IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Issues of Security in Routing Optimization at Mobile IPv6

Mobile Internet Protocol version 6 (MIPv6) adds the mobility function toIPv6. An IPv6 host that supports the Mobile IPv6 function can move around theIPv6 Internet. A connection between two nodes is maintained by the pairing of thesource address and the destination address. The IPv6 node address is assigned basedon the prefix of home network. The assigned address on a given network becomes invalid when the host leaves that network and attaches itself to another network.The reason for this problem came from the nature of IP addresses when a node visits a foreign network: it is still reachable through the indirect packet forwarding from its home network. This triangular routing feature supports node mobility but increases the communication latency between nodes.So it can be supposed to be overcome by using a Binding Update (BU)scheme, which let nodes to update IP addresses and communicate with each other through direct IP routing. To protect the security of Binding Update, a Return Routability (RR) procedure is developed which results vulnerable to many attacks.In Route Optimization, the mobile node sends the binding message to its peer node,the message contains the new address of the mobile node, called as Care ofAddress, which confirms that the mobile node is infect moved to the new location from its Home Network. After receiving the binding message, the peer node sendsall packets which are destined to the Mobile's Home Address to the Care ofAddress.There are many security risks involved, when a malicious node might be able tocreate a connection with the mobile node by sending the false binding messages.By doing so malicious node can divert the traffic, can launch the DOS Attacks andcan also resend the authenticated messages, etc. So considering these securityissues, we will discuss for a secure protocol which prevents the attacker to establish false connections and assures the secrecy and integrity of the mobile node and its peers

Security Enhancement of Route Optimization in Mobile IPv6 Networks

Mobile IPv6 is an IP-layer protocol that is designed to provide mobility support.It allows an IPv6 node to arbitrarily change its location in the IPv6 network while maintaining the existing connection by handling the change of addresses at the Internet layer. Route optimization is standard in Mobile IPv6 to eliminate inefficient triangle routing. Several methods were proposed to secure route optimization. Return routability was adopted by Internet Engineering Task Force (IETF) with its security protocol based on RFC 3775. Return routability is an infrastructureless, lightweight procedure that enables a Mobile IPv6 node to request another IPv6 node to check and test the ownership of its permanent address in both home network and current visited network. It authorizes a binding procedure by the use of cryptographically token exchange. However, return routability protocol in route optimization is to protect messages and is not able to detect or prevent an attacker which tampers against data. In this thesis, focus is given on Mobile IPv6 route optimization test-bed with enhanced security in terms of data integrity. The proposed method can be performed on top of the return routability procedure to detect and prevent Man-In-The-Middle attack by using encryption if any attack is detected. This also eliminates the additional delay compared to using encryption from the beginning of a connection. A real-time experimental test-bed has been set up, which is comprised of hardware, software and network analysis tools to monitor the packet flow and content of data packets. The test-bed consists of four computers acting as Mobile Node, Home Agent, Correspondent Node, and Router, respectively. To ensure the accuracy and integrity of the collected data, the Network Time Protocol (NTP) was used between the packet generator (Mobile Node) and packet receiver (Correspondent Node) to synchronize the time. The results show that the proposed method is able to work efficiently, maintaining 99% data security of route optimization in Mobile IPv6 (MIPv6) networks. The overall data integrity (by means of security) is improved 72% compared to existing MIPv6 by at a cost of 0.1 sec added overall delay, which is within the tolerable range by the network

A survey on subjecting electronic product code and non-ID objects to IP identification

Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Assessing the Impact of Mobile Attackers on RPL-based Internet of Things

The Internet of Things (IoT) is becoming ubiquitous in our daily life. IoT networks that are made up of devices low power, low memory, and low computing capability appears in many applications such as healthcare, home, agriculture. IPv6 Routing Protocol for Low Power and Lossy Network (RPL) has become a standardized routing protocol for such low-power and lossy networks in IoT. RPL establishes the best routes between devices according to the requirements of the application, which is achieved by the Objective Function (OF). Even though some security mechanisms are defined for external attackers in its RFC, RPL is vulnerable to attacks coming from inside. Moreover, the same attacks could has different impacts on networks with different OFs. Therefore, an analysis of such attacks becomes important in order to develop suitable security solutions for RPL. This study analyze RPL-specific attacks on networks using RPL's default OFs, namely Objective Function Zero (OF0) and the Minimum Rank with Hysteresis Objective Function (MRHOF). Moreover, mobile attackers could affect more nodes in a network due to their mobility. While the security solutions proposed in the literature assume that the network is static, this study takes into account mobile attackers.Comment: 11 pages,3 figures, Journa