Background technology
Mobile IP the 6th version (MIPv6, Mobile IP version 6) agreement is the Internet engineering duty group (IETF, Internet Engineering Task Force) mobility solution of Ti Chuing, this scheme can make mobile node (MN, Mobile Node) in moving process, keeps communication not to be interrupted, but also brought switching delay and security problems simultaneously.
There is the period that can't determine to send or receive packet in MN in handoff procedure, be called as switching delay during this period of time.Cause the main cause of switching delay to have link switchover to exist and postpone, and the operating process of MIPv6 agreement, for example move detect, new Care-of Address (CoA, Care-of Address) configuration, Binding Update etc.Using in (for example Voice over IP VoIP) in real time, switching delay often is unacceptable.
Defined fast moving IP (FMIP, Fast Mobile IP) agreement in the MIP working group of IETF, its essential idea be relevant information is carried out pre-configured, thereby reduce switching delay, improve performance of handoffs.
In the FMIP agreement, mainly defined two types switching, be respectively that prediction (Predictive) type switches and reaction (Reactive) type switches.
Switch for forecasting type, MN predicts in moving process and is about to the switching carried out, and it is informed primary access router (PAR, Previous Access Router).This PAR by with new couple in router (NAR, New Access Router) or the couple in router (AR of objective network, Access Router) mutual between obtains this MN and use new CoA under NAR, thus the delay of having avoided the address configuration process to cause.Simultaneously, MN sends to the packet of PAR in handoff procedure, is sent to NAR by PAR by tunnel mode and cushions, and has guaranteed that MN can receive packet after switching to new link, and has avoided losing of packet.
If the excessive velocities that MN moves, MN has little time to finish the reciprocal process that obtains new CoA on old link, and this MN has just arrived new link, and switching in this case is called response type and switches.Can not reduce switching delay though above-mentioned response type switches, can avoid owing to switch the packet loss phenomenon that causes.
At present; MN and AR use authentication (AAA; Authentication; Authorization and Accounting) server is set up the technical scheme of Security Association; this scheme does not have above-mentioned two kinds of switch application in the FMIP agreement; that is to say; in handoff procedure; by handover key (HK; Handover Key) guarantees the integrality of message; and, do not obtain practical application thereby generate the scheme of sharing key in the public key exchange of finishing under the protection of FMIP agreement between MN and the NAR.
The implementation procedure of switching fast under quick down switching of handover key, predictive mode and the reaction pattern is described respectively below.
The IKMP that utilizes AAA to assist generates the HK between MN and the AR, and this HK is used to protect FMIP protocol signaling message.Therefore, this IKMP has been specified message and the necessary precondition hypothesis between MN and the AR.It is shared between MN and aaa server that this agreement hypothesis is switched master key (HMK, HandoverMaster Key), and existing Security Association exists between AR and the aaa server.Under this hypothesis, be illustrated in figure 1 as handover key product process schematic diagram in the prior art, specifically comprise the steps:
Step 101: at first, MN generates one according to HMK and switches Integrity Key (HIK, HandoverIntegrity Key), and formula is: HIK=gprf+ (HMK, " Handover Integrity Key "); Then, MN sends handover key request (being HK Req) message and gives AR, this message is carried random number nonce1, the MN ID of message id, pseudo-random function, CoA, MN generation and the message authentication code (MAC, Message Authentication Code) that uses HIK to generate.
After step 102:AR receives above-mentioned HK Req message, this message is packaged into authentication request (being AAA Request) forwards by aaa protocol gives aaa server.
After step 103:AAA server received this AAA Request message, the MAC that uses HIK to generate carried out verification of correctness.If the MAC of this message is incorrect, then aaa server returns the message of authentication failed; Otherwise aaa server sends authentication response (being AAA Response) message of verification succeeds and gives AR, the random number nonce2 that aaa server produced when this message was carried the HK of aaa server generation and generated this HK.Wherein, the generation formula of HK is: HK=gprf+ (HMK, MN nonce|AAA nonce|MN ID|AR ID| " Handover Key ").
Step 104: after this AR receives the AAA Response message of verification succeeds, intercept the HK that this message is carried, remainder with this message is packaged into handover key response (being HK Resp) message again, and send to MN, the MAC that this HK Resp message also carries message id (with consistent among the HK Req), pseudo-random function, verification succeeds state information, Security Parameter Index (SPI, Security Parameter Index) and uses HK to generate.
Be illustrated in figure 2 as the quick switching flow schematic diagram of predictive mode in the prior art, specifically comprise the steps:
Step 201:MN sends quick Binding Update (FBU; Fast Binding Update) message is given PAR; this message is carried MN public keys (PK, Public Key) and HK Req message, and the MAC that this HK Req message uses the shared key HK between MN and the PAR to generate protects.
After step 202:PAR receives this FBU message, the MAC that at first uses HK to generate carries out verification of correctness, and if the verification passes, then PAR sends to switch and initiates (HI, Handover Initiate) message comprises MN PK to NAR in the HK Req message that this message is carried.
Step 203:NAR obtains MN PK from the HI message that receives, and generates the HK Resp message of carrying NAR PK, confirms that by switching (HAck, Handover Acknowledgement) message sends to PAR then.
Step 204:PAR adds the MAC that generates with HK in the HK Resp message that receives, and sends to MN by quick binding acknowledgement (FBAck, Fast Binding Acknowledgement).
Step 205:MN carries out verification of correctness to the MAC of the FBAck message that receives, and if the verification passes, then MN adopts asymmetric key mechanisms, promptly uses MN PK and NAR PK to generate and shares key.When MN entered the new link at NAR place, MN sent quick neighbours' bulletin (FNA, FastNeighbor Advertisement) message and gives NAR, and the MAC that this message uses above-mentioned shared key to generate protects, thereby MN finishes the switching to NAR by PAR.
Be illustrated in figure 3 as the quick switching flow schematic diagram of reaction pattern in the prior art, specifically comprise the steps:
Step 301: if the handoff failure of above-mentioned predictive mode when MN arrives the new link at NAR place, sends FNA message to NAR, this message is carried MN PK and HK Req.
Step 302:NAR sends to PAR to HK Req by FBU message after receiving this FNA message, and this message also carries NARPK.
After step 303:PAR receives this FBU message, check the MAC among the HK Req, and send carry HK Resp FBAck message to NAR, this message also carries NAR PK.
After step 304:NAR receives this HK Resp message, give MN with this forwards.At this moment, MN finishes the switching to NAR by PAR.
By above-mentioned disclosed technical scheme as can be known, also there is following defective in prior art:
1. the security mechanism of prior art also not exclusively generates shared key according to existing AAA framework, and the difference of this asymmetric key generting machanism and current mechanism is bigger, is unfavorable for implementing; Simultaneously, the amount of calculation that generates this shared key is bigger, will consume a large amount of computational resources of MN and AR;
2. in handoff procedure, aaa server is unknowable fully to above-mentioned shared key, is unfavorable for the management that operator switches MN;
3. in the quick switching of existing predictive mode,, then can't switch, and waste NAR sharing the computational resource of key if MN does not receive the FBAck message that PAR sends;
4. in the quick switching of existing reaction pattern, safety problem will cause switching delay.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is a part of embodiment of the present invention, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Be illustrated in figure 4 as the flow chart of the method that the embodiment of the invention switches safely and fast, specifically comprise the steps:
Step 401: before switching fast, set up the Security Association between the couple in router of mobile node and objective network;
Step 402: in the fast handover procedures of this mobile node, utilize above-mentioned Security Association to guarantee that this mobile node safety switches to this couple in router.
The embodiment of the invention is adjusted parameter required when generating key by in handoff procedure, realizes the optimization to the product process of sharing key.
Be illustrated in figure 5 as the quick switching flow schematic diagram of predictive mode of the embodiment of the invention one.Compared with prior art, the MN in the present embodiment finishes switching with a plurality of candidate AR and prepares before the decision switching target, specifically comprise the steps:
Step 501:MN obtains the sign (AP-ID of surrounding access points, Access Point-Identifier), send request broker route announcement (RtSolPr to PAR then, Router Solicitation for ProxyAdvertisement) message is to obtain the AR-Info corresponding with target AP-ID.
After step 502:PAR receives above-mentioned RtSolPr message, act on behalf of route announcement (PrRtAdv, Proxy Router Advertisement) message, wherein comprise the AR-Info corresponding with target AP-ID to the MN transmission.
After step 503:MN receives above-mentioned PrRtAdv message, send handover key request (HK_REQ) message to NAR, the identify label that this message is carried can be media access control layer sign (the MAC ID of mobile node, Media Access Control Identifier), perhaps network access identifier (NAI, Net Access Identifier).This message uses the former Security Association between MN and the AAA to carry out integrity protection.
The mode that above-mentioned HK_REQ message is sent to NAR has following three kinds:
1. be that the packet mode of NAR address sends with source address as former Care-of Address (pCoA, previous Care-of Address), destination address, this method can be used in the simple IP network;
2. the mode with nested the Internet (IP-in-IP) sends, outside ip address is respectively pCoA and the PAR address of MN, implicit IP address is respectively pCoA and the NAR address of MN, and this method can be used in multicast Internet protocol (MIP, the Multicast Internet Protocol) network;
3. represent that with destination address head the mode of IP bag destination sends, the address of IP head is respectively pCoA and the PAR address of MN, after PAR receives the IP bag, according to the nose heave neotectonics IP bag of destination address, and with its address (being the NAR address) of mailing to the expression of destination address head, this method can be used in the MIP network.
After step 504:NAR receives above-mentioned HK_REQ message, by authentication authorization request (AAREQ) message it is encapsulated, and be transmitted to aaa server.
After step 505:AAA server receives above-mentioned AA REQ message, the MAC correctness of the HK_REQ message of its encapsulation is verified, and the Certificate Authority that will carry the checking result is responded (AARSP) message and is sent to NAR.If the verification passes, then carry new handover key (nHK, new Handover Key) between MN and the NAR in the AA RSP message.
Step 506:NAR writes down identify label and the nHK of this MN, and sends HK_RSP message to MN, and notice MN successfully sets up Security Association.
When step 507:MN decision was switched fast, MN sent FBU message to PAR, and this message uses the message authentication code pHK_MAC of former handover key (pHK, the previous Handover Key) generation of being shared by MN and PAR to carry out integrity protection.
Step 508:PAR verifies that to the correctness of above-mentioned pHK_MAC if the verification passes, PAR and NAR finish the mutual of HI message and HAck message, and send the FBAck message of carrying pHK_MAC to MN.
After step 509:MN arrives new link, send FNA message to NAR, the identify label of carrying MN in this message, and use nHK to generate MAC and protect.At this moment, MN finishes the fast handover procedures to NAR by PAR.
By above-mentioned steps as seen, the technical scheme of embodiment one can be divided into two stages realizations: before MN determines switching target, MN attempts can providing all NAR of corresponding informance to carry out the cipher key interaction process with PrRtAdv message, is finished the foundation of Security Association again by the NAR visited aaa server; After MN determined switching target, MN was with former Security Association protection FBU message, with corresponding new Security Association protection FNA message.
Understandable, the embodiment of the invention can also further be revised as: add MN and the NAR configuration to new Care-of Address (nCoA, New Care-of Address) information in step 503 and step 506.Can guarantee the uniqueness of nCoA in the HI/HAck interaction message of PAR and NAR thus, thereby avoid the switching delay that may cause by the nCoA conflict.
Fig. 6 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention two.The step 601 of present embodiment is identical with corresponding step among the embodiment one to step 602, step 607 to step 609, and step 603 is as follows with the corresponding step difference of embodiment one to step 606:
After step 603:MN receives above-mentioned PrRtAdv message, send handover key request (HK_REQ) message to PAR, the identify label that this message is carried can be media access control layer sign (the MAC ID of mobile node, Media Access Control Identifier), perhaps network access identifier (NAI, Net Access Identifier).This message uses the former Security Association between MN and the AAA to carry out integrity protection.
Above-mentioned HK_REQ message is sent to three kinds of modes of NAR, with embodiment one, repeats no more.
After step 604:PAR receives above-mentioned HK_REQ message, by authentication authorization request (AAREQ) message it is encapsulated, and be transmitted to aaa server.
After step 605:AAA server receives above-mentioned AA REQ message, the MAC correctness of the HK_REQ message of its encapsulation is verified, and the Certificate Authority that will carry the checking result is responded (AA RSP) message and is sent to PAR.If the verification passes, then carry new handover key (nHK, new Handover Key) between MN and the NAR in the AA RSP message.
Step 605 ': aaa server sends AA RSP message to NAR, and this message is carried the handover key nHK between MN and the NAR.
Step 606:PAR writes down identify label and the nHK of this MN, and sends HK_RSP message to MN, and notice MN successfully sets up Security Association.
By above-mentioned steps as seen, embodiment two is with the difference of embodiment one, the cipher key interaction process of MN and NAR is indirectly to finish with aaa server mutual (undertaken by PAR, and NAR having neither part nor lot in) by MN, again by aaa server for the delivering key of each NAR generation to each NAR.Therefore, when MN need set up Security Association with a plurality of NAR, MN and aaa server only need be finished reciprocal process one time, have saved signaling consumption.
If the quick switching flow shown in the above-mentioned predictive mode embodiment is not finished smoothly, with embodiment one is example, promptly only finished the foundation of phase I Security Association, and MN is not able to do in time to send the new link that FBU message has just arrived the NAR place to PAR, so, switching mode will be converted to reaction pattern by the predictive mode among the embodiment one.
Fig. 7 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention three.Present embodiment is based on the phase I of above-mentioned predictive mode embodiment (promptly finishing the foundation of Security Association), because MN did not send FBU message to PAR before the new link that arrives the NAR place, therefore changes reaction pattern over to, and its concrete steps are as follows:
Step 701:MN sends initiatively neighbours' bulletin (UNA, Unsolicited NeighborAdvertisement) message to NAR, and this message is carried the MAC that is generated by nHK.
Step 702:MN sends FBU message to PAR; this message is carried pCoA, and uses the MAC that is generated by pHK to carry out integrity protection, because MN has arrived the new link at NAR place; therefore, this message can be that nCoA, destination address are the IP message transmission of PAR with source address.
After step 703:PAR receives above-mentioned FBU message, pHK_MAC is carried out verification of correctness, and the FBAck message that will carry this checking result sends to MN, because MN has arrived the new link at NAR place, therefore, this message can be that nCoA, destination address are the IP message transmission of MN with source address.Simultaneously, PAR will mail to the data cached nCoA that is forwarded to MN by the IP-in-IP tunnel of pCoA.
Fig. 8 is the quick switching flow schematic diagram of the predictive mode of the embodiment of the invention four.Compared with prior art, in the present embodiment, before MN decision switching target, PAR obtains the random number (AAA nonce) of aaa server earlier, and is ready for follow-up switching, specifically comprises the steps:
Step 801:PAR passes through link layer triggers (during for example the media-independent among the IEEE 802.21 switches, candidate network query requests (MIH_MN_HO_Candidate_Query request) message when MN switches) know that MN will switch, but there is not clear and definite switching target, at this moment, PAR sends AAA REQ message, acquisition request AAA nonce to aaa server.In actual applications, this step should occur in after the transmission of PrRtAdv message, before FBU message sends.
After step 802:AAA server is received AAA REQ message, the AAA RSP message that generates is sent to PAR, this message is carried AAA nonce and corresponding AAA nonce Index thereof, after PAR receives this message, AAA nonce and the corresponding AAA nonce Index thereof that therefrom extracts preserved.
Step 803: when the MN decision was switched fast, this MN sent FBU message to PAR, and this message is carried the nHK_Req that the request aaa server generates nHK, and the MAC that uses pHK to generate carries out integrity protection.
Step 804:PAR carries out verification of correctness to the MAC of this MN, if the verification passes, then sends HI message to NAR, and this message is carried nHK_Req and AAA nonce Index.Wherein, the necessary encipherment protection of this HI message, its concrete encryption is same as the prior art, does not repeat them here.
Step 804 ': PAR sends the affirmation message FAck of FBU to MN, and this message is carried AAAnonce, and the MAC that generates with pHK carries out integrity protection.MN carries out verification of correctness to the MAC of this message, if the verification passes, then can utilize following formula to generate nHK.
HK=gprf+(HMK,MN?nonce|AAA?nonce|MN?ID|AR?ID|“HandoverKey”)
Step 805 ': NAR obtains the nHK_Req that this message is carried after receiving above-mentioned HI message, and generates AAA REQ message and send to aaa server, and this message is carried AAA nonce Index.Simultaneously, in step 805, NAR sends HAck message to PAR.
After step 806:PAR receives above-mentioned HAck message, send FBAck message to MN, and the MAC that uses pHK to generate protects.
Step 806 ': aaa server inquires corresponding AAA nonce by this Index after receiving the AAA REQ message of carrying AAA nonce Index, and the formula in 904 generates nHK set by step, sends then and carries the AAA RSP message of nHK to NAR.
When step 807:MN arrives the new link at NAR place, send FNA message to NAR, the MAC that this message uses nHK to generate protects.At this moment, MN finishes the fast handover procedures to NAR by PAR.
If the quick switching flow shown in the present embodiment is not finished smoothly, promptly MN did not send FBU message to PAR before the new link that arrives the NAR place, then changed reaction pattern over to, and specific implementation can be referring to embodiments of the invention three.
In the present embodiment, PAR obtains the random number (nonce) of AAA in advance to AAA, and after MN sends FBU, return AAA nonce parameter by an acknowledge message, thus allow MN under the situation of not receiving quick binding acknowledgement FBAck, generate new handover key, finish switching flow.
Fig. 9 is the quick switching flow schematic diagrames of embodiment five predictive modes.In the embodiment of the invention, when the MN decision is switched, finish the foundation of interim Security Association, thereby realize switching safely and fast with target NAR.
Preparation before the MN decision is switched comprises the steps:
At first, MN and PAR generate HK according to the handover key product process of prior art;
Then, MN and PAR derive standard handover key (SHK, Standard HandoverKey) and interim handover key (THK, Temporary Handover Key) more respectively, and both computing formula are as follows:
SHK=gprf(HK,MN?pCoA|PAR?IP|“normal?handover?key”)
THK=gprf(HK,MN?pCoA|NAR?IP|“temporary?handover?key”)
Present embodiment specifically comprises the steps:
When step 901:MN decision will be switched fast, MN sent FBU message to PAR, and the MAC that this message uses SHK to generate carries out integrity protection.
Step 902:PAR carries out verification of correctness to its MAC after receiving this FBU message, and if the verification passes, then PAR sends HI message to NAR, and this message is carried THK.The necessary encipherment protection of HI message, its encryption technology is same as the prior art, repeats no more herein.
Step 903:NAR extracts THK after receiving this HI message from this message, and sends HAck message to PAR.
After step 904:PAR receives this HAck message, send FBAck message to MN, this message is used SHK to generate MAC and is protected.
After step 905:MN arrived the new link at NAR place, MN sent FNA message to NAR, and the MAC that this message uses THK to generate protects.At this moment, MN finishes the fast handover procedures to NAR by PAR.
Step 906: after handoff procedure finished, MN or PAR obtained new SHK and THK by the handover key product process shown in the prior art immediately, are used to switch next time.
By above-mentioned steps as can be known, present embodiment has increased SHK and THK on the basis of existing handover key generation technique key generates level, and wherein, SHK is used to set up the Security Association between MN and the PAR, THK passes to NAR by PAR, is used to set up the interim Security Association between MN and the NAR.Above-mentioned two Security Association common guarantee the MN in the present embodiment switch to NAR fast from PAR safety.
If the quick switching flow shown in the present embodiment is not finished smoothly, be the computational process that MN and PAR have finished SHK and THK, but MN is not able to do in time to send the new link that FBU message has just arrived the NAR place to PAR, so, switching mode will be converted to corresponding reaction pattern by the predictive mode among the embodiment five.
Figure 10 is the quick switching flow schematic diagram of the reaction pattern of the embodiment of the invention six.Present embodiment comprises the steps:
Step 1001:MN sends UNA message to NAR.Optionally, this message can utilize the MAC of THK generation to carry out integrity protection.
Step 1002:MN sends FBU message to PAR; this message is carried pCoA, and uses the MAC of pHK generation to carry out integrity protection, because MN has arrived the new link at NAR place; therefore, this message can be that nCoA, destination address are the IP message transmission of PAR with source address.
Step 1003:PAR carries out verification of correctness to its MAC after receiving this FBU message.If the verification passes, then send carry the checking result FBAck message to NAR because MN has arrived the new link at NAR place, therefore, this message can be that nCoA, destination address are that the IP message of MN sends with source address.Simultaneously, PAR is the data cached nCoA that is forwarded to MN by the IP-in-IP tunnel that mails to pCoA.At this moment, MN finishes the fast handover procedures to NAR by PAR.
Step 1004: after handoff procedure finishes, MN or NAR will initiate the generative process of new HK, and MN and PAR derive SHK and THK more respectively.
Figure 11 is the quick switching flow schematic diagram of the predictive mode of embodiment seven.In the present embodiment, after the MN decision is switched, successively set up a plurality of Security Associations with target NAR, guarantee MN in handoff procedure, it is effectively that a key must be arranged among a plurality of keys that generated, thereby realizes the quick switching of safety.
At first, definition nHK ' shares key between MN and the PAR, and nHK shares key between MN and the NAR.
Then, the computing formula of definition nHK ' and nHK is as follows:
Formula 111:
nHK’=gprf+(HMK,MN?nonce|MN?ID|AR?ID|“Handover?Key”)
Formula 112:
nHK=prf(nHK’,NAR?nonce)
Present embodiment comprises the steps:
Step 1101: when the MN decision is switched fast, send FBU message to PAR, this message is carried the request aaa server and is generated the nHK_Req of nHK and use the MAC of pHK generation to carry out integrity protection.
Step 1102:PAR carries out verification of correctness to the MAC of this MN, if the verification passes, then sends and carries the HI message of nHK_Req to NAR.The necessary encipherment protection of this message, its concrete encryption is same as the prior art, does not repeat them here.
Step 1103 ': NAR obtains the nHK_Req that this message is carried after receiving above-mentioned HI message, and generates AAA REQ message and send to aaa server, and this message is carried NAR nonce.Simultaneously, in step 1103, NAR sends HAck message to PAR, and this message is carried the random number N AR nonce of the NAR that is used to generate nHK.
After step 1104:PAR receives above-mentioned HAck message, send FBAck message to MN, and the MAC that uses pHK to generate protects.
Step 1104 ': after aaa server receives the AAA REQ message of carrying NAR nonce, generate nHK ', and transmission is carried the AAA RSP message of this nHK ' to NAR according to formula 111.This NAR generates nHK according to formula 112 after receiving this message.
When step 1105:MN arrived the new link at NAR place, if MN has received the FBAck message that PAR sends, then MN sent to the MAC that the FNA message of NAR uses nHK to generate and protects; If MN does not receive the FBAck message that PAR sends, then MN sends to the MAC that the FNA message of NAR uses nHK ' to generate and protects.Therefore accordingly, if carried FBU in the FNA message that NAR receives, then NAR thinks that MN does not receive FBAck message, uses MAC that nHK ' generates that the MAC of FBU is carried out verification of correctness; Therefore if do not carry FBU in the FNA message that NAR receives, then NAR thinks that MN has received FBAck message, uses MAC that nHK generates that the MAC of FBU is carried out verification of correctness.At this moment, MN finishes the fast handover procedures to NAR by PAR.
By above-mentioned steps as can be known, in the present embodiment, MN carries out interacting message via PAR and NAR, generates the first handover key nHK ' and the second handover key nHK; NAR receives the first handover key nHK ' that aaa server generates, and generates the second handover key nHK in view of the above, thereby has set up two Security Associations between MN and NAR.When the MN decision was switched, MN sent FNA message to NAR, and NAR judges the content of this message, and which handover key decision uses.Therefore, present embodiment has been avoided the switching problem that is brought by FBAck message in the prior art, has guaranteed the quick switching of safety.
If the quick switching flow shown in the present embodiment is not finished smoothly; be that MN did not send FBU message to PAR before the new link that arrives the NAR place; then switch mode is converted to reaction pattern by the predictive mode of present embodiment; its specific implementation and embodiments of the invention three are similar, and difference only is that MN sends to the MAC that the UNA message of NAR uses nHK ' to generate and protects.NAR then decides the MAC of its correctness of checking to use which key (nHK or nHK ') to generate by the sign position of judging UNA; The MAC that NAR also can use two keys (nHK or nHK ') to generate respectively carries out verification of correctness to UNA message, will be as the shared key between NAR and this MN by the corresponding secret key of checking.
The embodiment of the invention can also be divided into two stages and carry out: the phase I, before MN decision switching target, PAR obtains the random number (AAA nonce) of aaa server earlier; Second stage, after MN decision switching target, MN and target NAR successively set up a plurality of Security Associations, guarantee MN in handoff procedure, and it is effectively that a key must be arranged among a plurality of keys that generated, thereby realizes the quick switching of safety.
Figure 12 is the quick switching flow schematic diagram of the predictive mode of embodiment eight.The phase I of present embodiment is identical with the embodiment of the invention four, and step 1201 is identical to step 804 with step 801 to step 1204.The second stage of present embodiment specifically comprises the steps:
Step 1205 ': after NAR receives HI message, obtain the nHK_Req that this message is carried, and generate AAA REQ message and send to aaa server, this message is carried AAA nonce Index.Simultaneously, in step 1205, NAR sends HAck message to PAR.
After step 1206:PAR received above-mentioned HAck message, the FBAck message that AAA nonce is carried in transmission was to MN, and the MAC that uses pHK to generate protects.
Step 1206 ': aaa server inquires corresponding AAA nonce by this Index after receiving above-mentioned AAA REQ message, and generates nHK ' according to formula 111, sends the AAA RSP message of carrying nHK ' and AAA nonce then and gives NAR.After NAR receives this message, generate nHK according to formula 112.
When step 1207:MN arrived the new link at NAR place, if MN has received the FBAck message that PAR sends, then MN sent to the MAC that the FNA message of NAR uses nHK to generate and protects; If MN does not receive the FBAck message that PAR sends, then MN sends to the MAC that the FNA message of NAR uses nHK ' to generate and protects.Therefore accordingly, if carried FBU in the FNA message that NAR receives, then NAR thinks that MN does not receive FBAck message, uses MAC that nHK ' generates that the MAC of FBU is carried out verification of correctness; Therefore if do not carry FBU in the FNA message that NAR receives, then NAR thinks that MN has received FBAck message, uses MAC that nHK generates that the MAC of FBU is carried out verification of correctness.At this moment, MN finishes the fast handover procedures to NAR by PAR.
If the quick switching flow shown in the present embodiment is not finished smoothly, be that MN did not send FBU message to PAR before the new link that arrives the NAR place, then switch mode is converted to reaction pattern by the predictive mode of present embodiment, and its specific implementation is identical with embodiments of the invention six.
In addition, the embodiment of the invention also provides a kind of system for switching safely and fast, and this system comprises: Security Association is set up unit and safeguard protection performance element.Wherein, above-mentioned Security Association is set up the unit, is used for before switching fast, sets up the Security Association between the couple in router NAR of mobile node and objective network; Above-mentioned safeguard protection performance element is used for the fast handover procedures at mobile node, uses above-mentioned Security Association to guarantee that this mobile node safety is linked into above-mentioned NAR.
That is to say that above-mentioned Security Association is set up the unit and is responsible for setting up Security Association before switching generation, this Security Association is set up ground process may need independent messaging, also may together send with other message; Above-mentioned safeguard protection performance element at first will be set up the unit from Security Association and obtain key, uses this key that the signaling message that quick switching needs is carried out integrity protection (promptly calculating message authentication code) then, and message authentication code and this message are together sent.Be responsible for various quick switchings simultaneously and trigger on message ground relatively, and the content that gives information, and responsible messaging.
More than above-mentioned only be preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.