NTMobile (Network Traversal with Mobility) has been proposed to achieve end-to-end encryption communication supporting IP mobility in environments where IPv4/IPv6 networks coexist. However, since NTMobile unconditionally establishes an encrypted UDP tunnel between NTMobile-ready nodes (NTM nodes), a malicious NTM node can attack a target NTM node through the encrypted UDP tunnel without being detected by a firewall. Moreover, since communication with a general server always passes through a relay server, the route becomes redundant even when IP mobility is not needed, and the communication delay increases. In order to solve these problems, this paper proposes an access control function using the name of the correspondent node and a “Route option” which can select whether the relay server is used or not. As a result of implemention of the prototype system and evaluation of its performance, it was confirmed that the increase of the start-up time and that of the overhead at the beginning of the communication were quite small, and there was little influence on practical use.
抄録全体を表示