IPv6 邻居发现过程的安全性研究
首发时间:2005-04-05
摘要:邻居发现是一种专用于IPv6的新协议。最初的邻居发现过程的定义是基于本地链路由相互信任的节点组成的理想情况。但是,无线网络(如无线局域网)技术的发展, 深刻地改变了这一假设。在本地链路上的节点不能再理所当然地相互信任,甚至 在节点通过网络完成了身份验证,节点依然对对方产生怀疑。这产生了一系列的可操作性难度和安全威胁。 本文对针对IPv6中的邻居发现过程的安全威胁进行分类,并描述两种新的加密方法,即加密产生地址和基于密钥的地址。同时探讨如何使用这些方法来加强IPv6中的邻居发现过程的安全架构。
关键词: 邻居发现、加密地产生地址、基于密钥的地址
For information in English, please click here
The Study of Neighbor Discovery Security in IPv6
Abstract:Neighbor-Discovery is a new protocol for IPv6.When IPv6 Neighbor Discovery functions were defined, it were assumed that the local link would consist of mutually trusting nodes. However, the recent development in public wireless networks, such as WLAN, have rapidly changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor Discovery security threats, describe two new cryptographic methods, Cryptographically Generated Addresses(CGA) and Address Based Keys(ABK),and discuss how these methods can be used to secure the Neighbor-Discovery mechanisms.
Keywords: Neighbor Discovery(ND)、Cryptographically Generated Addresses(CGA)、Address Based Keys(ABK)
基金:
论文图表:
引用
No.1803999811126638****
同行评议
共计0人参与
勘误表
IPv6 邻居发现过程的安全性研究
评论
全部评论0/1000