To solve the problem of access authentication in mobile IPv6 network, an escrow-free access authentication mechanism is proposed so as to mitigate key escrow problem inherent in identity-based encryption (IBE) scheme and improve the efficiency of access authentication. Based on the IBE scheme, the mechanism combines access authentication and mobile handover, achieving effective mutual authentication between mobile node (MN) and visited network. NAI (network access identifier) is treated as MN's public key to relieve the key management load of traditional scheme. Especially, an anonymous key distribution protocol is proposed to minimize the inherent key escrow problem in the IBE scheme. This protocol separates PKG (private key generation) into two disconnected parties, including identity certifying authority (ICA) and private key generation center (PKGC). The former, arranged in AAAh, keeps MNs list with all users' identity information, and is responsible for authentication and certification distribution; the latter keeps master private key and generates user private key for certificated MN, without knowing the identity of MN. Analysis results illustrate that the proposed mechanism achieves fast access authentication in MIPv6 network as well as solves key escrow problem.

• 出版日期2012-12
• 单位北京航空航天大学