Preserving TCP Connections Across Host Address Changes
The predominance of short-lived connections in today’s Internet has created the perception that it is perfectly acceptable to change a host’s IP address with little regard about established connections. Indeed, the increased mobility offered by laptops with wireless network interfaces, and the aggressive use of short DHCP leases are leading the way towards an environment where IP addresses are transient and last for short time periods. However, there is still a place for long-lived connections (typically lasting hours or even days) for remote login sessions, over the network backups, etc. There is, therefore, a real need for a system that allows such connections to survive changes in the IP addresses of the hosts at either end of the connection.
In this paper we present a kernel-based mechanism that recognizes address changes and recovers from them. Furthermore, we discuss the security implications of such a scheme, and show that our system provides an effective defense against both eavesdropping and man-in-the-middle attacks.
KeywordsOverlay Network Forwarding Node Device Driver Internet Engineer Task Address Change
Unable to display preview. Download preview PDF.
- 1.The OpenBSD Operating System, http://www.openbsd.org/
- 2.Aghdaie, N., Tamir, Y.: Client-Transparent Fault-Tolerant Web Service. In: Proceedings of the 20th IEEE International Performance, Computing, and Communications Conference (April 2001)Google Scholar
- 4.Bhagwat, P., Perkins, C.: A Mobile Networking System based on Internet Protocol (IP). In: Proceedings of USENIX Symposium on Mobile and Location Independent Computing, pp. 69–82 (August 1993)Google Scholar
- 5.Campbell, A.T., Gomez, J., Kim, S., Turanyi, Z., Wan, C.Y.: Comparison of IP Micromobility Protocols. In: IEEE Wireless Communications (February 2002), pp. 72–82 (2002)Google Scholar
- 6.Campbell, A.T., Gomez, J., Kim, S., Turanyi, Z., Wan, C.Y., Valko, A.G.: Design, Implementation and Evaluation of Cellular IP. In: IEEE Personal Communications, Special Issue on IP-based Mobile Telecommunications Networks (June/July 2000)Google Scholar
- 7.Dobbertin, H.: The Status of MD5 After a Recent Attack. RSA Labs’ CryptoBytes 2(2) (summer, 1996)Google Scholar
- 8.Funato, D., Yasuda, K., Tokuda, H.: TCP-R: TCP mobility support for continuous operation. In: IEEE International Conference on Network Protocols (October 1997), pp. 229–236 (1997)Google Scholar
- 9.Heffernan, A.: RFC 2385: Protection of BGP Sessions via the TCP MD5 Signature Option. Request for Comments, Internet Engineering Task Force (August 1998)Google Scholar
- 10.Ioannidis, J., Duchamp, D., Maguire Jr., G.Q.: IP-Based Protocols for Mobile Internetworking. In: Proceedings of SIGCOMM, September 1991, pp. 235–245. ACM, New York (1991)Google Scholar
- 11.Ioannidis, J.: Protocols for Mobile Internetworking. PhD thesis, Columbia University in the City of New York (1993)Google Scholar
- 12.Jonhson, D., Perkins, C.: Mobility Support in IPv6. Internet Draft, Internet Engineering Task Force, Work in progress (July 2001)Google Scholar
- 13.Perkins, C.: RFC 2002: IP Mobility Support. Request for Comments, Internet Engineering Task Force (October 1996)Google Scholar
- 14.Prevelakis, V., Keromytis, A.: Designing an Embedded Firewall/VPN Gateway. In: Proceedings of the International Network Conference (2002)Google Scholar
- 15.Prevelakis, V., Keromytis, A.: Drop-in Security for Distributed and Portable Computing Elements. Journal of Internet Research 13(2) (2003)Google Scholar
- 16.Stuckman, P.: The GSM Evolution. Wiley, Chichester (2003)Google Scholar
- 17.Su, G.: MOVE: Mobility with Persistent Network Connections. PhD thesis, Columbia University, New York (2004)Google Scholar
- 18.Zhang, R., Abdelzaher, T.F., Stankovic, J.A.: Efficient TCP Connection Failover in Web Server Clusters. In: Proceedings of IEEE InfoCom (March 2004)Google Scholar
- 19.Zhuang, S., Lai, K., Stoica, I., Katz, R., Shenker, S.: Host Mobility using an Internet Indirection Infrastructure. In: First International Conference on Mobile Systems, Applications, and Services (ACM/USENIX Mobisys) (May 2003)Google Scholar