Routing optimization security in mobile IPv6
Route Optimization (RO) in Mobile IPv6 (MIPv6) provides a mobile node (MN) the opportunity to eliminate the inefficient triangle routing with its corresponding node (CN) and therefore, greatly improves the network performance. However. in doing so. MIPv6 introduces several security vulnerabilities,...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2006
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1191 http://dx.doi.org/10.1016/j.comnet.2005.09.019 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Route Optimization (RO) in Mobile IPv6 (MIPv6) provides a mobile node (MN) the opportunity to eliminate the inefficient triangle routing with its corresponding node (CN) and therefore, greatly improves the network performance. However. in doing so. MIPv6 introduces several security vulnerabilities, and among them a major concern is the authentication and authorization of Binding Updates (BUs) during the RO process. Unauthenticated or malicious BUs open the door for many types of attacks. As every IPv6 node is expected to support MIPv6. mechanisms to secure BU will have a significant impact on the next generation Internet. In this paper, based on an in-depth analysis of the security weaknesses existing in previously proposed protocols, a light-weight BU protocol with high security strength is proposed, which makes use of public key certificate-based strong authentication technique. Another important contribution of the paper is the introduction of a novel and scalable 3-layer trust management framework, which takes advantage of IPv6 address format and home link's jurisdiction over the addresses it assigns, and thereby solves the difficult certificate issuing and management problem presented in the previous public key certificate-based solutions via trust delegation. The proposed protocol is highly efficient in term of both computation and communication costs on both MN and CN sides. An extended protocol is also proposed to explicitly support Hierarchical MIPv6 (HMIPv6). |
|---|