On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

Internet Protocol version 6 and the future of home networking

Home networking will be more of a necessity in the future than it is today. The homes of the future will make our lives easier in many ways. As microprocessors become less expensive and require less power they will be implanted into many of the common household items used everyday. Appliances and components will evolve into smart devices that communicate with each other. Connecting these devices will become more important as devices incorporate new technologies. It will be necessary to build a network that can handle the needs of this type of computing environment. The home networks of the future will require many of the same features that can be found in today\u27s corporate networks. However, there will be four issues that will determine the level of success of implementing home networks. The first issue is the increase in volume of the devices accessing and utilizing the Internet. Security will be a high priority for homeowners, since the data that accumulates and circulates in and out of the home is sensitive and personal. The third critical issue is ease of use, because the average homeowner does not have the skills necessary to configure and maintain networks. The last issue that will be important in the home is the increased need for bandwidth and the ability to accommodate all types of data traffic. There is no doubt that the Internet Protocol will be important in future home networks. Some proponents of IP say IP over everything The trend has been finding new ways of making IP the answer to all types of voice and data communications. Initially the Internet Protocol was designed for a specific application. Over time, IPv4 has been able to successfully adapt to the changing needs and demands of the Internet. At one point in the early 90\u27s, it was feared that IPv4 would not be able to meet the future needs. As a result, The Internet Engineering Task Force (IETF) developed a next generation Internet Protocol, referred to as Internet Protocol version 6. In the meantime, new fixes to old IPv4 problems have been temporarily halted. The implementation of IPv6 has been extremely slow since the imminent danger of declining address space has been temporarily addressed. IP version 6 has many new features built into the protocol that will streamline and enhance many aspects of the network, but these features alone may not be enough to cause the displacement of the massive infrastructure of IPv4. Will IPv6 be better at handling the demands of the home networks of the future, or will the additions and updates for IPv4 be sufficient? What are some of the resolutions that are being developed or are already implemented for the key issues in home networks- the increasing number of devices, security, ease of use and data flow

Improved Handover Routing Scheme In Hierarchical Mobile Ipv6 Networks

Mobile Internet Protocol version 6 (MIPv6) has been proposed to solve the problem of mobility in the new era of Internet. MIPv6 is a proposal for handling routing of IPv6 packets to mobile nodes that have moved away from their home network. In the near future, with the simultaneous growth of the mobile user population and the Internet, users will move more frequently between networks as they stay connected to the Internet and access its resources. Thus, as mobility increases across networks, handovers will significantly give impact on the quality of the connection and on user application . Previous research has shown that MIPv6 only defines a means of managing global mobility (macro-mobility) but does not address local mobility (micro-mobility) separately. Instead, it uses the same mechanism in both cases. This involves long handover delay and a lot of signaling. The extension of protocol of basic MIPv6 has been investigated. Internet Engineering Task Force (IETF) introduced Hierarchical Mobile IPv6 (HMIPv6) . HMIPv6 is the proposed enhancement of MIPv6 that is designed to reduce the amount of signaling required and to improve handover speed for mobile connections. New node in HMIPv6 called the mobility anchor point (MAP) serves as a local entity to aid in mobile handover. By separating global and local mobility, HMIPv6 makes it possible to deal with either situation of macro mobility and micro mobility appropriately. The MAP helps to decrease the delay and packet loss during handover. HMIPv6's handover operation has been investigated. We have analyzed the handover routing scheme on Internet Protocol (IP) layer. The operation of this handover starts from the mobile node (MN) sends binding update (BU) to its new network until MN receives packet from the correspondent node (CN) or home agent (HA) through its new network. The adoption of multicast scheme and the avoidance of redundancy in sending binding update scheme have been proposed and have been implemented to HMIPv6. Proposed multicast scheme may allow MN to receive packets during handover operation. The avoidance of redundancy in sending B U scheme may reduce the amount of signaling for the handover thus reduce the handover delay. We have tested the performance of HMIPv6 with the proposed schemes based on simulation study. The results show that our proposed schemes reduce the handover delay and the amount of packet loss in HMIPv6

Rethinking Privacy Online and Human Rights:The Internet’s Standardisation Bodies as the Guardians of Privacy Online in the Face of Mass Surveillance

There is a growing literature revolving around the role of non-state actors in the international law-making process. The starting point of this article is that, although informal international law-making may not be legally binding, it would be unwise to dismiss it as legally irrelevant. Informal law-making can be relevant with respect to conceptualising and applying existing law as well as guiding future regulation. The present discussion is placed in the context of cyberspace and, more specifically, the Internet standardisation bodies’ informal law-making functions when creating Internet protocols (by setting Internet standards). The article addresses the legitimacy and the ongoing work of the Internet Advisory Board and Internet Engineering Task Force in setting Internet standards with the aim to protect Internet users from mass surveillance and serious threats to privacy online. The article makes two main arguments. First, the effective protection of online privacy cannot be understood only in terms of compliance with legal frameworks but that – in practice - it also needs to be secured through technological means. Second, in the area of online privacy informal law-making and international law converge in a distinctive way. Internet standards should not necessarily be seen as “living a parallel life” to law or as displacing or merely complementing the law. Technical standards and international law can actively inform one another and converge in their application. The analysis explores the implications of the Internet’s technical features to policy-making and legal reasoning by discussing state and judicial practice. The article demonstrates how the technical perspective on privacy informs and enriches the manner in which the legal advisor argues about privacy, the legislator articulates the interests at stake and the judge and practitioner interpret and apply international human rights law. <br/

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Efficient security for IPv6 multihoming

In this note, we propose a security mechanism for protecting IPv6 networks from possible abuses caused by the malicious usage of a multihoming protocol. In the presented approach, each multihomed node is assigned multiple prefixes from its upstream providers, and it creates the interface identifier part of its addresses by incorporating a cryptographic one-way hash of the available prefix set. The result is that the addresses of each multihomed node form an unalterable set of intrinsically bound IPv6 addresses. This allows any node that is communicating with the multihomed node to securely verify that all the alternative addresses proposed through the multihoming protocol are associated to the address used for establishing the communication. The verification process is extremely efficient because it only involves hash operationsPublicad

Realization of Semantic Atom Blog

Web blog is used as a collaborative platform to publish and share information. The information accumulated in the blog intrinsically contains the knowledge. The knowledge shared by the community of people has intangible value proposition. The blog is viewed as a multimedia information resource available on the Internet. In a blog, information in the form of text, image, audio and video builds up exponentially. The multimedia information contained in an Atom blog does not have the capability, which is required by the software processes so that Atom blog content can be accessed, processed and reused over the Internet. This shortcoming is addressed by exploring OWL knowledge modeling, semantic annotation and semantic categorization techniques in an Atom blog sphere. By adopting these techniques, futuristic Atom blogs can be created and deployed over the Internet

Internet security for mobile computing

Mobile devices are now the most dominant computer platform. Every time a mobile web application accesses the internet, the end user’s data is susceptible to malicious attacks. For instance, when paying a bill at a store with NFC mobile payment, navigating through a city operating GPS on a smartphone, or dictating the temperature at a household with a home automation device. These activities seem routine, yet, when vulnerabilities are present they can leave holes for hackers to access bank accounts, pinpoint a user’s recent location, or tell when someone is not at home. The awareness of the end user cannot be trusted. Device vendors and developers must provide safeguards. An ongoing issue is that the present security standards are outdated and were never envisioned with mobile devices in mind. It can be suggested that security is only idling the progress of mobile computing. Still, many application developers and IT professionals do not adopt security standards fast enough to keep up-to-date with known vulnerabilities. The main goals of the next generation of security standards, TLS, will provide developers with greater security efficiency and improved mobile throughput. These proposed capabilities of the TLS protocol will streamline mobile computing into the forefront of security practices. The analysis of this report demonstrates concepts on the direction mobile security, usability, and performance from a development standpoint.Electrical and Computer Engineerin