• Title/Summary/Keyword: Secure Binding update

Search Result 22, Processing Time 0.026 seconds

Comparison and Analysis of Protocols for the Secure Binding Updates in MIPv6 (MIPv6의 안전한 바인딩 갱신을 위한 프로토콜 비교 분석)

  • Won, You-Seuk;Cho, Kyung-San
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.755-762
    • /
    • 2003
  • For the route optimization in the MIPv6, MN(Mobile Node) sends CN(Correspondent Node) a binding update message to notify the binding of is HoA(Home Address) with its new CoA(Care-of Address). However, unautenticated binding updates expose the involved MN and CM to various sucurity attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols, and the performance of packet exchanges and cryptographic operations. Then, we analyze the four typical binding update protocols based on the presented criterions. In addition, we propose some improvement tips for secure binding updates.

MIPv6 Binding Update scheme to improve performance and security (성능과 보안성을 함께 개선한 MIPv6 바인딩 갱신)

  • Won, You-Seuk;Cho, Kyung-San
    • Journal of Internet Computing and Services
    • /
    • v.8 no.4
    • /
    • pp.81-91
    • /
    • 2007
  • Binding update for the routing optimization in MIPv6 can make the involved nodes vulnerable to various attacks. Therefore, secure binding update becomes an important research issue in MIPv6, and several protocols have been proposed for this purpose. In this paper, we compare several existing binding update protocols such as RR, SUCV and OMIPv6 and analyze the vulnerability of nodes to the possible attacks and drawbacks of address management and scalability and overhead of encryption operations. Then, we suggest the design requirements for the secure binding update and propose an advanced protocol based on the design principle. Through the analysis, we show that our protocol can achieve a higher level of security against the various attacks and enable better management of address, provide the location privacy and reduce the computational overhead of mobile nodes with constraint computational power.

  • PDF

Improving SUCV Protocol for the Secure Binding Update in MIPv6 (SUCV를 개선한 MIPv6 바인딩 갱신 프로토콜)

  • Won You-Seuk;Cho Kyung-San
    • The KIPS Transactions:PartC
    • /
    • v.13C no.3 s.106
    • /
    • pp.267-274
    • /
    • 2006
  • The process of binding update for the routing optimization in MIPv6 can make the involved MN (Mobile Node) and CN(Correspondent Node) vulnerable to various attacks. Therefore, securing binding update process becomes an important research issue in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we compare several existing binding update protocols, and analyze the vulnerability of MNs and CNs to the possible attacks and the management overhead of the SUCV(Statistic Uniqueness and Cryptographic Verifiability) which is considered to be superior to other protocols. Then, we propose an advanced protocol to resolve above drawbacks. Through the detailed analysis, we show that our protocol can reduce the computational overhead of MN, enable better management, and achieve a higher level of security against the redirect attacks, DoS(Denial of Service) attacks and brute force attacks, compared to SUCV.

Authentication of Hierarchical Mobile IPv6 Handover Using Modified Return Rotability (Modified Return Routability를 이용한 Hierarchical Mobile IPv6 Handover 인증 기법)

  • Kim, Jung-Hwan;Yu, Ki-Sung;Park, Byung-Yeon;Noh, Min-Ki;Mun, Young-Song
    • Journal of Internet Computing and Services
    • /
    • v.8 no.6
    • /
    • pp.21-28
    • /
    • 2007
  • Hierarchical Mobile IPv6 improves performance of Mobile IPv6 by managing Binding Update in terms of location, With improved handover delay, realization of delay-sensitive services (e,g, VoIP or video streaming) has become more persuadable, Comparing with Mobile IPv6, however, Hierarchical Mobile IPv6 brings security threats related to Local Binding Update to mobile network, In the RFC 4140, specific methods to authenticate Local Binding Update message are not explicitly presented. It is essential that design secure architecture to address problems related to authenticating Local Binding Update, Many secure suggestions for Local Binding Update, however, concentrate on infrastructure-based solutions such as AAA PKI. These approaches may cause scalability problem when the suggested solutions are applied to real network. Therefore we suggest authentication method that doesn't require infrastructure, In addition to authentication of Local Binding Update, our method also provides mobile node with power saving ability.

  • PDF

Authentication Protocol Supporting Secure Seamless Handover in Network Mobility (NEMO) Environment (네트워크 이동성 환경에서 안전한 Seamless 핸드오버 지원을 위한 인증 프로토콜)

  • Kim, Jong-Young;Yoon, Yong-Ik;Lee, Kang-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.57-64
    • /
    • 2012
  • The existing protocols proposed in network mobility (NEMO) environment can require many computational costs and can bring about a delay of binding update. To solve these problems, in this paper we propose an authentication protocol supporting secure seamless handover in NEMO environment. The proposed protocol can handle quickly mutual authentication between a mobile router (MR) and an access router (AR), which uses group key among ARs and a master key (MK) issuing from key issuing server (KIS) for reducing the time of binding update as much as possible. In performance, the proposed protocol can process quickly binding update with little computational cost comparison with the existing binding update protocols and it results in robustness against existing attacks.

MIPv6 Binding Update Protocol Secure Against both Redirect and DoS Attacks (Redirect 공격과 DoS 공격에 안전한 MIPv6 바인딩 업데이트 프로토콜)

  • Kang Hyun-Sun;Park Chang-Seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.5
    • /
    • pp.115-124
    • /
    • 2005
  • We propose a new binding update(BU) protocol between mobile node(CN) and correspondent node(CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also propose the stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Suity of our proposed Protocol is analyzed and compared with other protocols. The proposed protocol is more efficient than previous schemes in terms of the number of message flows and computation overhead and is secure against both redirect and DoS attacks.

Authentication Mechanism for Secure Fast Handover in HMIPv6 (HMIPv6 환경에서의 안전한 Fast Handover를 위한 인증 메커니즘)

  • Kim, Min-Kyoung;Kang, Hyun-Sun;Park, Chang-Seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.91-100
    • /
    • 2007
  • In this paper, We design and propose a protocol for supporting secure and efficient mobility in integrating fast handover and HMIPv6. In the proposed protocol which is AAA-based HMIPv6, if the MN enters the MAP domain for the first time, then it performs an Initial Local Binding Update for authentication. We propose a secure Fast Handover method using the ticket provided by MAP, which includes the secret key for authentication. Also, we analyze and compare security properties of our proposed scheme with those of other scheme using various attack scenario.

An Improved Protocol for the Secure Mobile IPv6 Binding Updates (안전한 모바일 IPv6 바인딩 갱신을 위한 개선된 프로토콜)

  • You, Il-Sun;Won, You-Seuk;Cho, Kyung-San
    • The KIPS Transactions:PartC
    • /
    • v.11C no.5
    • /
    • pp.605-612
    • /
    • 2004
  • In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol [2], by adopt-ing Aura's CGA scheme with two hashes [9]. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

Improving the Kang-Park's Protocol for Securing Binding Update in MIPv6 (Kang-Park의 Mobile IPv6 바인딩 갱신 보안 프로토콜 개선)

  • You, Il-Sun
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.44 no.10
    • /
    • pp.148-155
    • /
    • 2007
  • The routing optimization mode, which Mobile IPv6 provides for the direct communication between a mobile node and its correspond node, introduces various security threats, thus causing several protocols to be proposed for the secure binding update procedure. In particular, the Kang-Park protocol, which Kang and Park presented in 2005, achieves the optimized cryptographic operations and the strong security, while based on its unique security proxy structure. In spite of such advantages, it has some drawbacks in terms of security and efficiency. This paper improves the Kang-Park protocol through the strong CoA validation and early binding update methods. Also, we show that the improved protocol is better than others.

Authentication Mechanism for Secure Binding Update and Fast Handover in the Generalized Hierarchical MIPv6 (일반화된 계층적 MIPv6 환경에서의 안전한 바인딩 업데이트 및 Fast Handover를 위한 인증 메커니즘)

  • Park, Chang-Seop;Kang, Hyun-Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.107-115
    • /
    • 2008
  • In this paper, a secure and efficient binding update protocol as well as a handover protocol are proposed in the generalized hierarchical MIPv6 environment. Contrary to the conventional hierarchical MIPv6 environment where a foreign network is a small-scaled MAP domain, a large-scaled MAP domain consisting of several MAPs which are connected hierarchically is considered in the proposed protocol for the mechanism to support fast and secure mobility. It is also analyzed the security of the proposed protocol under the various attack scenarios.