Để mở rộng không dây truy cập dữ liệu trên lĩnh vực hành chính khác nhau, số lượng của các hiệp hội bảo mật nên được giữ nhỏ. Ví dụ, có nên không có hiệp hội bảo mật được chia sẻ cấu hình sẵn giữa HA và FA, và giữa FA và MN. Đường kính Điện thoại di động ứng dụng IPv4 sử dụng một Key Distribution Center (KDC) | 328 SECURITY To scale wireless data access across different administrative domains the number of security associations should be kept small. For example there should be no shared security association preconfigured between HA and FA and between FA and MN. The Diameter Mobile IPv4 application utilizes a Key Distribution Center KDC to achieve this goal. After MN is successfully authenticated and authorized the home Diameter server allocates the session keys. Three keys are generated the MN-HA key K1 the MN-FA key K2 and the Fa-HA key K3 .4 K1 is used between MN and HA. K2 is used between MN and FA. Similarly K3 is used between FA and HA. The keys destined for FA and HA are transmitted via the Diameter protocol and must be encrypted by IPsec or TLS in a network without Diameter agents. If Diameter agents exist it is recommended that the Diameter CMS Cryptographic Message Syntax Security Application 41 be used. The keys for the MN K1 and K2 must be propagated via the Mobile IP protocol. Instead of using them directly as the session keys they are used as a random value which is called nonce or key material to derive the actual session keys 70 . The MN and the AAAH will use the nonce and the long-term shared secret key which is preconfigured between the MN and the AAAH to derive the MN-HA and MN-FA session keys. Once the session keys have been delivered and established the mobile node can exchange Mobile IP registration information directly without the Diameter infrastructure. The session keys however have a limited lifetime. If the lifetime expires the procedures described above must be invoked again to acquire the new session keys. SECURITY IN WIRELESS NETWORKS Many security issues in wireless networks are essentially the same as that in wired networks. However the open nature of wireless channels makes a wireless system more vulnerable to threats such as unauthorized access to and manipulation of sensitive data and services. It is also possible for an attacker to .
