On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Design and Experimental Evaluation of a Route Optimisation Solution for NEMO

An important requirement for Internet protocol (IP) networks to achieve the aim of ubiquitous connectivity is network mobility (NEMO). With NEMO support we can provide Internet access from mobile platforms, such as public transportation vehicles, to normal nodes that do not need to implement any special mobility protocol. The NEMO basic support protocol has been proposed in the IETF as a first solution to this problem, but this solution has severe performance limitations. This paper presents MIRON: Mobile IPv6 route optimization for NEMO, an approach to the problem of NEMO support that overcomes the limitations of the basic solution by combining two different modes of operation: a Proxy-MR and an address delegation with built-in routing mechanisms. This paper describes the design and rationale of the solution, with an experimental validation and performance evaluation based on an implementation.Publicad

Advancing the Standards for Unmanned Air System Communications, Navigation and Surveillance

Under NASA program NNA16BD84C, new architectures were identified and developed for supporting reliable and secure Communications, Navigation and Surveillance (CNS) needs for Unmanned Air Systems (UAS) operating in both controlled and uncontrolled airspace. An analysis of architectures for the two categories of airspace and an implementation technology readiness analysis were performed. These studies produced NASA reports that have been made available in the public domain and have been briefed in previous conferences. We now consider how the products of the study are influencing emerging directions in the aviation standards communities. The International Civil Aviation Organization (ICAO) Communications Panel (CP), Working Group I (WG-I) is currently developing a communications network architecture known as the Aeronautical Telecommunications Network with Internet Protocol Services (ATN/IPS). The target use case for this service is secure and reliable Air Traffic Management (ATM) for manned aircraft operating in controlled airspace. However, the work is more and more also considering the emerging class of airspace users known as Remotely Piloted Aircraft Systems (RPAS), which refers to certain UAS classes. In addition, two Special Committees (SCs) in the Radio Technical Commission for Aeronautics (RTCA) are developing Minimum Aviation System Performance Standards (MASPS) and Minimum Operational Performance Standards (MOPS) for UAS. RTCA SC-223 is investigating an Internet Protocol Suite (IPS) and AeroMACS aviation data link for interoperable (INTEROP) UAS communications. Meanwhile, RTCA SC-228 is working to develop Detect And Avoid (DAA) equipment and a Command and Control (C2) Data Link MOPS establishing LBand and C-Band solutions. These RTCA Special Committees along with ICAO CP WG/I are therefore overlapping in terms of the Communication, Navigation and Surveillance (CNS) alternatives they are seeking to provide for an integrated manned- and unmanned air traffic management service as well as remote pilot command and control. This paper presents UAS CNS architecture concepts developed under the NASA program that apply to all three of the aforementioned committees. It discusses the similarities and differences in the problem spaces under consideration in each committee, and considers the application of a common set of CNS alternatives that can be widely applied. As the works of these committees progress, it is clear that the overlap will need to be addressed to ensure a consistent and safe framework for worldwide aviation. In this study, we discuss similarities and differences in the various operational models and show how the CNS architectures developed under the NASA program apply

A New Router Certification Authority Protocol For Securing Mobile Internet Protocol Version 6

Protokol Internet Bergerak versi 6 (IPv6 Bergerak) telah dicadangkan sebagai satu protokol piawai untuk memberikan mobility dalam Rangkaian Generasi Seterusnya. Mobile Internet Protocol version 6 (Mobile IPv6) has been proposed as a standard protocol to provide mobility in Next Generation Networks

Multicast Mobility in Mobile IP Version 6 (MIPv6) : Problem Statement and Brief Survey

Publisher PD

Security Enhancement of Route Optimization in Mobile IPv6 Networks

Mobile IPv6 is an IP-layer protocol that is designed to provide mobility support.It allows an IPv6 node to arbitrarily change its location in the IPv6 network while maintaining the existing connection by handling the change of addresses at the Internet layer. Route optimization is standard in Mobile IPv6 to eliminate inefficient triangle routing. Several methods were proposed to secure route optimization. Return routability was adopted by Internet Engineering Task Force (IETF) with its security protocol based on RFC 3775. Return routability is an infrastructureless, lightweight procedure that enables a Mobile IPv6 node to request another IPv6 node to check and test the ownership of its permanent address in both home network and current visited network. It authorizes a binding procedure by the use of cryptographically token exchange. However, return routability protocol in route optimization is to protect messages and is not able to detect or prevent an attacker which tampers against data. In this thesis, focus is given on Mobile IPv6 route optimization test-bed with enhanced security in terms of data integrity. The proposed method can be performed on top of the return routability procedure to detect and prevent Man-In-The-Middle attack by using encryption if any attack is detected. This also eliminates the additional delay compared to using encryption from the beginning of a connection. A real-time experimental test-bed has been set up, which is comprised of hardware, software and network analysis tools to monitor the packet flow and content of data packets. The test-bed consists of four computers acting as Mobile Node, Home Agent, Correspondent Node, and Router, respectively. To ensure the accuracy and integrity of the collected data, the Network Time Protocol (NTP) was used between the packet generator (Mobile Node) and packet receiver (Correspondent Node) to synchronize the time. The results show that the proposed method is able to work efficiently, maintaining 99% data security of route optimization in Mobile IPv6 (MIPv6) networks. The overall data integrity (by means of security) is improved 72% compared to existing MIPv6 by at a cost of 0.1 sec added overall delay, which is within the tolerable range by the network