發(fā)布時間：2019-03-24 17:22

【摘要】：隨著信息技術(shù)的快速發(fā)展,互聯(lián)網(wǎng)在給人們的生活帶來眾多便捷的同時,也因其原始設(shè)計的缺陷帶來了諸多的安全問題。為了從根本上克服傳統(tǒng)互聯(lián)網(wǎng)存在的弊端,下一代互聯(lián)網(wǎng)互聯(lián)設(shè)備國家工程實驗室提出了智慧標識網(wǎng)絡(luò)的新型網(wǎng)絡(luò)架構(gòu),具有更好的安全性和可擴展性。與此同時,通過移動終端接入互聯(lián)網(wǎng)的規(guī)模也在逐年增加,4G時代的主流技術(shù)LTE(Long Term Evolution,長期演進)的核心網(wǎng)采用全IP架構(gòu),為融合新型網(wǎng)絡(luò)提供了可能。本文的研究依托于重大安全專項"標識網(wǎng)絡(luò)技術(shù)在移動專網(wǎng)中的應(yīng)用研究",在基于LTE的智慧標識移動專網(wǎng)中,設(shè)計并實現(xiàn)了一套服務(wù)安全訪問機制,完成了移動用戶對于服務(wù)的就近獲取,同時針對移動用戶進行細粒度的服務(wù)安全訪問控制與防護,進一步保障了標識網(wǎng)絡(luò)服務(wù)資源的安全與提高了移動用戶獲取服務(wù)的效率。本文主要研究基于LTE的智慧標識移動專網(wǎng)服務(wù)安全訪問機制的設(shè)計與實現(xiàn)。首先,本文對LTE及智慧標識網(wǎng)絡(luò)進行概述,并引出在移動通信網(wǎng)絡(luò)中加入服務(wù)獲取功能的協(xié)議原理。隨后本文對服務(wù)安全訪問機制進行需求分析與方案設(shè)計,之后從代碼的角度闡釋了各個模塊的實現(xiàn)方法。本文設(shè)計并實現(xiàn)的主要有:通過在LTE核心網(wǎng)內(nèi)服務(wù)匹配模塊與服務(wù)緩存模塊的設(shè)計與實現(xiàn),完成了移動用戶在LTE核心網(wǎng)內(nèi)就近獲取服務(wù)的功能需求;通過解析服務(wù)器SID(Service Identifier,服務(wù)標識)解析模塊、PGW上的標識映射模塊以及標識專網(wǎng)內(nèi)路由機制的設(shè)計與實現(xiàn),完成了對用戶細粒度的服務(wù)訪問控制以及服務(wù)基于RID(Router Identifier,路由標識)的路由,保障了服務(wù)資源的安全并減少了專網(wǎng)內(nèi)路由冗余;通過用戶服務(wù)信譽管理表、控制層用戶服務(wù)管理信息交互以及移動用戶攻擊行為的檢測與防御機制的設(shè)計和實現(xiàn),完成了對基于服務(wù)的DOS攻擊的檢測與防御,保障了了解析服務(wù)器的性能安全與正常用戶獲取服務(wù)的可靠性。最后,本文通過搭建測試環(huán)境,對安全訪問機制進行了功能測試與性能測試。測試結(jié)果驗證了服務(wù)安全訪問機制的基本功能,很好地解決了移動用戶就近獲取服務(wù)的需求,同時增強了服務(wù)資源的安全性與移動用戶獲取服務(wù)資源的可靠性。文章最后對全文進行總結(jié),為后續(xù)工作奠定了良好基礎(chǔ)。
[Abstract]:With the rapid development of information technology, Internet not only brings many convenience to people's life, but also brings many security problems because of the defects of its original design. In order to overcome the disadvantages of traditional Internet fundamentally, the National Engineering Laboratory of next Generation Internet Interconnection equipment has put forward a new network architecture of intelligent marking network, which has better security and expansibility. At the same time, the scale of access to the Internet through mobile terminals is increasing year by year. The core network of LTE (Long Term Evolution, the mainstream technology of 4G era, adopts full IP architecture, which makes it possible to integrate new networks. The research of this paper is based on the research on the application of identification network technology in mobile private network, and designs and implements a set of secure access mechanism of service in the intelligent identification mobile private network based on LTE, which is based on the important security special project "the application of marking network technology in mobile private network". At the same time, fine-grained service security access control and protection are carried out for mobile users, which further ensures the security of identifying network service resources and improves the efficiency of mobile users' access to services. This paper mainly studies the design and implementation of secure access mechanism of intelligent identification mobile private network service based on LTE. Firstly, this paper gives an overview of LTE and intelligent identification network, and introduces the protocol principle of adding service acquisition function to mobile communication network. Then this paper analyzes the requirements and the scheme design of the service security access mechanism, and then explains the implementation method of each module from the point of view of code. The main design and implementation of this paper are as follows: through the design and implementation of the service matching module and the service cache module in the LTE core network, the mobile users' functional requirements of getting the service close to the LTE core network have been completed; Through parsing server SID (Service Identifier, service identification) parsing module, identification mapping module on PGW and the design and implementation of identity-specific network routing mechanism, the fine-grained service access control for users and RID (Router Identifier,-based service access control have been completed. Routing (routing identification) ensures the security of service resources and reduces routing redundancy in private networks; Through the design and implementation of user service reputation management table, user service management information interaction in control layer and detection and defense mechanism of mobile user attack behavior, the detection and defense of service-based DOS attack is completed. Guarantee the performance security of the analysis server and the reliability of the normal user to obtain the service. Finally, this paper builds a test environment to test the function and performance of the security access mechanism. The test results verify the basic functions of the service security access mechanism, solve the demand of the mobile users to obtain the service nearby, and enhance the security of the service resources and the reliability of the mobile users' access to the service resources. Finally, the paper summarizes the full text, which lays a good foundation for the follow-up work.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TN929.5

【參考文獻】

相關(guān)期刊論文 前10條

1 孫其博;;移動互聯(lián)網(wǎng)安全綜述[J];無線電通信技術(shù);2016年02期

2 劉斌;汪漪;;內(nèi)容中心網(wǎng)絡(luò)中名字查找技術(shù)的研究[J];電信科學(xué);2014年09期

3 張宏科;陳哲;;智慧協(xié)同標識網(wǎng)絡(luò)[J];中興通訊技術(shù);2014年04期

4 蘭巨龍;程東年;胡宇翔;;可重構(gòu)信息通信基礎(chǔ)網(wǎng)絡(luò)體系研究[J];通信學(xué)報;2014年01期

5 陳小晨;;電信運營商互聯(lián)網(wǎng)業(yè)務(wù)解決方案探索[J];科技廣場;2013年09期

6 張宏科;黃道超;;智慧標識網(wǎng)絡(luò)的未來互聯(lián)網(wǎng)體系[J];電信科學(xué);2013年S1期

7 蘇偉;陳佳;周華春;張宏科;;智慧協(xié)同網(wǎng)絡(luò)中的服務(wù)機理研究[J];電子學(xué)報;2013年07期

8 郜帥;王洪超;王凱;張宏科;;智慧網(wǎng)絡(luò)組件協(xié)同機制研究[J];電子學(xué)報;2013年07期

9 張宏科;羅洪斌;;智慧協(xié)同網(wǎng)絡(luò)體系基礎(chǔ)研究[J];電子學(xué)報;2013年07期

10 蘇偉;劉琪;張宏科;;一體化標識網(wǎng)絡(luò)體系及關(guān)鍵技術(shù)[J];中興通訊技術(shù);2011年02期

，

本文編號：2446528