주소기반의 키를 사용하는 모바일 IPv6 바인딩 갱신 프로토콜 개선

An Improvement of Mobile IPv6 Binding Update Protocol Using Address Based Keys

  • 유일선 (한국성서대학교 정보과학부) ;
  • 최승교 (삼척대학교 컴퓨터공학과)
  • You, Il-Sun (Department of Information Science, Korean Bible University) ;
  • Choi, Sung-Kyo (Department of Computer Engineering, National Samcheok University)
  • 발행 : 2005.09.25

초록

최근에 주소기반의 키를 적용하는 모바일 IPv6 바인딩 갱신 프로토콜(BU-ABK)이 제안되었다. BU-ABK는 주소기반의 키를 통해 광역의 보안 인프라 없이 강력한 인증과 안전한 키교환을 지원하지만 공개키 연산을 위한 암호화 매개변수의 위조를 탐지할 수 없기 때문에 중간자 공격과 서비스 거부공격에 취약한 문제점을 갖는다. 본 논문에서는 이러한 BU-ABK의 취약점을 개선하고 제한된 전력을 갖는 이동장치를 위한 최적화 옵션을 제안한다. 또한, BU-ABK와의 비교를 통해 제안 프로토콜이 이동노드 상의 과중된 오버헤드를 초래하지 않고 강력한 보안을 제공함을 보인다.

Recently, a mobile IPv6 binding update protocol using Address Based Keys (BU-ABK) was proposed. This protocol applies Address Based Keys (ABK), generated through identity-based cryptosystem, to enable strong authentication and secure key exchange without any global security infrastructure. However, because it cannot detect that public cryptographic parameters for ABKs are altered or forged, it is vulnerable to man-in-the-middle attacks and denial of service attacks. Furthermore, it has heavy burden of managing the public cryptographic parameters. In this paper, we show the weaknesses of BU-ABK and then propose an enhanced BU-ABK (EBU-ABK). Furthermore, we provide an optimization for mobile devices with constraint computational power. The comparison of EBU-ABK with BU-ABK shows that the enhanced protocol achieves strong security while not resulting in heavy computation overhead on a mobile node.

키워드

참고문헌

  1. J. Arkko, 'Security Framework for Mobile IPv6 Route Optimization,' IETF, , Nov. 2001. Work in progress
  2. R. Deng, J. Zhou, and F. Bao, 'Defending Against Redirect attacks in Mobile IP,'Proceedings of the 9th ACM Conference on Computer and Communications Security, Nov.2002 https://doi.org/10.1145/586110.586120
  3. G. O'Shea and M. Roe, 'Child-proof authentication for MIPv6 (CAM),' ACM Computer Communications Review, Vol. 31, No. 2, April 2001 https://doi.org/10.1145/505666.505668
  4. M. Roe, T. Aura, G. O'Shea, and J. Arkko, 'Authentication of Mobile IPv6 Binding Updates and Acknowledgments,' IETF, , Feb. 2002. Work in progress
  5. S. Okazaki, A. Desai, C. Gentry and et.el., 'Securing MIPv6 Binding Updates Using Address Based Keys (ABKs),' IETF, , Oct. 2002. Work in progress
  6. G. Montenegro, C. Castelluccia, 'SUCV Identifiers and Addresses,' IETF, , Nov. 2001. Work in progress
  7. D. Johnson, C. Perkins and J. Arkko, 'Mobility Support in IPv6,' IETF, , Jun. 2003. Work in progress
  8. T. Aura, 'Cryptographically Generated Addresses (CGA),' IETF, , Aug. 2003. Work in progress
  9. R. Housley, W. Ford, T. Polk, and D. Solo, 'Internet X.509 public key infrastructure certificate and CRL profile,' RFC 2459, Jan, 1999
  10. T. Narten, E. Nordmark, and W. Simpson, 'Neighbor Discovery for IP Version 6 (IPv6),'RFC 2461, Dec. 1998
  11. Pekka Nikander, Tuomas Aura, Jari Arkko and Gabriel Montenegro, 'Mobile IP version 6 (MIPv6) Route Optimization Security Design,' Proceedings of IEEE Vehicular Technology Conference Fall 2003, Orlando, FL USA, October 2003. IEEE Press https://doi.org/10.1109/VETECF.2003.1285376