摘要： 为解决移动IPv6路由优化过程当中绑定更新消息的安全问题，结合返回路径可达协议和CAM协议的优点，提出一种基于加密生成地址(CGA)技术的绑定更新安全机制。该机制在没有部署PKI的环境下，利用CGA技术实现了跨信任域的2个节点基于地址的身份认证，可有效防止攻击者伪造、篡改绑定更新消息，解决路由优化过程中存在的反射式攻击问题。

关键词: 路由优化, 绑定更新, 移动IPv6, 返回路径可达, 加密生成地址

Abstract: In order to solve the security issues of the binding update message in the IPv6 route optimization process, this paper presents a new security mechanism based on Cryptographically Generated Addresses(CGA) through the analysis of the Return Routability Procedure (RRP) and CAM protocols. Security analysis proves that the mechanism can authenticate the nodes based on IPv6 address without PKI infrastructure, and prevent the forged binding update messages and the reflecting attack.

Key words: route optimization, binding update, mobile IPv6, Return Routability Procedure(RRP), Cryptographically Generated Addresses(CGA)

中图分类号: 

• TP393.08