• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.241-244
• /
• 2003

Recently, IETF Mobile IP WG focus on security problem issues in Mobile IPv6 and provide appropriate protocol to solve them. These include the protections of Binding Updates both to home agents and correspondent nodes, prefix discovery messages and transporting data packets. In Mobile IPv6, control traffics between home agents and mobile nodes uses IPsec to avoid that mobile nodes and correspondent nodes may be vulnerable to attacks. It is used, however, Return Routability procedure for correspondent node to assure that the right mobile node is sending the messages. In this paper, we propose method of IPser processing to protect messages between home agents and mobile nodes.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.11-26
• /
• 2013

In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.634-636
• /
• 2003

Mobile IPv6는 차세대 인터넷 프로토콜인 IPv6를 기반으로 단말기기간에 이동성을 제공하는 프로토콜이다. 하지만 Mobile기기간의 정보 유출 및 서비스 거부 등과 같은 공격에 대해 보안 서비스의 필요성이 대두되었다. 이에 IPSec 프로토콜은 이러한 요구사항을 만족시켜 줄 수 있는 다양한 보안 서비스를 제공함에 따라 Mobile IPv6에서는 필수 구현사항으로 채택하고 있다. 이에 IPSec 프로토콜을 하드웨어로 모듈화함으로써 소프트웨어상에서 발생하는 단점을 제거하고. 하드웨어상의 Mobile기기와도 손쉽게 인터페이스 할 수 있도록 구현하였다. IPSec Core Module은 AH 및 ESP를 각각 송수신하는 모듈과 IPSec Control 모듈로 구성 하였으며. IPv6 테스트 망을 이용하여 전용 FPGA보드상에서 그 기능을 검증하였다.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1342-1349
• /
• 2010

Full-mesh IPSec tunnels, which constitute a black network, are required so that the dynamically changing PT (Plain Text) networks can be reachable across the black network in military environments. In the secure and mobile black networks, dynamically re-configuring IPSec tunnels and security policy database (SPD) is very difficult to manage. In this paper, for the purpose of solving mobility and security issues in military networks, we suggest the relating main technologies in association with DMIDP (Dynamic Multicast-based IPSec Discovery Protocol) based on existing IPSec ESP (Encapsulating Security Payload) tunnels and IPSec key managements. We investigate the main parameters of the proposed DMIDP techniques and their operational schemes which have effects on mobility and analyze operational effectivemess of the DMIDP with proposed parameters.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.3
• /
• pp.478-484
• /
• 2008

When a mobile node moves, MIPv6 operates an authentication process for the new connection. These kinds of frequent binding update and authentication processes cause much traffic and delay the service. To solve this problem, PMIPv6 provides a network-based mobility protocol in order to lessen the load on a mobile node. However, when it is moved from a domain to a domain or in a domain, there still lies a need fDr a new address, so MIPv6's demerit still exists. In IPsec, too, a new negotiation should be made when it is moved to WAN(Wide Area Network). This causes load to the mobile node. In this paper suggests MBB(Make Before Break) system to eliminate disconnections or delays resulted from the address change or renegotiation for security. When the mobile node receives a CoA address, IPsec negotiation gets operated. Its identity is authenticated by sending the identifier used for the prior negotiation to CN(Correspondent Node) through the BID message suggested. After that, negotiation Bets simplified that disconnections can be eliminated, and in the IPsec negotiation, the load on the mobile node can be lessened as well; moreover, two addresses are used for the communication simultaneously, so the probability of packet loss can be reduced.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.1-15
• /
• 2007

Increase in the wireless mobile network users brings the issue of mobility management into the Virtual Private Network (VPN) services. We propose a provider edge (PE)-based provider provisioned mobile VPN mechanism, which enables efficient communication between a mobile VPN user and one or more correspondents located in different VPN sites. The proposed mechanism not only reduces the IPSec tunnel overhead at the mobile user node to the minimum, but also enables the traffic to be delivered through optimized paths among the (mobile) VPN users without incurring significant extra IPSec tunnel overhead regardless of the user's locations. The proposed architecture and protocols are based on the BGP/MPLS VPN technology that is defined in RFC24547. A service provider platform entity named PPVPN Network Server (PNS) is defined in order to extend the BGP/MPLS VPN service to the mobile users. Compared to the user- and CE-based mobile VPN mechanisms, the proposed mechanism requires less overhead with respect to the IPSec tunnel management. The simulation results also show that it outperforms the existing mobile VPN mechanisms with respect to the handoff latency and/or the end-to-end packet delay.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1081-1084
• /
• 2006

MVPN(Mobile Virtual Private Network)은 이동단말을 사용하는 이동근무자가 지역적 제한 없이 VPN 서비스를 제공받을 수 있도록 하는 기술이다. 현재 IPsec-based VPN의 비중을 고려해볼 때, MVPN 기술은 Mobile 사용자에게 이동성을 제공하기 위한 Mobile IP프로토콜과 IPsec 기반 VPN 기술의 공존이 주된 연구 내용이다. mobile IP가 IPsec-based VPN GW(Gateway)와 동작할 경우 비호환성 문제가 발생한다. IETF에서는 두 프로토콜 간의 비호환성을 해결하기 위해VPN GW의 외부에 홈 에이전트(x-HA)를 새롭게 추가하는 방안이 연구되고 있다. 이에, AAA(Authentication, Authorization, Accounting) 서버를 이용하여 신뢰성 있는 x-HA를 동적으로 할당하는 방안이 제시되었으나, 세션 키의 외부 노출과 네트워크 간 이동 시 최초 핸드오프 시간이 오래 걸리는 한계를 지닌다. 본 논문은 이와 같은 문제점을 해결하여 이동하는 원격 VPN 사용자에게 보다 안전하며 핸드오프 지연시간이 최소화된 통신을 제공하는 방안을 제안한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11A
• /
• pp.1085-1091
• /
• 2006

For an experiment in this paper, designed test bed to secure confidentiality of data and safe transmission that Mobile node exchanges in Mobile network. And, For IPsec use that support basically in MIPv6, modeling and experimented IKEv2 protocol that is used for reliable authentication key management and distribution between End Point. When Mobile node handoff in Mobile network, analyzed effect that authentication key re-exchange and limited bandwidth that happen often get in key exchange. And studied about Performance and latency about authentication setting and exchange process that use multi interface. To conclusion, when Mobile node transmits using IPSec, re-authentication of key confirmed that re-setting by limit of bandwidth that existent Mobile network has can be impossible. According to other result, proposed MN's multi interface is expected to minimise key exchange latency by hand-off when transmit IPSec.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.4
• /
• pp.1260-1265
• /
• 2010

IPSec is the security protocol that do encryption and authentication service to IP messages on network layer of the internet. This paper presents the key recovery mechanism that is applied to IKEv2 of IPSec for mobile communication environments. It results to have compatibility with IPSec and IKEv2, reduce network overhead, and perform key recovery without depending on key escrew agencies or authorized party.