ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Enhancing Security in Mobile IPv6

  • Modares, Hero (Department of Computer System and Technology, University of Malaya) ;
  • Moravejosharieh, Amirhossein (Department of Computer Science and Software Engineering, University of Canterbury) ;
  • Salleh, Rosli Bin (Department of Computer System and Technology, University of Malaya) ;
  • Lloret, Jaime (Department of Communications, Polytechnic University of Valencia)
  • Received : 2013.02.22
  • Accepted : 2013.07.26
  • Published : 2014.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In the Mobile IPv6 (MIPv6) protocol, a mobile node (MN) is a mobile device with a permanent home address (HoA) on its home link. The MN will acquire a care-of address (CoA) when it roams into a foreign link. It then sends a binding update (BU) message to the home agent (HA) and the correspondent node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks, such as the man-in-the-middle attack, the session hijacking attack, and the denial-of-service attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The private-key-based BU (PKBU) protocol is proposed in this research to overcome the shortcomings of some existing MIPv6 protocols. PKBU incorporates a method to assert the address ownership of the MN, thus allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements while being able to check the address ownership of the MN. PKBU also incorporates a method to verify the reachability of the MN.

Keywords

References

  1. C.E. Perkins, Mobile IP: Design Principles and Practices, Boston, MA, USA: Addison Wesley, 1998.
  2. J. Arkko, C. Perkins, and D. Johnson, "Mobility Support in IPv6," Internet Engineering Task Force, RFC 6275, July 2011.
  3. K. Ren et al., "Routing Optimization Security in Mobile IPv6," Comput. Netw., vol. 50, no. 13, Sept. 15, 2006, pp. 2401-2419. https://doi.org/10.1016/j.comnet.2005.09.019
  4. A.S. Sadiq, K.A. Bakar, and K.Z. Ghafoor, "A Fuzzy Logic Approach for Reducing Handover Latency in Wireless Networks," Netw. Protocols Algorithms, vol. 2, no. 4, 2010, pp. 61-87.
  5. D. Johnson, C. Perkins, and J. Arkko, "IP Mobility Support," Internet Engineering Task Force, RFC 2002, Oct. 1996.
  6. S. Robert, "Introduction to Mobile IP," Institute for Information and Communication Technologies, Mar. 2003. http://www. stephan-robert.ch/attachments/File/Networking/MIP_sr_3_03- v2.pdf.
  7. M.A. Aydin, A.H. Zaim, and K.G. Ceylan, "A Hybrid Intrusion Detection System Design for Computer Network Security," Comput. Electr. Eng., vol. 35, no. 3, May 2009, pp. 517-526. https://doi.org/10.1016/j.compeleceng.2008.12.005
  8. G. Martinez, F.G. Mármol, and J.M.A. Calero, "Introduction to Recent Advances in Security and Privacy in Distributed Communications," Comput. Electr. Eng., vol. 38, no. 5, Sept. 2012, pp. 1033-1034. https://doi.org/10.1016/j.compeleceng.2012.07.007
  9. J. Arkko et al., "Secure Neighbor Discovery (SEND)," Internet Engineering Task Force, RFC 3971, Mar. 2005.
  10. J. Arkko, V. Devarapalli, and F. Dupont, "Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents," Internet Engineering Task Force, RFC 3776, June 2004.
  11. K. Sahadevaiah and R.P.V.G.D. Prasad, "Impact of Security Attacks on a New Security Protocol for Mobile Ad Hoc Networks," Netw. Protocols Algorithms, vol. 3, no. 4, 2011, pp. 122-140.
  12. H. Soliman, Securing Mobile IPv6 Signaling, Boston, MA, USA: Addison-Wesley, 2004.
  13. S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6)," Internet Engineering Task Force, RFC 2460, 2006, pp. 19.
  14. A. Conta and S. Deering, "Generic Packet Tunneling in IPv6," Internet Engineering Task Force, RFC 2473, 1998.
  15. O. Zuleger, "Mobile Internet Protocol v6," 2005. http://www. hznet.de/ipv6/mipv6-intro.pdf.
  16. P. Nikander et al., "Mobile IP Version 6 (MIPv6) Route Optimization Security Design," IEEE Int. Conf. Veh. Technol., Orlando, FL, USA, vol. 3, Oct. 2003, pp. 2004-2008.
  17. K. Ren et al., "Routing Optimization Security in Mobile IPv6," Comput. Netw., vol. 50, no. 13, Sept. 15, 2006, pp. 2401-2419. https://doi.org/10.1016/j.comnet.2005.09.019
  18. Z. Anari, Security Enhancement of Route Optimization in Mobile IPv6 Network, master's thesis, University of Putra Malaysia, 2008.
  19. O. Elshakankiry, Securing Home and Correspondent Registrations in Mobile IPv6 Network, doctoral dissertation, University of Manchester, UK, 2010.
  20. T. Aura, "Cryptographically Generated Addresses (CGA)," 6th Conf. Inf. Security, vol. 2851, Bristol, UK, 2005, pp. 29-43.
  21. C. Vogt et. al., "Early Binding Updates for Mobile IPv6," IEEE Wireless Commun. Netw. Conf., vol. 3, New Orleans, LA, USA, Mar. 13-14, 2005, pp. 1440-1445.
  22. F. Le and S.M. Faccin, "Dynamic Diffie Hellman Based Key Distribution for Mobile IPv6," Internet Engineering Task Force, Apr. 2001.
  23. R.H. Deng, J. Zhou, and F. Bao, "Defending Against Redirect Attacks in Mobile IP," 9th ACM Conf. Comput. Commun. Security, New York, NY, USA, 2002, pp. 59-67.
  24. D. Johnson, C. Perkins, and J. Arkko, "Mobility Support in IPv6," Internet Engineering Task Force, RFC 3775, June 2004.
  25. W. Haddad et al., "Optimizing Mobile IPv6 (OMIPv6)," Internet Engineering Task Force, Feb. 2004.
  26. W. Haddad et al., "Applying Cryptographically Generated Addresses to Optimize MIPv6 (CGA-OMIPv6)," Internet Engineering Task Force, May 2005.
  27. J. Arkko, W. Haddad, and C. Vogt, "Enhanced Route Optimization for Mobile IPv6," Internet Engineering Task Force, RFC 4866, May 2007.
  28. M. Roe et al., "Authentication of Mobile IPv6 Binding Updates and Acknowledgments," Internet Engineering Task Force, 2002.
  29. I. You, J.-H. Lee, and B. Kim, "caTBUA: Context‐Aware Ticket‐Based Binding Update Authentication Protocol for Trust‐Enabled Mobile Networks," Int. J. Commun. Syst., vol. 23, no. 11, Nov. 2010, pp. 1382-1404. https://doi.org/10.1002/dac.1113
  30. H. Modares et al., "A Survey of Secure Protocols in Mobile IPv6," J. Netw. Comput. Appl., available online Aug. 2013.
  31. G.M.D. Dormale, P. Bulens, and J.-J. Quisquater, "An Improved Montgomery Modular Inversion Targeted for Efficient Implementation on FPGA," IEEE Int. Conf. Field- Programmable Technol., Brisbane, Australia, 2004, pp. 441-444.
  32. H. Modares et al., "A Bit-Serial Multiplier Architecture for Finite Fields over Galois Fields," J. Comput. Sci., vol. 6, no. 11, 2010, pp. 1237-1246. https://doi.org/10.3844/jcssp.2010.1237.1246
  33. J. Arkko et al., "Mobile IP Version 6 Route Optimization Security Design Background," Internet Engineering Task Force, RFC 2002, 2005.
  34. J. Arkko, C. Vogt, and T. Henderson, "End-Host Mobility and Multihoming with the Host Identity Protocol," Internet Engineering Task Force, Feb. 23, 2011.
  35. R.H. Deng, J. Zhou, and F. Bao, "Defending Against Redirect Attacks in Mobile IP," Proc. 9th ACM Conf. Comput. Commun. Security, Washington, DC, Nov. 18-22, 2002, pp. 59-67.
  36. T. Aura, M. Roe, and J. Arkko, "Security of Internet Location Management," Proc. 18th IEEE Conf. Annual Comput. Security Appl., Las Vegas, NV, USA, Dec. 9-13, 2002, pp. 78-87.
  37. D. Kavitha and K.E.S. Murthy, S.Z. Hug "Security Analysis of Binding Update Protocols in Route Optimization of MIPv6," Int. Conf. Recent Trends Inf., Telecommun. Comput., Kochi Kerala, Mar. 12-13, 2010, pp. 44-49.
  38. A. Datta et al., Authentication for Mobile IPv6, Department of Computer Science, University of Oxford, 2002, pp. 1-11. ftp://ftp.kestrel.edu/pub/papers/pavlovic/MIPv6.pdf.

Cited by

  1. Advanced Mobility Handover for Mobile IPv6 Based Wireless Networks vol.2014, pp.None, 2014, https://doi.org/10.1155/2014/602808
  2. Mobile IPv6 Vertical Handover Specifications, Threats, and Mitigation Methods: A Survey vol.2020, pp.None, 2014, https://doi.org/10.1155/2020/5429630