【摘要】：隨著信息技術的快速發(fā)展,互聯(lián)網在給人們的生活帶來眾多便捷的同時,也因其原始設計的缺陷帶來了諸多的安全問題。為了從根本上克服傳統(tǒng)互聯(lián)網存在的弊端,下一代互聯(lián)網互聯(lián)設備國家工程實驗室提出了智慧標識網絡的新型網絡架構,具有更好的安全性和可擴展性。與此同時,通過移動終端接入互聯(lián)網的規(guī)模也在逐年增加,4G時代的主流技術LTE(Long Term Evolution,長期演進)的核心網采用全IP架構,為融合新型網絡提供了可能。本文的研究依托于重大安全專項"標識網絡技術在移動專網中的應用研究",在基于LTE的智慧標識移動專網中,設計并實現(xiàn)了一套服務安全訪問機制,完成了移動用戶對于服務的就近獲取,同時針對移動用戶進行細粒度的服務安全訪問控制與防護,進一步保障了標識網絡服務資源的安全與提高了移動用戶獲取服務的效率。本文主要研究基于LTE的智慧標識移動專網服務安全訪問機制的設計與實現(xiàn)。首先,本文對LTE及智慧標識網絡進行概述,并引出在移動通信網絡中加入服務獲取功能的協(xié)議原理。隨后本文對服務安全訪問機制進行需求分析與方案設計,之后從代碼的角度闡釋了各個模塊的實現(xiàn)方法。本文設計并實現(xiàn)的主要有:通過在LTE核心網內服務匹配模塊與服務緩存模塊的設計與實現(xiàn),完成了移動用戶在LTE核心網內就近獲取服務的功能需求;通過解析服務器SID(Service Identifier,服務標識)解析模塊、PGW上的標識映射模塊以及標識專網內路由機制的設計與實現(xiàn),完成了對用戶細粒度的服務訪問控制以及服務基于RID(Router Identifier,路由標識)的路由,保障了服務資源的安全并減少了專網內路由冗余;通過用戶服務信譽管理表、控制層用戶服務管理信息交互以及移動用戶攻擊行為的檢測與防御機制的設計和實現(xiàn),完成了對基于服務的DOS攻擊的檢測與防御,保障了了解析服務器的性能安全與正常用戶獲取服務的可靠性。最后,本文通過搭建測試環(huán)境,對安全訪問機制進行了功能測試與性能測試。測試結果驗證了服務安全訪問機制的基本功能,很好地解決了移動用戶就近獲取服務的需求,同時增強了服務資源的安全性與移動用戶獲取服務資源的可靠性。文章最后對全文進行總結,為后續(xù)工作奠定了良好基礎。
[Abstract]:With the rapid development of information technology, Internet not only brings many convenience to people's life, but also brings many security problems because of the defects of its original design. In order to overcome the disadvantages of traditional Internet fundamentally, the National Engineering Laboratory of next Generation Internet Interconnection equipment has put forward a new network architecture of intelligent marking network, which has better security and expansibility. At the same time, the scale of access to the Internet through mobile terminals is increasing year by year. The core network of LTE (Long Term Evolution, the mainstream technology of 4G era, adopts full IP architecture, which makes it possible to integrate new networks. The research of this paper is based on the research on the application of identification network technology in mobile private network, and designs and implements a set of secure access mechanism of service in the intelligent identification mobile private network based on LTE, which is based on the important security special project "the application of marking network technology in mobile private network". At the same time, fine-grained service security access control and protection are carried out for mobile users, which further ensures the security of identifying network service resources and improves the efficiency of mobile users' access to services. This paper mainly studies the design and implementation of secure access mechanism of intelligent identification mobile private network service based on LTE. Firstly, this paper gives an overview of LTE and intelligent identification network, and introduces the protocol principle of adding service acquisition function to mobile communication network. Then this paper analyzes the requirements and the scheme design of the service security access mechanism, and then explains the implementation method of each module from the point of view of code. The main design and implementation of this paper are as follows: through the design and implementation of the service matching module and the service cache module in the LTE core network, the mobile users' functional requirements of getting the service close to the LTE core network have been completed; Through parsing server SID (Service Identifier, service identification) parsing module, identification mapping module on PGW and the design and implementation of identity-specific network routing mechanism, the fine-grained service access control for users and RID (Router Identifier,-based service access control have been completed. Routing (routing identification) ensures the security of service resources and reduces routing redundancy in private networks; Through the design and implementation of user service reputation management table, user service management information interaction in control layer and detection and defense mechanism of mobile user attack behavior, the detection and defense of service-based DOS attack is completed. Guarantee the performance security of the analysis server and the reliability of the normal user to obtain the service. Finally, this paper builds a test environment to test the function and performance of the security access mechanism. The test results verify the basic functions of the service security access mechanism, solve the demand of the mobile users to obtain the service nearby, and enhance the security of the service resources and the reliability of the mobile users' access to the service resources. Finally, the paper summarizes the full text, which lays a good foundation for the follow-up work.
【學位授予單位】：北京交通大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TN929.5

【參考文獻】

相關期刊論文 前10條

1 孫其博;;移動互聯(lián)網安全綜述[J];無線電通信技術;2016年02期

2 劉斌;汪漪;;內容中心網絡中名字查找技術的研究[J];電信科學;2014年09期

3 張宏科;陳哲;;智慧協(xié)同標識網絡[J];中興通訊技術;2014年04期

4 蘭巨龍;程東年;胡宇翔;;可重構信息通信基礎網絡體系研究[J];通信學報;2014年01期

5 陳小晨;;電信運營商互聯(lián)網業(yè)務解決方案探索[J];科技廣場;2013年09期

6 張宏科;黃道超;;智慧標識網絡的未來互聯(lián)網體系[J];電信科學;2013年S1期

7 蘇偉;陳佳;周華春;張宏科;;智慧協(xié)同網絡中的服務機理研究[J];電子學報;2013年07期

8 郜帥;王洪超;王凱;張宏科;;智慧網絡組件協(xié)同機制研究[J];電子學報;2013年07期

9 張宏科;羅洪斌;;智慧協(xié)同網絡體系基礎研究[J];電子學報;2013年07期

10 蘇偉;劉琪;張宏科;;一體化標識網絡體系及關鍵技術[J];中興通訊技術;2011年02期

，

本文編號：2446528