随着移动通信的快速发展,通信实体的身份认证日益成为研究人员面临的巨大挑战.在IETF(Internet engineering task force)的移动IPv6草案中,IPSec(IP security)协议和RR(return routability)机制被用于保护相关通信节点之间的通信信令,但解决通信实体身份认证问题的方法存在一定的不足.首先分析了基于证书和基于身份的认证技术的优点和不足.基于证书的认证方法有很好的可扩展性,但PKI(public key infrastructure)的部署和证书
In the rapidly expanding mobile environment, authenticity of communicating parties is one of the big research challenges and is receiving increasing attention. In the Mobile IPv6 defined by IETF (Internet engineering task force), IPSec (IP security) protocols and RR (return routability) mechanism are used to protect signaling between related communicating nodes, however, how to realize identity authentication has not been efficiently solved. In this paper, the advantages and disadvantages of two authentication techniques?certificate-based authentication and identity-based authentication are analyzed. The scalability of certificate-based means is excellent, but the deployment of PKI (public key infrastructure) and the distribution of certificates make this method costly. On the contrary, identity-based method hurdles the deficiency of certificate-based means, nevertheless the scalability suffers from the share of parameters among related nodes. Then an approach of integrating the two methods mentioned above is proposed to realize a secure and fast authentication with low cost and high scalability. Finally, this hybrid technique is applied in Mobile IPv6 to improve the negotiation of SA (security association), and the security issues are discussed.