This paper proposed a new security binding updates program, which mainly researches on binding update security problem between mobile nodes and correspondent nodes of the Mobile IPv6 network. To form extended on BU signaling and BU/BA procedure for Mobile IPv6, this solution divided the procedure of binding update into two modes, the one need renegotiate the binding update key and the other one not need re-negotiate the binding update key. After generating the key in the management, use the key to good management consultations sign test, but don't use the private key signature and public key authentication. In this way, this solution reduces redundant signaling interaction and the computational complexity of CGA, meanwhile improve the security of the routing optimization process. Finally, it is verified the feasibility of the new solution by simulation.%针对移动IPv6网络的移动节点和通信对端之间的绑定更新安全问题,提出了一种基于CGA技术改进的移动IPv6安全绑定更新方案.新方案对移动IPv6的BU信令及BU/BA过程进行格式扩展,并在绑定更新过程中引入两种不同的工作模式:不需要协商绑定管理密钥工作模式和需要协商绑定管理密钥工作模式.在生成管理密钥后,不用私钥签名和公钥验证,只采用协商好的管理密钥进行签验.该方案减少了冗余信令交互,降低了CGA计算复杂度,提高了路由优化过程的安全性.通过仿真,验证了方案的可行性.
展开▼