Browse > Article
http://dx.doi.org/10.4218/etrij.14.0113.0177

Enhancing Security in Mobile IPv6  

Modares, Hero (Department of Computer System and Technology, University of Malaya)
Moravejosharieh, Amirhossein (Department of Computer Science and Software Engineering, University of Canterbury)
Salleh, Rosli Bin (Department of Computer System and Technology, University of Malaya)
Lloret, Jaime (Department of Communications, Polytechnic University of Valencia)
Publication Information
ETRI Journal / v.36, no.1, 2014 , pp. 51-61 More about this Journal
Abstract
In the Mobile IPv6 (MIPv6) protocol, a mobile node (MN) is a mobile device with a permanent home address (HoA) on its home link. The MN will acquire a care-of address (CoA) when it roams into a foreign link. It then sends a binding update (BU) message to the home agent (HA) and the correspondent node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks, such as the man-in-the-middle attack, the session hijacking attack, and the denial-of-service attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The private-key-based BU (PKBU) protocol is proposed in this research to overcome the shortcomings of some existing MIPv6 protocols. PKBU incorporates a method to assert the address ownership of the MN, thus allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements while being able to check the address ownership of the MN. PKBU also incorporates a method to verify the reachability of the MN.
Keywords
Mobile IPv6; binding update; security threats in MIPv6; return routability; cryptographically generated addresses; private key;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. Martinez, F.G. Mármol, and J.M.A. Calero, "Introduction to Recent Advances in Security and Privacy in Distributed Communications," Comput. Electr. Eng., vol. 38, no. 5, Sept. 2012, pp. 1033-1034.   DOI
2 J. Arkko et al., "Secure Neighbor Discovery (SEND)," Internet Engineering Task Force, RFC 3971, Mar. 2005.
3 J. Arkko, V. Devarapalli, and F. Dupont, "Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents," Internet Engineering Task Force, RFC 3776, June 2004.
4 K. Sahadevaiah and R.P.V.G.D. Prasad, "Impact of Security Attacks on a New Security Protocol for Mobile Ad Hoc Networks," Netw. Protocols Algorithms, vol. 3, no. 4, 2011, pp. 122-140.
5 H. Soliman, Securing Mobile IPv6 Signaling, Boston, MA, USA: Addison-Wesley, 2004.
6 S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6)," Internet Engineering Task Force, RFC 2460, 2006, pp. 19.
7 A. Conta and S. Deering, "Generic Packet Tunneling in IPv6," Internet Engineering Task Force, RFC 2473, 1998.
8 O. Zuleger, "Mobile Internet Protocol v6," 2005. http://www. hznet.de/ipv6/mipv6-intro.pdf.
9 P. Nikander et al., "Mobile IP Version 6 (MIPv6) Route Optimization Security Design," IEEE Int. Conf. Veh. Technol., Orlando, FL, USA, vol. 3, Oct. 2003, pp. 2004-2008.
10 K. Ren et al., "Routing Optimization Security in Mobile IPv6," Comput. Netw., vol. 50, no. 13, Sept. 15, 2006, pp. 2401-2419.   DOI
11 Z. Anari, Security Enhancement of Route Optimization in Mobile IPv6 Network, master's thesis, University of Putra Malaysia, 2008.
12 O. Elshakankiry, Securing Home and Correspondent Registrations in Mobile IPv6 Network, doctoral dissertation, University of Manchester, UK, 2010.
13 T. Aura, "Cryptographically Generated Addresses (CGA)," 6th Conf. Inf. Security, vol. 2851, Bristol, UK, 2005, pp. 29-43.
14 D. Kavitha and K.E.S. Murthy, S.Z. Hug "Security Analysis of Binding Update Protocols in Route Optimization of MIPv6," Int. Conf. Recent Trends Inf., Telecommun. Comput., Kochi Kerala, Mar. 12-13, 2010, pp. 44-49.
15 A. Datta et al., Authentication for Mobile IPv6, Department of Computer Science, University of Oxford, 2002, pp. 1-11. ftp://ftp.kestrel.edu/pub/papers/pavlovic/MIPv6.pdf.
16 J. Arkko, C. Perkins, and D. Johnson, "Mobility Support in IPv6," Internet Engineering Task Force, RFC 6275, July 2011.
17 C. Vogt et. al., "Early Binding Updates for Mobile IPv6," IEEE Wireless Commun. Netw. Conf., vol. 3, New Orleans, LA, USA, Mar. 13-14, 2005, pp. 1440-1445.
18 F. Le and S.M. Faccin, "Dynamic Diffie Hellman Based Key Distribution for Mobile IPv6," Internet Engineering Task Force, Apr. 2001.
19 C.E. Perkins, Mobile IP: Design Principles and Practices, Boston, MA, USA: Addison Wesley, 1998.
20 K. Ren et al., "Routing Optimization Security in Mobile IPv6," Comput. Netw., vol. 50, no. 13, Sept. 15, 2006, pp. 2401-2419.   DOI
21 A.S. Sadiq, K.A. Bakar, and K.Z. Ghafoor, "A Fuzzy Logic Approach for Reducing Handover Latency in Wireless Networks," Netw. Protocols Algorithms, vol. 2, no. 4, 2010, pp. 61-87.
22 J. Arkko, W. Haddad, and C. Vogt, "Enhanced Route Optimization for Mobile IPv6," Internet Engineering Task Force, RFC 4866, May 2007.
23 R.H. Deng, J. Zhou, and F. Bao, "Defending Against Redirect Attacks in Mobile IP," 9th ACM Conf. Comput. Commun. Security, New York, NY, USA, 2002, pp. 59-67.
24 D. Johnson, C. Perkins, and J. Arkko, "IP Mobility Support," Internet Engineering Task Force, RFC 2002, Oct. 1996.
25 S. Robert, "Introduction to Mobile IP," Institute for Information and Communication Technologies, Mar. 2003. http://www. stephan-robert.ch/attachments/File/Networking/MIP_sr_3_03- v2.pdf.
26 M.A. Aydin, A.H. Zaim, and K.G. Ceylan, "A Hybrid Intrusion Detection System Design for Computer Network Security," Comput. Electr. Eng., vol. 35, no. 3, May 2009, pp. 517-526.   DOI
27 D. Johnson, C. Perkins, and J. Arkko, "Mobility Support in IPv6," Internet Engineering Task Force, RFC 3775, June 2004.
28 W. Haddad et al., "Optimizing Mobile IPv6 (OMIPv6)," Internet Engineering Task Force, Feb. 2004.
29 W. Haddad et al., "Applying Cryptographically Generated Addresses to Optimize MIPv6 (CGA-OMIPv6)," Internet Engineering Task Force, May 2005.
30 M. Roe et al., "Authentication of Mobile IPv6 Binding Updates and Acknowledgments," Internet Engineering Task Force, 2002.
31 I. You, J.-H. Lee, and B. Kim, "caTBUA: Context‐Aware Ticket‐Based Binding Update Authentication Protocol for Trust‐Enabled Mobile Networks," Int. J. Commun. Syst., vol. 23, no. 11, Nov. 2010, pp. 1382-1404.   DOI
32 H. Modares et al., "A Survey of Secure Protocols in Mobile IPv6," J. Netw. Comput. Appl., available online Aug. 2013.
33 G.M.D. Dormale, P. Bulens, and J.-J. Quisquater, "An Improved Montgomery Modular Inversion Targeted for Efficient Implementation on FPGA," IEEE Int. Conf. Field- Programmable Technol., Brisbane, Australia, 2004, pp. 441-444.
34 H. Modares et al., "A Bit-Serial Multiplier Architecture for Finite Fields over Galois Fields," J. Comput. Sci., vol. 6, no. 11, 2010, pp. 1237-1246.   DOI
35 J. Arkko et al., "Mobile IP Version 6 Route Optimization Security Design Background," Internet Engineering Task Force, RFC 2002, 2005.
36 J. Arkko, C. Vogt, and T. Henderson, "End-Host Mobility and Multihoming with the Host Identity Protocol," Internet Engineering Task Force, Feb. 23, 2011.
37 R.H. Deng, J. Zhou, and F. Bao, "Defending Against Redirect Attacks in Mobile IP," Proc. 9th ACM Conf. Comput. Commun. Security, Washington, DC, Nov. 18-22, 2002, pp. 59-67.
38 T. Aura, M. Roe, and J. Arkko, "Security of Internet Location Management," Proc. 18th IEEE Conf. Annual Comput. Security Appl., Las Vegas, NV, USA, Dec. 9-13, 2002, pp. 78-87.