62 research outputs found
HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing
ć¶ćșŠ:æ° ; ć ±ćçȘć·:äč2336ć· ; ćŠäœăźçšźéĄ:ć棫(äșșéç§ćŠ) ; æäžćčŽææ„:2012/1/18 ; æ©ć€§ćŠäœèšçȘć·:æ°584
Mobile IP: state of the art report
Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area
Recommended from our members
Towards a reliable seamless mobility support in heterogeneous IP networks
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only:
âą Reliability of Mobility Protocol
âą Home Agent Management
âą Handovers
âą Path failures between MN and CN
First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a âmake before breakâ style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes.
In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed
Advanced Signaling Support for IP-based Networks
This work develops a set of advanced signaling concepts for IP-based networks. It proposes a design for secure and authentic signaling and provides QoS signaling support for mobile users. Furthermore, this work develops methods which allow for scalable QoS signaling by realizing QoS-based group communication mechanisms and through aggregation of resource reservations
Securing IP Mobility Management for Vehicular Ad Hoc Networks
The proliferation of Intelligent Transportation Systems (ITSs) applications, such as
Internet access and Infotainment, highlights the requirements for improving the underlying
mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility
management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e.,
vehicles, with seamless communications, in which service continuity is guaranteed while
vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless
technologies.
Due to its standardization and widely deployment, IP mobility (also called Mobile IP
(MIP)) is the most popular mobility management protocol used for mobile networks including
VANETs. In addition, because of the diversity of possible applications, the Internet
Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and
NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However,
many challenges have been posed for integrating IP mobility with VANETs, including the
vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security
perspective, we observe three main challenges: 1) each vehicle's anonymity and location
privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer
location privacy.
In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home
Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can
be revealed by other network entities and attackers. The mobile node's HoA and CoA
represent its identity and its current location, respectively, therefore revealing an MN's HoA
means breaking its anonymity while revealing an MN's CoA means breaking its location
privacy. On one hand, some existing anonymity and location privacy schemes require
intensive computations, which means they cannot be used in such time-restricted seamless
communications. On the other hand, some schemes only achieve seamless communication
through low anonymity and location privacy levels. Therefore, the trade-off between the
network performance, on one side, and the MN's anonymity and location privacy, on the
other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6
to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a
relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore,
a mutual authentication between the MN and RN is required to thwart authentication
attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure,
which is used in public hotspots installed inside moving vehicles, protecting physical-layer
location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily
localize users by employing signals transmitted from these users.
In this dissertation, we address those security challenges by proposing three security
schemes to be employed for different mobility management scenarios in VANETs, namely,
the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols.
First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose
an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary
sub-schemes: anonymous home binding update (AHBU) and anonymous return
routability (ARR). In addition, anonymous mutual authentication and key establishment
schemes have been proposed, to authenticate a mobile node to its foreign gateway and
create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff
between the networking performance and the achieved privacy level. Combining onion
routing and the anonymizer in the ALPP scheme increases the achieved location privacy
level, in which no entity in the network except the mobile node itself can identify this
node's location. Using the entropy model, we show that ALPP achieves a higher degree of
anonymity than that achieved by the mix-based scheme. Compared to existing schemes,
the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both
internal and external adversaries. Simulation results demonstrate that our sub-schemes
have low control-packets routing delays, and are suitable for seamless communications.
Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose
EM3A, a novel mutual authentication scheme that guarantees the authenticity of both
MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion,
impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction
with a proposed scheme for key establishment based on symmetric polynomials, to generate
a shared secret key between an MN and an RN. This scheme achieves lower revocation
overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP
domain with n points of attachment and a symmetric polynomial of degree t, our scheme
achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication
schemes achieve only t-secrecy. Computation and communication overhead analysis as well
as simulation results show that EM3A achieves low authentication delay and is suitable
for seamless multi-hop IP communications. Furthermore, we present a case study of a
multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A
represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming
vehicle and its relay vehicle. Compared to other authentication schemes, we show that our
MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication
delay and communication overhead, respectively.
Finally, we consider the physical-layer location privacy attacks in the NEMO-based
VANETs scenario, such as would be presented by a public hotspot installed inside a moving
vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and
propose a new physical-layer location privacy scheme, the fake point-cluster based scheme,
to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving
the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse
the attackers by increasing the estimation errors of their Received Signal Strength (RSSs)
measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted
signals. We show that our scheme not only achieves higher location privacy, but
also increases the overall network performance. Employing correctness, accuracy, and certainty
as three different metrics, we analytically measure the location privacy achieved by
our proposed scheme. In addition, using extensive simulations, we demonstrate that the
fake point-cluster based scheme can be practically implemented in high-speed VANETs'
scenarios
On predictive routing of security contexts in an all-IP network
While mobile nodes (MNs) undergo handovers across inter-wireless access networks, their security contexts must be propagated for secure re-establishment of on-going application sessions, such as those in secure mobile internet protocol (IP), authentication, authorization, and accounting (AAA) services. Routing security contexts via an IP network either on-demand or based on MNs' mobility prediction, imposes new challenging requirements of secure cross-handover services and security context management. In this paper, we present a context router (CXR) that manages security contexts in an all-IP network, providing seamless and secure handover services for the mobile users that carry multimedia-access devices. A CXR is responsible for (1) monitoring of MNs' cross-handover, (2) analysis of MNs' movement patterns, and (3) routing of security contexts ahead of MNs' arrival at relevant access points. The predictive routing reduces the delay in the underlying security association that would otherwise fetch an involved security context from a remote server. The predictive routing of security contexts is performed based on statistical learning of MNs' movement pattern, gauging (dis)similarities between the patterns obtained via distance measurements. The CXR has been evaluated with a prototypical implementation based on an MN mobility model on a grid. Our evaluation results support the predictive routing mechanism's improvement in seamless and secure cross-handover services by a factor of 2.5. Also, the prediction mechanism is shown to outperform the Kalman filter-based method [13] as a Kalman Fiter-based mechanism up to 1.5 and 3.6 times regarding prediction accuracy and computation performance, respectively. Copyright © 2009 John Wiley & Sons, Ltd.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/65037/1/135_ftp.pd
Towards a reliable seamless mobility support in heterogeneous IP networks
Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: âą Reliability of Mobility Protocol âą Home Agent Management âą Handovers âą Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a âmake before breakâ style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
IPv6: a new security challenge
Tese de mestrado em Segurança InformĂĄtica, apresentada Ă Universidade de Lisboa, atravĂ©s da Faculdade de CiĂȘncias, 2011O Protocolo de Internet versĂŁo 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas nĂŁo endereçados pelo seu antecessor, o Protocolo de Internet versĂŁo 4 (IPv4), nomeadamente questĂ”es relacionadas com segurança e com o espaço de endereçamento disponĂvel. SĂŁo muitos os que na Ășltima dĂ©cada tĂȘm desenvolvido estudos sobre os investimentos necessĂĄrios Ă sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos pĂșblicos a ser disponibilizado pelas diversas Region Internet registry â RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrĂĄrio do IPv4, esta nova versĂŁo considera a segurança como um objetivo fundamental na sua implementação, nesse sentido Ă© recomendado o uso do protocolo IPsec ao nĂvel da camada de rede. No entanto, e devido Ă imaturidade do protocolo e Ă complexidade que este perĂodo de transição comporta, existem inĂșmeras implicaçÔes de segurança que devem ser consideradas neste perĂodo de migração. O objetivo principal deste trabalho Ă© definir um conjunto de boas prĂĄticas no Ăąmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, Ă© de todo Ăștil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customersâ networks
- âŠ