Routing optimization security in mobile IPv6

  • Authors:
  • Kui Ren;Wenjing Lou;Kai Zeng;Feng Bao;Jianying Zhou;Robert H. Deng

  • Affiliations:
  • Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA;Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA;Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA;Institute for Infocomm Research, Singapore;Institute for Infocomm Research, Singapore;School of Information Systems, Singapore Management University, Singapore

  • Venue:
  • Computer Networks: The International Journal of Computer and Telecommunications Networking
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Route Optimization (RO) in Mobile IPv6 (MIPv6) provides a mobile node (MN) the opportunity to eliminate the inefficient triangle routing with its corresponding node (CN) and therefore, greatly improves the network performance. However. in doing so. MIPv6 introduces several security vulnerabilities, and among them a major concern is the authentication and authorization of Binding Updates (BUs) during the RO process. Unauthenticated or malicious BUs open the door for many types of attacks. As every IPv6 node is expected to support MIPv6. mechanisms to secure BU will have a significant impact on the next generation Internet. In this paper, based on an in-depth analysis of the security weaknesses existing in previously proposed protocols, a light-weight BU protocol with high security strength is proposed, which makes use of public key certificate-based strong authentication technique. Another important contribution of the paper is the introduction of a novel and scalable 3-layer trust management framework, which takes advantage of IPv6 address format and home link's jurisdiction over the addresses it assigns, and thereby solves the difficult certificate issuing and management problem presented in the previous public key certificate-based solutions via trust delegation. The proposed protocol is highly efficient in term of both computation and communication costs on both MN and CN sides. An extended protocol is also proposed to explicitly support Hierarchical MIPv6 (HMIPv6).