Preserving Established Communications in IPv6 Multi-homed Sites with MEX

This research was supported by the SAM (Advanced Mobility Services) project, funded by the Spanish National R&D Programme under contract MCYT TIC2002-04531-C04-03.A proper support for multimedia communications transport has to provide fault tolerance capabilities such as the preservation of established connections in case of failures. While multi-homing addresses this issue, the currently available solution based in massive BGP route injection presents serious scalability limitations, since it contributes to the exponential growth of the BGP table size. Alternative solutions proposed for IPv6 fail to provide equivalent facilities to the current BGP based solution. In this paper we present MEX (Muti-homing through EXtension header) a novel proposal for the provision of IPv6 multi-homing capabilities. MEX preserves overall scalability by storing alternative route information in end-hosts while at the same time reduces packet loss by allowing routers to re-route in-course packets. This behavior is enabled by conveying alternative route information within packets inside a newly defined Extension Header. The resulting system provides fault tolerance capabilities and preserves scalability, while the incurred costs, namely deployment and packet overhead, are only imposed to those that benefit from it. An implementation of the MEX host and router components is also presented.Publicad

A DHCP-based IP address autoconfiguration for MANETs

Mobile Ad hoc Networks (MANETs) are expected to become more and more important in the upcoming years, playing a significant role in 4G networks. In order to enable the deployment of IP services in such networks, IP address autoconfiguration mechanisms are required. Although the ad hoc topic has been a very intense research area, with a plethora of published papers about routing, there is a lack of proposals of address autoconfiguration with enough support from the technical community. This paper presents a mechanism suited for MANETs connected to the Internet, reusing existing and widely deployed address autoconfiguration protocols, such as DHCPv6 and Router Advertisements

Securing Internet of Things with Lightweight IPsec

Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. In some cases it may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between an IP enabled sensor nodes and a device on traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms

Solutions for IPv6-based mobility in the EU project MobyDick

Proceedings of the WTC 2002, 18th World Telecommunications Congress, Paris, France, 22 -27 September, 2002.Mobile Internet technology is moving towards a packet-based or, more precisely, IPv6-based network. Current solutions on Mobile IPv6 and other related QoS and AAA matters do not offer the security and quality users have come to take for granted. The EU IST project Moby Dick has taken on the challenge of providing a solution that integrates QoS, mobility and AAA in a heterogeneous access environment. This paper focuses on the mobility part of the project, describes and justifies the handover approach taken, shows how QoS-aware and secure handover is achieved, and introduces the project's paging concept. It shows that a transition to a fully integrated IP-RAN and IP-Backbone has become a distinct option for the future.Publicad

Wireless internet architecture and testbed for wineglass

One of the most challenging issues in the area of mobile communication is the deployment of IPbased wireless multimedia networks in public and business environments. The public branch may involve public mobile networks, like UMTS as 3G system, while the business branch introduces local radio access networks by means of W-LANs. Conventional mobile networks realise mobile specific functionality, e.g. mobility management or authentication and accounting, by implementing appropriate mechanisms in specific switching nodes (e.g. SGSN in GPRS). In order to exploit the full potential of IP networking solutions a replacement of these mechanisms by IP-based solutions might be appropriate. In addition current and innovative future services in mobile environments require at least soft-guaranteed, differentiated QoS. Therefore the WINE GLASS project investigates and implements enhanced IP-based techniques supporting mobility and QoS in a wireless Internet architecture. As a means to verify the applicability of the implemented solutions, location-aware services deploying both IP-mobility and QoS mechanisms will be implemented and demonstratedPeer ReviewedPostprint (published version

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Fault Tolerant Scalable Support for Network Portability and Traffic Engineering

The P-SHIM6 architecture provides ISP independence to IPv6 sites without compromising scalability. This architecture is based on a middle-box, the P-SHIM6, which manages the SHIM6 protocol exchange on behalf of the nodes of a site, which are configured with provider independent addresses. Incoming and outgoing packets are processed by the P-SHIM6 box, which can assign different locators to a given communication, either when it is started, or dynamically after the communication has been established. As a consequence, changes required for provider portability are minimized, and fine-grained Traffic Engineering can be enforced at the P-SHIM6 box, in addition to the fault tolerance support provided by SHIM6.This project has been supported by the RiNG project IST-2005-035167 and by the IMPROVISA project TSI2005-07384-C03-02.Publicad