Secure Mobile IP with HIP Style Handshaking and Readdressing

Mobile IP allows the mobile node roaming into a new IP network without losing its connection with its peer. Mobile IPv6 is using Mobile IP with Route Optimizationto improve performance by avoiding the triangle routing and adopting Return Routability as a secure process for binding update. Host Identity Protocol (HIP) is an experimental security protocol which provides mobility management and multi-homing by its new namespace. Its architecture is similar to that of Mobile IP with Route Optimization. In this paper, we have introduced a Secure Mobile IP with HIP Style Handshaking and Readdressing (SMIP), which has stronger security, better performance and lower binding cost in binding update process compared with Mobile IPv6. The dependence of home agent in the new scheme is also shown dramatically decreased. The initiated scheme integrated the primary features of two completely different mobility management solutions and has set up a migration path from mobile-IP based solution to a public-key based solution in mobile IP network

Low latency IP mobility management: Protocol and analysis

Mobile IP is one of the dominating protocols that enable a mobile node to remain reachable while moving around in the Internet. However, it suffers from long handoff latency and route inefficiency. In this article, we present a novel distributed mobility management architecture, ADA (Asymmetric Double-Agents), which introduces double mobility agents to serve one end-to-end communication. One mobility agent is located close to the MN and the other close to the CN. ADA can achieve both low handoff latency and low transmission latency, which is crucial for improvement of user perceived QoS. It also provides an easy-to-use mechanism for MNs to manage and control each traffic session with a different policy and provide specific QoS support. We apply ADA to MIPv6 communications and present a detailed protocol design. Subsequently, we propose an analytical framework for systematic and thorough performance evaluation of mobile IP-based mobility management protocols. Equipped with this model, we analyze the handoff latency, single interaction delay and total time cost under the bidirectional tunneling mode and the route optimization mode for MIPv6, HMIPv6, CNLP, and ADA. Through both quantitative analysis and NS2-based simulations, we show that ADA significantly outperforms the existing mobility management protocols. © 2011 Liu et al; licensee Springer

ANALISIS SISTEM KEAMANAN OPTIMASI RUTE PADA MOBILE IPv6

ABSTRAKSI: Mobile IPv6 (MIPv6) memungkinkan Mobile Node (MN) melakukan komunikasi secara langsung dengan pasangannya Coresspondent Node (CN) menggunakan kemampuan merubah arah (route) menggunakan alamat IP. Kemampuan ini kemudian disebut dengan Route Optimization (RO), cara ini memungkinkan Mobile Node (MN) berkomunikasi dengan Coresspondent Node (CN) menggunakan route yang lebih pendek, daripada secara default yang harus melalui Home Agent (HA) terlebih dahulu.Dalam optimasi route, peer node IPv6 menggunakan mekanisme binding antara alamat permanen Mobile Node (MN) dan alamat sementara Care-of-Address (CoA). Ketika menggunakan binding, peer node akan meneruskan paket ke Care-of-Address. Hal ini dapat menjadi potensi yang berbahaya ketika ada sebuah host ‘jahat’ mencoba membuat atau merekayasa binding sehingga menyebabkan kesalahan alamat tujuan pengiriman, pencurian paket oleh penyerang atau flooding paket.IPv6 memiliki sistem keamanan sendiri, yaitu IPSec khusus dan sudah terintegrasi dalam protokol ini. Mekanisme keamanan ini meskipun tidak sepenuhnya sempurna tetapi menyediakan fasilitas perlindungan yang jauh lebih baik dari pada IPv4 yang sekarang sering digunakan. Analisis optimasi rute ini membahas desain keamanan yang mungkin diimplementasikan pada MIPv6 dari segi masalah latar belakang arsitektur routing IP pada mobile IP, kemudian memberikan mekanisme tepat yang mungkin untuk diajukan dari latar belakang tersebut.Hasil akhir yang didapat, paket binding antara MN dan HA sudah termasuk aman, meskipun serangan false binding update yang pada akhirnya sering membuat HA melakukan proses pencatatan data yang banyak. Sementara untuk ketangguhan jaringan wireless dan IPv6 sendiri masih sangat rentan dengan serangan keamanan. MIPv6 merupakan bagian dari IPv6, untuk masa yang akan datang akan lebih aman jika konfigurasi keamanan IPv6 dioptimalisasi lebih jauh lagi.Kata Kunci : MIPv6, Keamanan, Binding, Route OptimizationABSTRACT: Mobile IPv6 (MIPv6) allows the Mobile Node (MN) communicated directly with the Coresspondent Node (CN) using its ability to redirect the route using IP address. This capability then called Route Optimization (RO), it allows the Mobile Node (MN) communicated with Coresspondent Node (CN) using a shorter route than the default, which must go through the Home Agent (HA) first.On route optimization, the IPv6 peer node using the binding mechanism between the permanent address of Mobile Node (MN) and the temporary address of the Care-of-Address (COA). When using a binding, peer node will forward the package to the Care-of-Address. This is a potential danger when there is an evil host tried to create or manipulate binding that caused error in destination address, steal package or make a flooding package.IPv6 has its own security system, called the special IPSec and has already integrated in this protocol. This security mechanism, even it does not completely perfect for the next implementation, provides better protection than in IPv4 which is often used. This route optimization analysis discussed the security design that may be implemented on MIPv6 based on the routing IP on mobile IP problem, so then it provides the appropriate mechanism that can be submitted by the background.The result is that the binding package between MN and HA are safety enough, even though the intense of false binding update attack finally make the HA should process a lot of data recording. While the reliability of a wireless network and IPv6 itself are very vulnerable from security attacks. MIPv6 is one of IPv6’s parts, it will be more secure if the IPv6 security configuration can be optimized in the future research.Keyword: MIPv6, Security, Binding, Route Optimizatio

IPv6 mobility support for real-time multimedia communications: A survey

Mobile Internet protocol version 6(MIPv6) route optimization improves triangular routing problem that exists in MIPv4 environment.Route optimization of Session Initiation Protocol (SIP) over MIPv6 provides ef�cient real-time multimedia applications to users. This article provides a survey of SIP over MIPv6. We review the processes involved during the setting up of a SIP call and during mid-call SIP mobility. When SIP transmits real-time multimedia applications in a wireless environment, the mobile node (MN) may move from one access router (AR) to another AR, handing over control from one AR to the other. High handover latency degrades the quality of real-time multimedia applications due to the fact that real-time multimedia applications are delay-sensitive.Handover latency is an important issue to discuss.Reduction of handover latency can be made possible with the use of SIP's hierarchical registration. On the other hand, hybrid hierarchical and fast handover SIP's registration performs better compared to hierarchical registration. Finally, we present the directions for future research

Scalable Support for Globally Moving Networks

This paper proposes a scalable solution for the support for globally moving networks. It is basically oriented to airborne mobile networks built in commercial aircrafts in order to provide Internet access to the passengers. As opposed to currently used solutions, the proposed solution has no impact in the global routing tables while it provides optimized paths between the mobile network and the rest of the Internet The proposed solution is an extension to the IETF standard network mobility support protocol and relies on the communication through multiple geographically distributed Home Agents in order to avoid panoramic routing imposed by single anchor points as in the case of a single Home Agent. The proposed solution includes a mechanism to select the best Home Agent to route new communications through.This project has been supported by Optinet project TIC-2003-09042-C03-01 and IMPROVISA project.Publicad

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)

One of the most important metrics in the design of IP mobility protocols is the handover performance. The current Mobile IP (MIP) standard has been shown to exhibit poor handover performance. Most other work attempts to modify MIP to slightly improve its efficiency, while others propose complex techniques to replace MIP. Rather than taking these approaches, we instead propose a new architecture for providing efficient and smooth handover, while being able to co-exist and inter-operate with other technologies. Specifically, we propose an intra-domain multicast-based mobility architecture, where a visiting mobile is assigned a multicast address to use while moving within a domain. Efficient handover is achieved using standard multicast join/prune mechanisms. Two approaches are proposed and contrasted. The first introduces the concept proxy-based mobility, while the other uses algorithmic mapping to obtain the multicast address of visiting mobiles. We show that the algorithmic mapping approach has several advantages over the proxy approach, and provide mechanisms to support it. Network simulation (using NS-2) is used to evaluate our scheme and compare it to other routing-based micro-mobility schemes - CIP and HAWAII. The proactive handover results show that both M&M and CIP shows low handoff delay and packet reordering depth as compared to HAWAII. The reason for M&M's comparable performance with CIP is that both use bi-cast in proactive handover. The M&M, however, handles multiple border routers in a domain, where CIP fails. We also provide a handover algorithm leveraging the proactive path setup capability of M&M, which is expected to outperform CIP in case of reactive handover.Comment: 12 pages, 11 figure

On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects