Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Network layer access control for context-aware IPv6 applications

As part of the Lancaster GUIDE II project, we have developed a novel wireless access point protocol designed to support the development of next generation mobile context-aware applications in our local environs. Once deployed, this architecture will allow ordinary citizens secure, accountable and convenient access to a set of tailored applications including location, multimedia and context based services, and the public Internet. Our architecture utilises packet marking and network level packet filtering techniques within a modified Mobile IPv6 protocol stack to perform access control over a range of wireless network technologies. In this paper, we describe the rationale for, and components of, our architecture and contrast our approach with other state-of-the- art systems. The paper also contains details of our current implementation work, including preliminary performance measurements

A New Approach Of Network Intrusion Detection In 6TO4 Tunneling

Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection

Feasible Threats By Manipulating Tunneling Packet On 6to4 Network

Tunneling mechanism becomes the most delicate transition mechanism compared to other transition mechanism, Dual Stack and Address Translation because tunneling offers easier way to start migrating from IPv4 to IPv6 and offers a smooth transition. 6to4 tunneling is automatic tunneling to conquer migration issues. In fact, tunnel transition mechanism is believed to be susceptible from several type of attacks. On 6to4 tunneling, Neighbor Discovery Protocol message becomes a potential media to exploit by attacker. It starts with deploying a controlled testbed network environment and running several scenario DoS attack by manipulating NDP message through 6to4 tunneling. The expected result is to prove that attacking methods is feasible and effective

Short Paper: On Deployment of DNS-based Security Enhancements

Although the Domain Name System (DNS) was designed as a naming system, its features have made it appealing to repurpose it for the deployment of novel systems. One important class of such systems are security enhancements, and this work sheds light on their deployment. We show the characteristics of these solutions and measure reliability of DNS in these applications. We investigate the compatibility of these solutions with the Tor network, signal necessary changes, and report on surprising drawbacks in Tor's DNS resolution.Comment: Financial Cryptography and Data Security (FC) 201

Security Enhancement of Route Optimization in Mobile IPv6 Networks

Mobile IPv6 is an IP-layer protocol that is designed to provide mobility support.It allows an IPv6 node to arbitrarily change its location in the IPv6 network while maintaining the existing connection by handling the change of addresses at the Internet layer. Route optimization is standard in Mobile IPv6 to eliminate inefficient triangle routing. Several methods were proposed to secure route optimization. Return routability was adopted by Internet Engineering Task Force (IETF) with its security protocol based on RFC 3775. Return routability is an infrastructureless, lightweight procedure that enables a Mobile IPv6 node to request another IPv6 node to check and test the ownership of its permanent address in both home network and current visited network. It authorizes a binding procedure by the use of cryptographically token exchange. However, return routability protocol in route optimization is to protect messages and is not able to detect or prevent an attacker which tampers against data. In this thesis, focus is given on Mobile IPv6 route optimization test-bed with enhanced security in terms of data integrity. The proposed method can be performed on top of the return routability procedure to detect and prevent Man-In-The-Middle attack by using encryption if any attack is detected. This also eliminates the additional delay compared to using encryption from the beginning of a connection. A real-time experimental test-bed has been set up, which is comprised of hardware, software and network analysis tools to monitor the packet flow and content of data packets. The test-bed consists of four computers acting as Mobile Node, Home Agent, Correspondent Node, and Router, respectively. To ensure the accuracy and integrity of the collected data, the Network Time Protocol (NTP) was used between the packet generator (Mobile Node) and packet receiver (Correspondent Node) to synchronize the time. The results show that the proposed method is able to work efficiently, maintaining 99% data security of route optimization in Mobile IPv6 (MIPv6) networks. The overall data integrity (by means of security) is improved 72% compared to existing MIPv6 by at a cost of 0.1 sec added overall delay, which is within the tolerable range by the network

Improved Handover Routing Scheme In Hierarchical Mobile Ipv6 Networks

Mobile Internet Protocol version 6 (MIPv6) has been proposed to solve the problem of mobility in the new era of Internet. MIPv6 is a proposal for handling routing of IPv6 packets to mobile nodes that have moved away from their home network. In the near future, with the simultaneous growth of the mobile user population and the Internet, users will move more frequently between networks as they stay connected to the Internet and access its resources. Thus, as mobility increases across networks, handovers will significantly give impact on the quality of the connection and on user application . Previous research has shown that MIPv6 only defines a means of managing global mobility (macro-mobility) but does not address local mobility (micro-mobility) separately. Instead, it uses the same mechanism in both cases. This involves long handover delay and a lot of signaling. The extension of protocol of basic MIPv6 has been investigated. Internet Engineering Task Force (IETF) introduced Hierarchical Mobile IPv6 (HMIPv6) . HMIPv6 is the proposed enhancement of MIPv6 that is designed to reduce the amount of signaling required and to improve handover speed for mobile connections. New node in HMIPv6 called the mobility anchor point (MAP) serves as a local entity to aid in mobile handover. By separating global and local mobility, HMIPv6 makes it possible to deal with either situation of macro mobility and micro mobility appropriately. The MAP helps to decrease the delay and packet loss during handover. HMIPv6's handover operation has been investigated. We have analyzed the handover routing scheme on Internet Protocol (IP) layer. The operation of this handover starts from the mobile node (MN) sends binding update (BU) to its new network until MN receives packet from the correspondent node (CN) or home agent (HA) through its new network. The adoption of multicast scheme and the avoidance of redundancy in sending binding update scheme have been proposed and have been implemented to HMIPv6. Proposed multicast scheme may allow MN to receive packets during handover operation. The avoidance of redundancy in sending B U scheme may reduce the amount of signaling for the handover thus reduce the handover delay. We have tested the performance of HMIPv6 with the proposed schemes based on simulation study. The results show that our proposed schemes reduce the handover delay and the amount of packet loss in HMIPv6