Reducing Packet Overhead in Mobile IPv6

Common Mobile IPv6 mechanisms, Bidirectional tunneling and Route optimization, show inefficient packet overhead when both nodes are mobile. Researchers have proposed methods to reduce packet overhead regarding to maintain compatible with standard mechanisms. In this paper, three mechanisms in Mobile IPv6 are discussed to show their efficiency and performance. Following discussion, a new mechanism called Improved Tunneling-based Route Optimization is proposed and due to performance analysis, it is shown that proposed mechanism has less overhead comparing to common mechanisms. Analytical results indicate that Improved Tunneling-based Route Optimization transmits more payloads due to send packets with less overhead

A New Router Certification Authority Protocol For Securing Mobile Internet Protocol Version 6

Protokol Internet Bergerak versi 6 (IPv6 Bergerak) telah dicadangkan sebagai satu protokol piawai untuk memberikan mobility dalam Rangkaian Generasi Seterusnya. Mobile Internet Protocol version 6 (Mobile IPv6) has been proposed as a standard protocol to provide mobility in Next Generation Networks

Secure Naming and Addressing Operations for Store, Carry and Forward Networks

This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems

Bulk binding approach for PMIPv6 protocol to reduce handoff latency in IoT

Mobility management protocols are very essential in the new research area of Internet of Things (IoT) as the static attributes of nodes are no longer dominant in the current environment. Proxy MIPv6 (PMIPv6) protocol is a network-based mobility management protocol, where the mobility process is relied on the network entities, named, Mobile Access Gateways (MAGs) and Local Mobility Anchor (LMA). PMIPv6 is considered as the most suitable mobility protocol for WSN as it relieves the sensor nodes from participating in the mobility signaling. However, in PMIPv6, a separate signaling is required for each mobile node (MN) registration, which may increase the network signaling overhead and lead to increase the total handoff latency. The bulk binding approaches were used to enhance the mobility signaling for MNs which are moving together from one MAG to another by exchanging a single bulk binding update message. However, in some cases there might be several MNs move at the same time but among different MAGs. In this paper, a bulk registration scheme based on the clustered sensor PMIPv6 architecture is proposed to reduce the mobility signaling cost by creating a single bulk message for all MNs attached to the cluster. Our mathematical results show that the proposed bulk scheme enhances the PMIPv6 performance by reducing the total handoff latency

Securing IP Mobility Management for Vehicular Ad Hoc Networks

The proliferation of Intelligent Transportation Systems (ITSs) applications, such as Internet access and Infotainment, highlights the requirements for improving the underlying mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e., vehicles, with seamless communications, in which service continuity is guaranteed while vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless technologies. Due to its standardization and widely deployment, IP mobility (also called Mobile IP (MIP)) is the most popular mobility management protocol used for mobile networks including VANETs. In addition, because of the diversity of possible applications, the Internet Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However, many challenges have been posed for integrating IP mobility with VANETs, including the vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security perspective, we observe three main challenges: 1) each vehicle's anonymity and location privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer location privacy. In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can be revealed by other network entities and attackers. The mobile node's HoA and CoA represent its identity and its current location, respectively, therefore revealing an MN's HoA means breaking its anonymity while revealing an MN's CoA means breaking its location privacy. On one hand, some existing anonymity and location privacy schemes require intensive computations, which means they cannot be used in such time-restricted seamless communications. On the other hand, some schemes only achieve seamless communication through low anonymity and location privacy levels. Therefore, the trade-off between the network performance, on one side, and the MN's anonymity and location privacy, on the other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6 to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore, a mutual authentication between the MN and RN is required to thwart authentication attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure, which is used in public hotspots installed inside moving vehicles, protecting physical-layer location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily localize users by employing signals transmitted from these users. In this dissertation, we address those security challenges by proposing three security schemes to be employed for different mobility management scenarios in VANETs, namely, the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols. First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary sub-schemes: anonymous home binding update (AHBU) and anonymous return routability (ARR). In addition, anonymous mutual authentication and key establishment schemes have been proposed, to authenticate a mobile node to its foreign gateway and create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff between the networking performance and the achieved privacy level. Combining onion routing and the anonymizer in the ALPP scheme increases the achieved location privacy level, in which no entity in the network except the mobile node itself can identify this node's location. Using the entropy model, we show that ALPP achieves a higher degree of anonymity than that achieved by the mix-based scheme. Compared to existing schemes, the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both internal and external adversaries. Simulation results demonstrate that our sub-schemes have low control-packets routing delays, and are suitable for seamless communications. Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose EM3A, a novel mutual authentication scheme that guarantees the authenticity of both MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion, impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction with a proposed scheme for key establishment based on symmetric polynomials, to generate a shared secret key between an MN and an RN. This scheme achieves lower revocation overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP domain with n points of attachment and a symmetric polynomial of degree t, our scheme achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication schemes achieve only t-secrecy. Computation and communication overhead analysis as well as simulation results show that EM3A achieves low authentication delay and is suitable for seamless multi-hop IP communications. Furthermore, we present a case study of a multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming vehicle and its relay vehicle. Compared to other authentication schemes, we show that our MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication delay and communication overhead, respectively. Finally, we consider the physical-layer location privacy attacks in the NEMO-based VANETs scenario, such as would be presented by a public hotspot installed inside a moving vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and propose a new physical-layer location privacy scheme, the fake point-cluster based scheme, to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse the attackers by increasing the estimation errors of their Received Signal Strength (RSSs) measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted signals. We show that our scheme not only achieves higher location privacy, but also increases the overall network performance. Employing correctness, accuracy, and certainty as three different metrics, we analytically measure the location privacy achieved by our proposed scheme. In addition, using extensive simulations, we demonstrate that the fake point-cluster based scheme can be practically implemented in high-speed VANETs' scenarios

Some Implementation Issues for Security Services based on IBE

Identity Based Encryption (IBE) is a public key cryptosystem where a unique identity string, such as an e-mail address, can be used as a public key. IBE is simpler than the traditional PKI since certificates are not needed. An IBE scheme is usually based on pairing of discrete points on elliptic curves. An IBE scheme can also be based on quadratic residuosity. This paper presents an overview of these IBE schemes and surveys present IBE based security services. Private key management is described in detail with protocols to authenticate users of Private Key Generation Authorities (PKG), to protect submission of generated private keys, and to avoid the key escrow problem. In the security service survey IBE implementations for smartcards, for smart phones, for security services in mobile networking, for security services in health care information systems, for secure web services, and for grid network security are presented. Also the performance of IBE schemes is estimated