Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6

Mobile IPv6 will be the basis for the fourth generation 4G networks which will completely revolutionize the way telecommunication devices operate. This paradigm shift will occur due to the sole use of packed switching networks. Mobile IPv6 utilizes binding updates as a route optimization to reduced triangle routing between the mobile node, the home agent and the correspondent node, allowing direct communication between the mobile node and the correspondent. However, direct communication between the nodes produces a range of security vulnerabilities, which the home agent avoided. This paper attempts to provide the advantages of using the home agent as an intermediary whilst reducing the latency of triangle routing. This can be achieved with the proposed use of a mobile home agent which essentially follows the mobile node as it moves between points of attachment providing location privacy and pseudo-direct communication, which can be incorporated into the distributed authentication protocol or be used as a stand alone solution

A security protocol for authentication of binding updates in Mobile IPv6.

Wireless communication technologies have come along way, improving with every generational leap. As communications evolve so do the system architectures, models and paradigms. Improvements have been seen in the jump from 2G to 3G networks in terms of security. Yet these issues persist and will continue to plague mobile communications into the leap towards 4G networks if not addressed. 4G will be based on the transmission of Internet packets only, using an architecture known as mobile IP. This will feature many advantages, however security is still a fundamental issue to be resolved. One particular security issue involves the route optimisation technique, which deals with binding updates. This allows the corresponding node to by-pass the home agent router to communicate directly with the mobile node. There are a variety of security vulnerabilities with binding updates, which include the interception of data packets, which would allow an attacker to eavesdrop on its contents, breaching the users confidentiality, or to modify transmitted packets for the attackers own malicious purposes. Other possible vulnerabilities with mobile IP include address spoofing, redirection and denial of service attacks. For many of these attacks, all the attacker needs to know is the IPv6 addresses of the mobile’s home agent and the corresponding node. There are a variety of security solutions to prevent these attacks from occurring. Two of the main solutions are cryptography and authentication. Cryptography allows the transmitted data to be scrambled in an undecipherable way resulting in any intercepted packets being illegible to the attacker. Only the party possessing the relevant key will be able to decrypt the message. Authentication is the process of verifying the identity of the user or device one is in communication with. Different authentication architectures exist however many of them rely on a central server to verify the users, resulting in a possible single point of attack. Decentralised authentication mechanisms would be more appropriate for the nature of mobile IP and several protocols are discussed. However they all posses’ flaws, whether they be overly resource intensive or give away vital address data, which can be used to mount an attack. As a result location privacy is investigated in a possible attempt at hiding this sensitive data. Finally, a security solution is proposed to address the security vulnerabilities found in binding updates and attempts to overcome the weaknesses of the examined security solutions. The security protocol proposed in this research involves three new security techniques. The first is a combined solution using Cryptographically Generated Addresses and Return Routability, which are already established solutions, and then introduces a new authentication procedure, to create the Distributed Authentication Protocol to aid with privacy, integrity and authentication. The second is an enhancement to Return Routability called Dual Identity Return Routability, which provides location verification authentication for multiple identities on the same device. The third security technique is called Mobile Home Agents, which provides device and user authentication while introducing location privacy and optimised communication routing. All three security techniques can be used together or individually and each needs to be passed before the binding update is accepted. Cryptographically Generated Addresses asserts the users ownership of the IPv6 address by generating the interface identifier by computing a cryptographic one-way hash function from the users’ public key and auxiliary parameters. The binding between the public key and the address can be verified by recomputing the hash value and by comparing the hash with the interface identifier. This method proves ownership of the address, however it does not prove the address is reachable. After establishing address ownership, Return Routability would then send two security tokens to the mobile node, one directly and one via the home agent. The mobile node would then combine them together to create an encryption key called the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides a validation to the mobile nodes’ location and proves its ownership of the home agent. Return Routability provides a test to verify that the node is reachable. It does not verify that the IPv6 address is owned by the user. This method is combined with Cryptographically Generated Addresses to provide best of both worlds. The third aspect of the first security solution introduces a decentralised authentication mechanism. The correspondent requests the authentication data from both the mobile node and home agent. The mobile sends the data in plain text, which could be encrypted with the binding key and the home agent sends a hash of the data. The correspondent then converts the data so both are hashes and compares them. If they are the same, authentication is successful. This provides device and user authentication which when combined with Cryptographically Generated Addresses and Return Routability create a robust security solution called the Distributed Authentication Protocol. The second new technique was designed to provide an enhancement to a current security solution. Dual Identity Return Routability builds on the concept of Return Routability by providing two Mobile IPv6 addresses on a mobile device, giving the user two separate identities. After establishing address ownership with Cryptographically Generated Addresses, Dual Identity Return Routability would then send security data to both identities, each on a separate network and each having heir own home agents, and the mobile node would then combine them together to create the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides protection against address spoofing as an attacker needs two separate ip addresses, which are linked together. Spoofing only a single address will not pass this security solution. One drawback of the security techniques described, however, is that none of them provide location privacy to hide the users IP address from attackers. An attacker cannot mount a direct attack if the user is invisible. The third new security solution designed is Mobile Home Agents. These are software agents, which provide location privacy to the mobile node by acting as a proxy between it and the network. The Mobile Home Agent resides on the point of attachment and migrates to a new point of attachment at the same time as the mobile node. This provides reduced latency communication and a secure environment for the mobile node. These solutions can be used separately or combined together to form a super security solution, which is demonstrated in this thesis and attempts to provide proof of address ownership, reachability, user and device authentication, location privacy and reduction in communication latency. All these security features are design to protect against one the most devastating attacks in Mobile IPv6, the false binding update, which can allow an attacker to impersonate and deny service to the mobile node by redirecting all data packets to itself. The solutions are all simulated with different scenarios and network configurations and with a variety of attacks, which attempt to send a false binding update to the correspondent node. The results were then collected and analysed to provide conclusive proof that the proposed solutions are effective and robust in protecting against the false binding updates creating a safe and secure network for all

Securing home and correspondent registrations in mobile IPv6 networks

The Mobile IPv6 (MIPv6) protocol enables mobile nodes (MNs) to remain connected to other correspondent nodes (CNs) while roaming the IPv6 Internet. Home and correspondent registrations are essential parts of the MIPv6 protocol, whereby MNs register their care-of addresses (CoAs) with their home agents (HAs) and with their CNs, respectively. Security provision for home and correspondent registrations is a fundamental part of the MIPv6 protocol and has been an open research issue since the early stages of the protocol.This thesis examines state-of-the-art protocols for securing home and correspondent registrations in MIPv6 networks. The strengths and weaknesses of these protocols are discussed. The investigation of these protocols leads to the proposal of an enhanced home registration protocol and a family of correspondent registration protocols. The Enhanced Home Registration (EHR) protocol extends the basic home registration protocol defined in MIPv6 to support the location authentication of MNs to their HAs. The EHR is based on novel ideas of segmenting the IPv6 address space, using a symmetric CGA-based technique for generating CoAs, and applying concurrent CoAs reachability tests. As a result, EHR is able to reduce the likelihood of a malicious MN being successful in luring an HA to flood a third party with useless packets using MIPv6. In addition, EHR enables HAs to help in correspondent registrations by confirming MNs' CoAs to CNs. Simulation studies of EHR have shown that it only introduces a marginal increase in the registration delay, but a significant increase in the signalling overhead as a cost of supporting the location authentication of MNs.The thesis also proposes a family of correspondent registration protocols. These protocols rely on the assistance of home networks to confirm the MNs' ownership of the claimed HoAs and CoAs. The protocols consist of three phases: a creation phase, an update phase and a deletion phase. Informal and formal protocol analyses have confirmed the protocols' correctness and satisfaction of the required security properties. The protocols have been simulated extensively and the results show that they produce lower registration delay and a reduction in the signalling overhead during update and deletion phases. This is at the cost of a varying increase, depending on the protocol variant, in the registration delay and signalling overhead during the creation phase.EThOS - Electronic Theses Online ServiceEgyptian GovernmentGBUnited Kingdo

Wireless adhoc Networks Security Principles, Issues

Privacy and itegrity of packets on wireless adhoc netwoks should be expected by the algorithmic mechanisms This privacy and integrity is very much is to be mandated by regulations In tardition the security is only based on cryptographic techniques which is not so much secure and leads to unsecure and unauthenticated information As the packets of information is to be routed on networks so it needs some new security and digital signature based algorithm Digital signature methods provides the solution to many of these new concerns So in this paper we will discuss new paradigma of digital signature based techniques along with merit demerits applications and isues related with i

AN ENHANCED BINDING UPDATE SCHEME FOR NEXT GENERATION INTERNET PROTOCOL MOBILITY

In recent years, the usage of mobile devices has become essential for people, both for business and for their daily activities. The mobile devices can get services directly from their home network and from other correspondent devices regardless of their position without using any intermediate agent. It is achieved by using mobility based Internet Protocol version 6, called as next generation internet protocol mobility. Since network mobility uses open air interface as a communication medium, it is possible for many security threats and attacks that might attempt to get unauthorized access from the participating entities. Consequently, the protection of network mobility from threats is one of the most demanding tasks as it must be considered without increasing the complexity while enhancing security. Hence, the paper proposes an enhanced location update scheme by incorporating the optimal asymmetric encryption method based on the random oracle model for providing security and efficiency. It emphasizes the security goals such as authentication, integrity, and confidentiality from the security analysis. In addition, it addresses the attack prevention analysis for the attacks such as rerun, man-in-the-middle and false location update. The proposed scheme is simulated and verified for security properties using a security validation tool - Automated Validation of Internet Security Protocols and Applications. Finally, the simulation studies show that the latency of the proposed scheme is reduced significantly when compared the other location update schemes

Mobile IPV6 security and return routability

Mobile IPv6 -protokolla (MIPv6) kuvailee ne yhteyskäytännöt, joilla kotiverkkonsa ulkopuolelle vaeltava langaton asiakassolmu kykenee säilyttämään yhteyden mahdollisesti kokonaan eri verkossa sijaitsevaan vastaanottavaan solmuun. Asiakassolmu kommunikoi vastaanottavan solmun kanssa aluksi kotiverkossaan sijaitsevan kotireitittimen välityksellä ja tarvittaessa lopulta ilman kotireitittimen apua. Kotireitittimen tärkein tehtävä on ylläpitää asiakassolmun kotiosoitteen ja tilapäisosoitteen välistä sidontaa. Solmujen välisen yhteyden säilyttämisen lisäksi yhteys on suojattava mahdollisilta palvelunesto-, välimies-, monistus- ja muilta hyökkäyksiltä. Suojautumiskeinona asiakassolmun ja kotireitittimen välille muodostetaan IPsec-turvayhteys IPsec-protokollakokoelman avulla. IPsec-turvayhteyden kuljetusmoodi suojaa asiakassolmun ja vastaanottavan solmun väliset sidonnan päivitykset. IPsecturvayhteys ei kuitenkaan sovellu kotireitittimen ja vastaanottavan solmun välisen tietoliikenneverkon osuuden eikä asiakassolmun ja vastaanottavan solmun välisen suoran linkin suojaamiseen. Suoran linkin muodostamisen suojaamista varten MIPv6:een on kehitetty protokollakohtainen turvaratkaisu, reititystesti. Reititystestin tavoitteena on asiakassolmun ja vastaanottavan solmun välisen tietoliikenneyhteyden todentaminen siten, että vastaanottava solmu voi tallentaa asiakassolmun osoitteiden sidonnan. Näin vältytään kotireitittimen kuormittamiselta, ja tiedonsiirto nopeutuu. IPsec-turvayhteyden tunnelimoodilla suojataan osa reititystestin keskeisistä viesteistä. Tämä tutkielma käsittelee ensin MIPv6:ta yleisellä tasolla. Myöhemmät luvut esittelevät MIPv6:n keskeiset turvallisuusuhat, IPsec-protokollakokoelman ja reititystestin. Aiheet koskevat erityisesti asiakassolmua, kotireititintä ja asiakassolmun kanssa kommunikoivaa vastaanottavaa solmua. Myös tutkielman näkökulma rajoittuu näihin kolmeen solmuun. Pääpaino on MIPv6:n turvallisuusuhkien esittelyssä ja turvaratkaisuissa, joilla vastataan näihin uhkiin. IPsec-protokollakokoelmaan kuuluvan IKE-protokollan yksityiskohtainen käsittely kuten myös reititystestin mahdolliset muunnokset eri verkkoinfrastruktuureissa jäävät tämän tutkielman aihealueiden ulkopuolelle. Tärkeimpänä tuloksenaan tutkielma näyttää reititystestin onnistuneen kulun. Reititystestin avulla asiakassolmun ja vastaanottavan solmun välille muodostetaan riittävän voimakas IPsec:stä riippumaton turvayhteys, jolla siis MIPv6:lle keskeiset sidonnan päivitykset voidaan hyväksyä. Tietoturvan näkökulmasta MIPv6 on käyttövalmis. IPsec:n avulla saadaan suojattua kriittisimmät vaiheet MIPv6-solmujen välisessä tietoliikenteessä. Reititystesti vastaa hyvin langattoman tiedonsiirron haasteisiin niin tietoturvan kuin yhteysnopeudenkin suhteen. Käytön lisääntymisen myötä MIPv6 tulee lähitulevaisuudessa kokemaan laajamittaista käytännon testausta ja ongelmien ratkaisua, mikä asettaa hyvät suuntaviivat MIPv6:n kehitykselle

Sécurité dans les réseaux mobiles de nouvelle génération

RÉSUMÉ Les réseaux de nouvelle génération visent à converger les réseaux fixes et mobiles hétérogènes afin d’offrir tous les services à travers un réseau coeur tout IP. Faisant parti du réseau d’accès mobile, un des principaux objectifs du réseau 4G est de permettre une relève ininterrompue entre les réseaux cellulaires et WIFI pour ainsi favoriser l’apprivoisement de services vidéo mobiles exigeant des critères de qualité de service très stricts à moindres coûts. Cependant, l’uniformisation du trafic au niveau de la couche réseau favorise sa centralisation à travers un réseau coeur IP partagé par tous les opérateurs, la rendant ainsi comme une cible vulnérable de choix pour les pirates informatiques. La conception de solutions sécuritaires dans un environnement où les entités ne se connaissent pas à priori s’annonce comme une tâche très ardue. La thèse se penche sur quatre problématiques importantes dans les réseaux de nouvelle génération dont chacune est traitée dans un article distinct. Les deux premiers articles touchent à la sécurité dans un contexte décentralisé, à savoir les réseaux mobiles ad hoc (MANETs), alors que les deux derniers proposent des mécanismes innovateurs pour sécuriser des solutions visant à réduire la consommation de bande passante et d’énergie, en conformité avec le virage vert informatique promu par les opérateurs réseautiques. Plus précisément, le troisième article traite de la sécurisation des flots multicast dans un environnement à haut taux de perte de paquet et le dernier propose une solution d’optimisation de route sécuritaire pour mobile IPv6 (MIPv6) utilisant une version améliorée de l’algorithme de genération d’adresses cryptographiques (CGA) et les extensions de sécurité du système de nom de domaine (DNSSEC). Les systèmes de détection d’intrusion (IDS) pour les MANETs basés sur la réputation des noeuds classifient les participants du réseau selon leur degré de confiance. Cependant, ils partagent tous une vulnérabilité commune : l’impossibilité de détecter et de réagir aux attaques complices. Le premier article propose un IDS qui intègre efficacement le risque de collusion entre deux ou plusieurs noeuds malveillants dans le calcul de la fiabilité d’un chemin. L’algorithme propos´e ne se limite pas qu’au nombre et à la réputation des noeuds intermédiaires formant un chemin, mais intègre également d’autres informations pertinentes sur les voisins des noeuds intermédiaires d’un chemin pouvant superviser le message original et celui retransmis. Le IDS proposé détecte efficacement les noeuds malicieux et complices dans le but de les isoler rapidement du réseau. Les simulations lancées dans divers environnements MANETs contenant une proportion variable d’attaquants complices montrent bien l’efficacité du IDS proposée en offrant un gain en débit considérable comparativement aux solutions existantes. À l’instar de prévenir les comportements égoïstes des noeuds par la menace d’être privés de certaines fonctions, voire même isolés du réseau, due à une baisse de réputation, le second article opte pour un incitatif non-punitif en la monnaie virtuelle plus communément appelée nuglets. Plus précisément, l’article présente un cadre de travail issu de la théorie des jeux basé sur la compétition de Bertrand pour inciter les noeuds intermédiaires à retransmettre les messages selon les requis de QoS demandés par la source. Pour qu’un noeud source envoie ou accède à un flot sensible à la QoS comme par exemple les applications en temps réel, il débute par envoyer un contrat qui spécifie les critères de QoS, sa durée et son prix de réserve. Sur réception du contrat, les noeuds intermédiaires formant une route entre la source et la destination partagent les informations sur eux-mêmes et celles recueillies sur les noeuds voisins, anciens et courants pour estimer la probabilité de bris de contrat ainsi que le nombre de compétiteurs actifs. Ces deux paramètres sont cruciaux dans le processus de fixation des prix. Une fois les réponses de route recueillies, la source choisit la route la moins chère. Le cadre de travail multijoueur proposé, basé sur la compétition de Bertrand avec des firmes asymétriques et ayant accès à de l’information imparfaite, possède un équilibre de Nash en stratégies mixtes dans lequel le profit des firmes est positif et baisse non seulement avec le nombre de compétiteurs, mais aussi avec l’impression d’une précision accrue que les compétiteurs ont sur le coût de production du joueur. Les résultats montrent que l’incertitude sur les coûts augmente le taux de la marge brute et la fluctuation des prix tout en diminuant les chances d’honorer le contrat. Dans un autre ordre d’idée, l’intérêt sans cesse grandissant des opérateurs à converger les réseaux fixes et mobiles dans le but d’offrir une relève sans interruption favorise l’utilisation des applications vidéo mobiles qui surchargeront rapidement leurs réseaux. Dans un contexte du virage vert qui prend de plus en plus d’ampleur dans le domaine des télécommunications, la transmission des flots en multidiffusion (multicast) devient essentiel dans le but de réduire la consommation de bande passante et la congestion du réseau en rejoignant simultanément plusieurs destinataires. La sécurisation des flots en multidiffusion a été largement étudiée dans la littérature antérieure, cependant aucune des solutions proposées ne tient compte des contraintes imposées par les liaisons sans fil et la mobilité des noeuds, en particulier le haut taux de perte de paquets. La nécessité d’un mécanisme de distribution de clés régénératrices efficace et pouvant supporter un grand bassin d’abonnés pour les réseaux mobiles n’aura jamais été aussi urgent avec l’arrivée de la convergence fixe-mobile dans les réseaux 4G. Le troisième article présente deux algorithmes de clés régénératrices basés sur les chaînes de hachage bidirectionnelles pour le protocole de distribution de clés logical key hierarchy (LKH). Ainsi, un membre ayant perdu jusqu’à un certain nombre de clés de déchiffrement consécutives pourrait lui-même les régénérer sans faire la requête de retransmission au serveur de clés. Les simulations effectuées montrent que les algorithmes proposés offrent des améliorations considérables dans un environnement de réseau mobile à taux de perte de paquet, notamment dans le percentage de messages déchiffrés. Le souci d’efficacité énergétique est également présent pour les opérateurs de réseaux cellulaires. D’ailleurs, près de la moitié des abonnements sur Internet proviennent présentement d’unités mobiles et il est attendu que ce groupe d’utilisateurs deviennent le plus grand bassin d’usagers sur Internet dans la prochaine décennie. Pour supporter cette croissance rapide du nombre d’utilisateurs mobiles, le choix le plus naturel pour les opérateurs serait de remplacer mobile IPv4 par MIPv6. Or, la fonction d’optimisation de route (RO), qui remplace le routage triangulaire inefficace de MIP en permettant au noeud mobile (MN) une communication bidirectionnelle avec le noeud correspondant (CN) sans faire passer les messages à travers l’agent du réseau mère (HA), est déficiente au niveau de la sécurité. L’absence d’informations pré-partagées entre le MN et le CN rend la sécurisation du RO un défi de taille. MIPv6 adopte la routabilité de retour (RR) qui est davantage un mécanisme qui vérifie l’accessibilité du MN sur son adresse du réseau mère (HoA) et du réseau visité (CoA) plutôt qu’une fonction de sécurité. D’autres travaux se sont attaqués aux nombreuses failles de sécurité du RR, mais soit leur conception est fautive, soit leurs suppositions sont irréalistes. Le quatrième article présente une version améliorée de l’algorithme de génération cryptographique d’adresse (ECGA) pour MIPv6 qui intègre une chaîne de hachage arrière et offre de lier plusieurs adresses CGA ensemble. ECGA élimine les attaques de compromis temps-mémoire tout en étant efficace. Ce mécanisme de génération d’adresse fait parti du protocole Secure MIPv6 (SMIPv6) proposé avec un RO sécuritaire et efficace grâce à DNSSEC pour valider les CGAs qui proviennent d’un domaine de confiance et qui permet une authentification forte plutôt que l’invariance de source. Le vérificateur de protocoles cryptographiques dans le modèle formel AVISPA a été utilisé pour montrer qu’aucune faille de sécurité n’est présente tout en limitant au maximum les messages échangés dans le réseau d’accès. ----------ABSTRACT Next generation networks aim at offering all available services through an IP-core network by converging fixed-mobile heterogeneous networks. As part of the mobile access network, one of the main objectives of the 4G network is to provide seamless roaming with wireless local area networks and accommodating quality of service (QoS) specifications for digital video broadcasting systems. Such innovation aims expanding video-based digital services while reducing costs by normalizing the network layer through an all-IP architecture such as Internet. However, centralizing all traffic makes the shared core network a vulnerable target for attackers. Design security solutions in such an environment where entities a priori do not know each other represent a daunting task. This thesis tackles four important security issues in next generation networks each in distinct papers. The first two deal with security in decentralized mobile ad hoc networks (MANETs) while the last two focus on securing solutions aiming at reducing bandwidth and energy consumption, in line with the green shift promoted by network operators. More precisely, the third paper is about protecting multicast flows in a packet-loss environment and the last one proposes a secure route optimization function in mobile IPv6 (MIPv6) using an enhanced version of cryptographically generated address (CGA) and domain name service security extensions (DNSSEC). Most intrusion detection systems (IDS) for MANETs are based on reputation system which classifies nodes according to their degree of trust. However, existing IDS all share the same major weakness: the failure to detect and react on colluding attacks. The first paper proposes an IDS that integrates the colluding risk factor into the computation of the path reliability which considers the number and the reputation of nodes that can compare both the source message and the retransmitted one. Also, the extended architecture effectively detects malicious and colluding nodes in order to isolate them and protect the network. The simulations launched in various MANETs containing various proportions of malicious and colluding nodes show that the proposed solution offers a considerable throughput gain compared to current solutions. By effectively selecting the most reliable route and by promptly detecting colluding attacks, the number of lost messages is decreased, and therefore, offering more efficient transmissions. Instead of thwarting selfishness in MANETs by threatening nodes to limit their network functions, the second paper opts for a non-punishment incentive by compensating nodes for their service through the use of virtual money, more commonly known as nuglets. The last paper presents a game-theoretic framework based on Bertrand competition to incite relaying nodes in forwarding messages according to QoS requirements. For a source to send or access QoS-sensitive flows, such as real-time applications, it starts by sending a contract specifying the QoS requirements, its duration and a reservation price. Upon receiving a contract submission, intermediary nodes forming a route between the source and the destination share their current and past collected information on themselves and on surrounding nodes to estimate the probability of breaching the contract and the number of active competitors. Both parameters are crucial in setting a price. Once the source gets the responses from various routes, it selects the most cheapest one. This multiplayer winner-takes-all framework based on Bertrand competition with firms having asymmetric costs and access imperfect information has a mixed-strategy equilibrium in which industry profits are positive and decline not only with the number of firms having an estimated cost below the reservation price but also with the perception of a greater accuracy on a player’s cost that competitors have. In fact,results show that cost uncertainty increases firms’ gross margin rate and the prices fluctuation while making the contract honoring much riskier. On another topic, with the growing interest in converging fixed and mobile networks, mobile applications will require more and more resources from both the network and the mobile device. In a social-motivated context of shifting into green technologies, using multicast transmissions is essential because it lowers bandwidth consumption by simultaneously reaching a group of multiple recipients. Securing multicast flows has been extensively studied in the past, but none of the existing solutions were meant to handle the constraints imposed by mobile scenarios, in particular the high packet-loss rate. The need for a low overhead selfhealing rekeying mechanism that is scalable, reliable and suitable for mobile environments has never been more urgent than with the arrival of fixed-mobile convergence in 4G networks. The second paper presents two self-healing recovery schemes based on the dual directional hash chains for the logical key hierarchy rekeying protocol. This enables a member that has missed up to m consecutive key updates to recover the missing decryption keys without asking the group controller key server for retransmission. Conducted simulations show considerable improvements in the ratio of decrypted messages and in the rekey message overhead in high packet loss environments. The concern of energy efficiency is also present for mobile access network operators. In fact, nearly half of all Internet subscribers come from mobile units at the moment and it is expected to be the largest pool of Internet users by the next decade. The most obvious choice for mobile operators to support more users would be to replace Mobile IP for IPv4 with MIPv6. However, the Route Optimization (RO) function, which replaces the inefficient triangle routing by allowing a bidirectional communication between a mobile node (MN) and the corresponding node (CN) without passing through its home agent (HA), is not secure and has a high overhead. The lack of pre-shared information between the MN and the CN makes security in RO a difficult challenge. MIPv6 adopts the return routability (RR) mechanism which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works attempted to solve the multiple security issues in RR but either their design are flawed, or rely on unrealistic assumptions. The third paper presents an enhanced cryptographically generated address (ECGA) for MIPv6 that integrates a built-in backward key chain and offers support to bind multiple logically-linked CGAs together. ECGA tackles the time-memory tradeoff attacks while being very efficient. It is part of the proposed secure MIPv6 (SMIPv6) with secure and efficient RO which uses DNSSEC to validate CGAs from trusted domains and provide strong authentication rather than sender invariance. The AVISPA on-the-fly model checker (OFMC) tool has been used to show that the proposed solution has no security flaws while still being lightweight in signalling messages in the radio network

Mobility Helps Peer-to-Peer Security

We propose a straightforward technique to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols are run. We illustrate the operation of the solution in two scenarios, both in the framework of mobile ad hoc networks. In the first scenario, we consider fully self-organized security: users authenticate each other by visual contact and by the activation of an appropriate secure side channel of their personal device; we show that the process can be fuelled by taking advantage of trusted acquaintances In the second scenario, we assume the presence of an off-line certification authority and we show how mobility helps to solve the security-routing interdependency cycle; in this case, the security protocol runs over one-hop radio links. We then show that the proposed solution is generic: it can be deployed on any mobile network and it can be implemented either with symmetric or with asymmetric cryptography. We provide a detailed performance analysis by studying the behavior of the solution on various mobility models