Reducing Packet Overhead in Mobile IPv6

Common Mobile IPv6 mechanisms, Bidirectional tunneling and Route optimization, show inefficient packet overhead when both nodes are mobile. Researchers have proposed methods to reduce packet overhead regarding to maintain compatible with standard mechanisms. In this paper, three mechanisms in Mobile IPv6 are discussed to show their efficiency and performance. Following discussion, a new mechanism called Improved Tunneling-based Route Optimization is proposed and due to performance analysis, it is shown that proposed mechanism has less overhead comparing to common mechanisms. Analytical results indicate that Improved Tunneling-based Route Optimization transmits more payloads due to send packets with less overhead

Securing route optimisation in NEMO

Third International Symposium on Modeling and Optimization in Mobile, Ad Hoc,and Wireless Networks. 4-6 April 2005. Riva del Garda, Trentino, ItalyThe network mobility (NEMO) basic support protocol enables mobile networks to change their point of attachment to the Internet, while preserving established sessions of the nodes within the mobile network. When only a nonnested mobile network is considered, the so-called triangle routing is the main problem that should be faced. In mobile IPv6, the route optimisation mechanism solves this problem, and the return routability mechanism aims to limit the security concerns originated because of the route optimisation. Nowadays return routability is considered a weak solution (i.e., based on strong assumptions). In this article we explore different approaches to route optimisation in NEMO and we devise how to adapt some of the terminal mobility solutions to a NEMO environment, where, as we propose, a delegation of signalling rights from the mobile network node to the mobile router is necessary.Publicad

Design and Experimental Evaluation of a Route Optimisation Solution for NEMO

An important requirement for Internet protocol (IP) networks to achieve the aim of ubiquitous connectivity is network mobility (NEMO). With NEMO support we can provide Internet access from mobile platforms, such as public transportation vehicles, to normal nodes that do not need to implement any special mobility protocol. The NEMO basic support protocol has been proposed in the IETF as a first solution to this problem, but this solution has severe performance limitations. This paper presents MIRON: Mobile IPv6 route optimization for NEMO, an approach to the problem of NEMO support that overcomes the limitations of the basic solution by combining two different modes of operation: a Proxy-MR and an address delegation with built-in routing mechanisms. This paper describes the design and rationale of the solution, with an experimental validation and performance evaluation based on an implementation.Publicad

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

A New Router Certification Authority Protocol For Securing Mobile Internet Protocol Version 6

Protokol Internet Bergerak versi 6 (IPv6 Bergerak) telah dicadangkan sebagai satu protokol piawai untuk memberikan mobility dalam Rangkaian Generasi Seterusnya. Mobile Internet Protocol version 6 (Mobile IPv6) has been proposed as a standard protocol to provide mobility in Next Generation Networks

Moving Target Defense for Securing SCADA Communications

In this paper, we introduce a framework for building a secure and private peer to peer communication used in supervisory control and data acquisition networks with a novel Mobile IPv6-based moving target defense strategy. Our approach aids in combating remote cyber-attacks against peer hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed at a certain interval creating a moving target to make it difficult for an attacker to find the host. At the same time, the peer host is updated through the use of the binding update procedure (standard Mobile IPv6 protocol). Compared with existing results that can incur significant packet-loss during address rotations, the proposed solution is loss-less. Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper. Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts. Recovering the communication after rebooting a host is also a new contribution of this paper. Lab-based simulation results are presented to demonstrate the performance of the method in action, including its overheads. The testbed experiments show zero packet-loss rate during handoff delay

Security Enhancement of Route Optimization in Mobile IPv6 Networks

Mobile IPv6 is an IP-layer protocol that is designed to provide mobility support.It allows an IPv6 node to arbitrarily change its location in the IPv6 network while maintaining the existing connection by handling the change of addresses at the Internet layer. Route optimization is standard in Mobile IPv6 to eliminate inefficient triangle routing. Several methods were proposed to secure route optimization. Return routability was adopted by Internet Engineering Task Force (IETF) with its security protocol based on RFC 3775. Return routability is an infrastructureless, lightweight procedure that enables a Mobile IPv6 node to request another IPv6 node to check and test the ownership of its permanent address in both home network and current visited network. It authorizes a binding procedure by the use of cryptographically token exchange. However, return routability protocol in route optimization is to protect messages and is not able to detect or prevent an attacker which tampers against data. In this thesis, focus is given on Mobile IPv6 route optimization test-bed with enhanced security in terms of data integrity. The proposed method can be performed on top of the return routability procedure to detect and prevent Man-In-The-Middle attack by using encryption if any attack is detected. This also eliminates the additional delay compared to using encryption from the beginning of a connection. A real-time experimental test-bed has been set up, which is comprised of hardware, software and network analysis tools to monitor the packet flow and content of data packets. The test-bed consists of four computers acting as Mobile Node, Home Agent, Correspondent Node, and Router, respectively. To ensure the accuracy and integrity of the collected data, the Network Time Protocol (NTP) was used between the packet generator (Mobile Node) and packet receiver (Correspondent Node) to synchronize the time. The results show that the proposed method is able to work efficiently, maintaining 99% data security of route optimization in Mobile IPv6 (MIPv6) networks. The overall data integrity (by means of security) is improved 72% compared to existing MIPv6 by at a cost of 0.1 sec added overall delay, which is within the tolerable range by the network

Crypton: CRYptographic Prefixes for Route Optimization in NEMO

Proceedings of: 2010 IEEE International Conference on Communications (ICC 2010), 23-27 May, 2010, Cape Town, South AfricaThe aviation community is in the process of designing the next generation Aeronautical Telecommunications Network (ATN), based on Internet standards, to provide airground communications for the aircraft. Support for mobile networks in the current Internet architecture is provided by the NEtwork Mobility (NEMO) protocol. As currently defined, NEMO Basic Support protocol lacks of Route Optimization support which is an essential requirement for its adoption as part of the next generation ATN. This paper presents a novel security tool, the Crypto Prefixes, and their application to the Route Optimization in Nemo (CRYPTRON). The Crypto Prefixes are IPv6 prefixes with embedded cryptographic information that enable the Mobile Network Prefix proof-of ownership without any centralized trust infrastructure. In CRYPTRON, the Crypto Prefixes are used to protect the establishment of the bindings on the Correspondent Nodes for the whole Mobile Network PrefixEuropean Community's Seventh Framework ProgramPublicad

Issues of Security in Routing Optimization at Mobile IPv6

Mobile Internet Protocol version 6 (MIPv6) adds the mobility function toIPv6. An IPv6 host that supports the Mobile IPv6 function can move around theIPv6 Internet. A connection between two nodes is maintained by the pairing of thesource address and the destination address. The IPv6 node address is assigned basedon the prefix of home network. The assigned address on a given network becomes invalid when the host leaves that network and attaches itself to another network.The reason for this problem came from the nature of IP addresses when a node visits a foreign network: it is still reachable through the indirect packet forwarding from its home network. This triangular routing feature supports node mobility but increases the communication latency between nodes.So it can be supposed to be overcome by using a Binding Update (BU)scheme, which let nodes to update IP addresses and communicate with each other through direct IP routing. To protect the security of Binding Update, a Return Routability (RR) procedure is developed which results vulnerable to many attacks.In Route Optimization, the mobile node sends the binding message to its peer node,the message contains the new address of the mobile node, called as Care ofAddress, which confirms that the mobile node is infect moved to the new location from its Home Network. After receiving the binding message, the peer node sendsall packets which are destined to the Mobile's Home Address to the Care ofAddress.There are many security risks involved, when a malicious node might be able tocreate a connection with the mobile node by sending the false binding messages.By doing so malicious node can divert the traffic, can launch the DOS Attacks andcan also resend the authenticated messages, etc. So considering these securityissues, we will discuss for a secure protocol which prevents the attacker to establish false connections and assures the secrecy and integrity of the mobile node and its peers