2002.
[73]H. Yokota, A.Idoue, "Link layer assisted mobile IP fast handoff method over wireless LAN Networks," Proc. ACM MOBICON'02, pp.131-139, Sep.2002.
[74]I.F.Akyildiz and W.Wang, "A predictive user mobility profile for wireless .multimedia networs," IEEE/ACM Trans. Networking vol.12, no.6, pp.1021-1035, Dec.2004.
[75]A.Cheng,"Secure transparent mobile IP for intelligent transportation systems", Proc of IEEE Int'lConf, Networking, Sensing and Controls, Mar,2004.
[76]Q.Zhang,"Efficient mobility management for vertical handoff between WWAN and WLAN," IEEE Comm, Magazine, vol.41, no.11, pp.102-108, Nov.2003.
[77]P.A.Mondal, F.B.Luqman,"Improving TCP performance over wired-wireless networks", Computer Networks:The International Journal of Computer and Telecommunications Networking, issue.13, Sep.2007.
[78]T. Goff, J.Moronski, "Freeze TCP:A true end-to-end TCP enhancement mechanism for mobile environments". In Proceedings of Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies(INFOCOM'00).
[79]Y. Matsushita, T.Matsuda, "Network supported bandwidth control for TCP in hierarchical mobile Internet ", IEICE Transactions on Communication, E88-B(1),pp.266-273,2005.
[80]S. Mohanty, "VEPSD:Velocity estimation using the PSD of the received signal envelope in next generation wireless system." IEEE trans. Wireless Comm, vol.4, no.6, pp.2655-2660, Nov.2005.
[81]H.T.Lee, F.L.Lian,T.C.Fong,"Congestion control of transmission control protocol based on bandwidth estimation", Jounal of the Chinese Institute of Engineers, Vol.33, No.3,2010.
[82]V. Paxson, M. Aaman, "Computing TCP's retransmission timer",in RFC 2988.
[83]S. Mohanty, Lan.F. Akyildiz, "A Cross-layer(Layer 2+3 handoff management protocol for next-generation wireless systems)", IEEE Transactions on Mobile Computing, vol.5, no.10, Oct,2006.
[84]S.Lee, K.Sriram,"Vertical handoff decision algorithms for providing optimized performance in heterogeneous wireless networks", IEEE Transaction on Vehicular Technology, Jan.2009.
[2]3GPP2 S.R0037-0, "IP network architecture model for cdma2000 spread spectrum systems",2002.
[3]IEEE 802.21/D00.01, "Draft IEEE standard for local and metropolitan area networks:media independent handover services", July 2005.
[4]秦刘,智英建,贺磊,“802.1 x协议研究及其安全性分析”,计算机工程,第33卷,第7期,2007.04.
[5]R.Prasad, A.Mihovska," New Horizons in Mobile and Wireless Communications: Networks, services, and applications", Volume 2, ARTECH House Press,2009.
[6]IEEE 802.21/D00.01, "Draft IEEE standard for local and metropolitan area networks:media independent handover services", July 2005.
[7]M. Nicolas, N. Thomas, "Handover management for mobile nodes in IPv6 network" [J], IEEE Communication Magazine,40(8), pp.38-43,2004.
[8]S.Y.Hui, K.H.Yeung, " Challenges in the migration to 4G mobile systems ",IEEE Communications Magazine 41(12), pp.54-59,2003
[9]R.M.Lopez, A.G.Skarmeta, J.Bournelle," Improved EAP keying framework for a secure mobility access service", in Proceedings of International Conference On Communications And Mobile Computing, New York, USA,2006.
[10]S.J. Wang, J.F. Chang, "Smart card based secure password authentication scheme", Computers & Security. Vol.15, no.3, pp.231-257.1996
[11]R. Housley, W.Polk, D.Solo, "Internet public key infrastructure, Part I:X.509 certificate and CRL profile", Request for Comments(RFC) 3280, Apr.2002.
[12]S. Jha, N. Li, M. Tripunitara, Q. Wang, W.Winsborough, "Towards formal verification of role-based access control policies", IEEE Transaction on Dependable and Secure Computing, issue 4, pp.242-255,2008.
[13]L.I.W Pesonen, D.M Eyers, J.Bacon," A capability-based access control architecture for multi-domain publish/subscribe systems", International Symposium on Applications and the Internet, pp.23-27 Jan.2006.
[14]S. Cantor "OASIS security assertion markup language (SAML):SSO use cases and scenarios", OASIS Draft, Jan.2003.
[15]J.Beatty, et al. "Liberty protocols and schema specification version 1.1. Liberty Allicance Project", Jan.2003.
[16]S. Cantor, "Shibboleth architecture:protocols and profiles", Feb.2005,
[17]张浩军,修光亚,“无线局域网认证安全基础架构研究与设计”,信息工程大学,博士论文,2006年9月;
[18]A.R. Prasad, P. Schoo and H. Wang, "An Evolutionary Approach towards Ubiquitous Communications:A Security Perspective", in Proceedings of the 2004 International Symposium on Application and the Internet Workshops(SAINTW'04), pp 689-695, Jan.2004.
[19]L. Salgarelli, M. Buddhikot, J. Garay, S. Patel and S. Miller, "Efficient authentication and key distribution in wireless IP networks", IEEE wireless communications, Vol.10, No.6, pp.52-61, Dec.2003.
[20]H. Wang and A.R Prasad, "Security context transfer in vertical handover", in Proc. Of the 14th.International Symposium on personal, Indoor, Mobile Radio Communication (PIMRC 2003). Beijing, China, Sep 2003.
[21]刘东苏.移动通信系统的若干安全问题研究.博士论文.西安电子科技大学,2004.
[22]张毅,崔天喜,唐红,“基于ECC组合公钥的GSM双向认证”,计算机工程与应用,44(19),2008.
[23]H. Yokota, A. Idoue, T. Hasegawa, and T. Kato, "Link Layer Assisited Mobile IP Fast Handoff Method over Wireless LAN Networks" Proc. ACM MOBICOM'02, pp.131-139, Sep.2002.
[24]I.F.Akyildiz and W.Wang,"A predictive user mobility profile for wireless multimedia networks ", IEEE/ACM Trans. Networking vol.12, no.6, pp.1021-1035, Dec,2004.
[25]I.F. Akyildiz, J.Xie, and S. Mohanty, "A survery on mobility management in next generation all-IP based wireless systems." IEEE Wireless Comm,. Vol.11, no.4, pp.16-28, Aug.2004.
[26]A. Cheng et al., "Secure transparent mobile IP for intelligent transportation systems." Proc.2004 IEEE Int'l Conf.Networking, Sensing and Controls, Mar.2004.
[27]J. McNair, I.F.Akyildiz, and M. Bender, "An inter-system handoff technique for the IMT-2000 system." Proc. IEEE INFOCOM 2000, Mar.2000.
[28]N.Banerjee, K.Basu, and S.Das, "Handoff delay analysisi in SIP-based mobility management in wireless netowrks", Proc. Int'l Workshop on Wireless, Mobile and Ad Hoc Networks, Apr.2003.
[29]RLE, B.Patil, C.E Perkins."Diameter Mobile IPv6 application", Internet IETF Draft[S]. draft-le-aaa-diameter-mobileipv6-04,2004.
[30]S. Deering, R. Hinden. Version 6 (IPv6) Specification. RFC 2460, December 1998.
[31]J, Wiley,"The 3G IP multimedia subsystem:merging the internet and the cellular world", published 2004.
[32]A Cuevas, JI Moreno, P Vidales, H Einsiedler,"The IMS service platform:a solution for next-generation network operators to be more than bit pipes", IEEE Communications Magazine. Vol.44, no.8, pp.75-81. Aug.2006.
[33]M. Nakhjiri, M. Nakhjiri," AAA and Network Security For Mobile Access", John Wiley & Sons. P1-P2,2005.
[34]Open Diameter Software Architecture, http://diameter.sourceforge.net/diameter-architecture/index.html.
[35]R.Housley. Cryptographic Message Syntax(CMS). RFC 3852. July,2004.
[36]B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. Levkowetz:Extensible Authentication Protocoll (EAP), IETF RFC 3748, June 2004.
[37]D.Forsberg, Y. ohba, B Patil,"Protocol for carrying authentication for network access(PANA)",[S]. draft-ietf-pana-09, Aug.2009.
[38]Y.Ohba, "AAA-Key derivation with channel binding.", draft-ohba-eap-aaakey-Binding-00.txt, Work in progress, May 2005.
[39]Linux下移动IPv6实现, http://www.mipl.mediapoli.com/,2010年
[40]李新,异构网络中切换机制研究及实验系统实现,[学位论文],北京邮电大学,2009年.
[41]I.Fajardo,"Open Diameter C++API",www.opendiameter.org, Jan 4,2005.
[42]I.Fajardo,"Open Diameter Software Architecture",www.opendiameter.org,Jun, 2004.
[43]Y. Chen, S. Yang, T. He, "A Solution Based on Hierarchy Management for Stream Transparency of MIPv6 QoS" Computer Science,31(7), pp.41-44, 2004.
[44]R.Vidya, M.Vaddagiri, R.A. Shankar,"Authorized Authorization Set in RBAC Model", freepatentsonline.com,2010
[45]J.Crampton, "Specifying and enforcing constraints in role-based access control", In Proc.8th ACM Symposium on Access Control Models and Technologies.New York:ACM Press, pp43-50,2003.
[46]G. Garzoglio, M.Altunay, K.Chadwick,"Definition and implementation of a SAML-XACML profile for authorization interoperability across grid middleware in OSG and EGEE", pp297-307, J Grid Computing(2009).
[47]P. Harding, L. Johansson, N. Klingenstein, " Dynamic Security Assertion Markup Language:Simplifying Single Sign-On", IEEE Transaction on Security and Privacy, Issue 2,2008.
[48]S. Cantor,J. Kemp, "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML)V2.0", OASIS Standard, Mar 2005.
[49]贾雯,”基于XACML的普适计算下的访问控制与研究实现”,[学位论文],2008年,华东师范大学;
[50]努尔买买提黑力力,罗振兴,“基于XACML的访问控制与RBAC限制”,计算机工程,第34卷,第8期,2008年4月.
[51]张大鹏,“基于Diameter RBAC和SAML的MIPv6认证授权研究”,[学位论文],吉林大学,2008年。
[52]K.Gaaloul, E.Zahoor, F. Charoy, C.Godart," Dynamic Authorisation Policies for Event-based Task Delegation", The 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10),2010.
[53]Akenti,"Distributed access control", http://www.itg.lbl.gov/Akenti, July 2004.
[54]J. Beatty. "Literty prtocols and schema specification version 1.1." Liberty Alliance Project, http://www.projectliberty.org/, Jan 2003.
[55]B. Galbraith. "Professional web service security", published in 2003.
[56]N. Ragouzis, "Security Assertion Markup Language(SAML)V2.0 Technical Overview", sstc-saml-tech-overview-2.0-draft-10, http://www.oasis-open.org/, Oct,2006.
[57]S. Cantor,,OpenSAML 2 User Manual,https://spaces.internet2.edu/display/ OpenSAML/OSTwoUserManual, Apr,2008.
[58]"How to Write an Open Diameter Client or Server Application" www.opendiameter.org, Oct.2008.
[59]W.J.Ma; M.Song, "An optimal authorization method based on integrated AAA architecture with PANA mechanism in heterogeneous network"; IEEE International Conference MMIT 2008, Dec,2008.
[60]J. Krumm,"Ubiquitous Computing Fundamentals ", CPC Press,2009.
[61]D. Micciancio," The RSA Group is Pseudo-Free", Journal of Cryptology, Volume 23, Number 2, Apr,2010.
[62]K. Douglas R.Stinson," Cryptography Theory and Practice (Third Edition) July,2009.
[63]丁秀欢,“基于XTR公钥体制的密码算法的分析与设计”,[学位论文],中南大学,2009年.
[64]H.Xu, P. Shah, and D.Sharma, "Fast Algorithm in ECC for Wireless Sensor network", Proceedings of the International MultiConference of Engineers and Computer Scientists 2010 Vol Ⅱ, Hong Kong, Mar,2010.
[65]王泽辉,“XTR公钥密制的改进及可证明安全通信协议”,通信学报, 2007.28-1.
[66]X.F. CHEN, Y.M.WANG, "A survey of public key cryptography". Journal on Communications, vol 25(8), pp109-118,2004.
[67]W. Stallings, "Cryptography and Network Security:Principles and Practice", Prentice Hall Press,2010.
[68]K. Arijen, R.Eric, "The XTR public key system", Advanced in Cryptology—CRYPTO 2000.
[69]I.F. Akyildiz, J.Xie, "A survey on mobility management in next generation all-IP based wireless systems", IEEE Wireless comm, vol.11, no.4, pp.16-28, Aug.2004.
[70]A. Valko, "Celluar IP:A New Approach to Internet Host Mobility," ACM SIGMOBILE Computer Comm, Rev, vol.29, no.1, pp.50-65, Jan.1999.
[71]A.Misra, S.Das, A.Dutta, "IDMP-based fast handoffs and paging in IP-based 4G mobile networks", IEEE Comm. Magazine, vol.40, no.3, pp.138-145, Mar. 2002.
[72]R.Ramjee, K. Varadhan, "HAWAII:A Domain-based approach for supporting mobility in wide-area wireless networks", IEEE/ACM Trans. Networking, vol.10, no.3, pp.396-410, Jun.2002.
[73]H. Yokota, A.Idoue, "Link layer assisted mobile IP fast handoff method over wireless LAN Networks," Proc. ACM MOBICON'02, pp.131-139, Sep.2002.
[74]I.F.Akyildiz and W.Wang, "A predictive user mobility profile for wireless .multimedia networs," IEEE/ACM Trans. Networking vol.12, no.6, pp.1021-1035, Dec.2004.
[75]A.Cheng,"Secure transparent mobile IP for intelligent transportation systems", Proc of IEEE Int'lConf, Networking, Sensing and Controls, Mar,2004.
[76]Q.Zhang,"Efficient mobility management for vertical handoff between WWAN and WLAN," IEEE Comm, Magazine, vol.41, no.11, pp.102-108, Nov.2003.
[77]P.A.Mondal, F.B.Luqman,"Improving TCP performance over wired-wireless networks", Computer Networks:The International Journal of Computer and Telecommunications Networking, issue.13, Sep.2007.
[78]T. Goff, J.Moronski, "Freeze TCP:A true end-to-end TCP enhancement mechanism for mobile environments". In Proceedings of Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies(INFOCOM'00).
[79]Y. Matsushita, T.Matsuda, "Network supported bandwidth control for TCP in hierarchical mobile Internet ", IEICE Transactions on Communication, E88-B(1),pp.266-273,2005.
[80]S. Mohanty, "VEPSD:Velocity estimation using the PSD of the received signal envelope in next generation wireless system." IEEE trans. Wireless Comm, vol.4, no.6, pp.2655-2660, Nov.2005.
[81]H.T.Lee, F.L.Lian,T.C.Fong,"Congestion control of transmission control protocol based on bandwidth estimation", Jounal of the Chinese Institute of Engineers, Vol.33, No.3,2010.
[82]V. Paxson, M. Aaman, "Computing TCP's retransmission timer",in RFC 2988.
[83]S. Mohanty, Lan.F. Akyildiz, "A Cross-layer(Layer 2+3 handoff management protocol for next-generation wireless systems)", IEEE Transactions on Mobile Computing, vol.5, no.10, Oct,2006.
[84]S.Lee, K.Sriram,"Vertical handoff decision algorithms for providing optimized performance in heterogeneous wireless networks", IEEE Transaction on Vehicular Technology, Jan.2009.