Advertisement

Access Path Based Source Address Validation in Mobile IPv6

  • Min Zhu
  • Ke Xu
  • Qi Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6985)

Abstract

Mobile IPv6 runs high risk of being attacked by IP spoofing due to the introduction of mobility and route optimization. In this paper, an authentic IP address validation scheme is proposed to protect mobile nodes in Mobile IPv6 against IP spoofing attack. The mobile nodes’ historical traffic information is leveraged to validate the authenticity of its claimed home address in the scheme. Compared with other authentication schemes, this scheme is much simpler to implement and easier to deploy based on the usage of real data, and does not require additional computational overhead. It also solves the address ownership problem and the unauthenticated binding update issue in Mobile IPv6. Real traces are used to demonstrate the applicability of the scheme in this paper. The experimental results show that only three consecutive historical packet records are required to construct a unique authentication key, which can identify forged home address efficiently.

Keywords

Mobile Node Home Agent Route Optimization Home Address Correspondent Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Andersen, D., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable internet protocol(aip). In: Proceedings of ACM SIGCOMM (2008)Google Scholar
  2. 2.
    Arkko, J., Devarapalli, V., Dupont, F.: Using ipsec to protect mobile ipv6 signaling between mobile nodes and home agents. RFC 3776 (June 2004)Google Scholar
  3. 3.
    Aura, T.: Cryptographically generated addresses(cga). RFC 3972 (March 2005)Google Scholar
  4. 4.
    Bos, J.W., Özen, O., Hubaux, J.: Analysis and optimization of cryptographically generated addresses(cga). In: Proceedings of ISC (2009)Google Scholar
  5. 5.
    Elgoarany, K., Eltoweissy, M.: Security in mobile ipv6: a survey. Information Security Technical Report 12(1), 32–43 (2007)Google Scholar
  6. 6.
    Hu, Y., Chiu, D.-M., Lui, J.C.S.: Entropy based adaptive flow aggregation. IEEE/ACM Transactions on Networking(TON) 17(3), 115–139 (2009)Google Scholar
  7. 7.
    Johnson, D.B., Perkins, C., Arkko, J.: Mobility support in ipv6. RFC 3775 (June 2004)Google Scholar
  8. 8.
    Kivi, A.: Mobile data adoption in finland 2005-2006. In: Proceedings of the 6th Conference on Telecommunication Techno-Economics(CTTE), Helsinki, Finland (June 2007)Google Scholar
  9. 9.
    Li, J., Zhang, P., Sampalli, S.: Improved security mechanism for mobile ipv6. International Journal of Network Security 6(3), 291–300 (2008)Google Scholar
  10. 10.
    Mankin, A., Patil, B., Harkins, D., Nordmark, E., Nikander, P., Roberts, P., Narten, T.: Threat models introduced by mobile ipv6 and requirements for security in mobile ipv6. IETF draft-ietf-mipv6-scrty-reqts-02.txt (2001)Google Scholar
  11. 11.
    Moskowitz, R., Nikander, P.: Host identity protocol (hip) architecture. RFC 4423 (May 2006)Google Scholar
  12. 12.
    Nikander, P., Aura, T., Arkko, J., Montenegro, G.: Mobile ip version 6 (mipv6) route optimization security design. In: Proceedings of the IEEE Vehicular Technology Conference Fall 2003 (2003)Google Scholar
  13. 13.
    Ren, K., Lou, W., Zeng, K., Bao, F., Zhou, J., Deng, R.H.: Routing optimization security in mobile ipv6. Computer Networks: The International Journal of Computer and Telecommunications Networking 50(13), 2401–2419 (2006)zbMATHGoogle Scholar
  14. 14.
    Riikonen, A.: Mobile internet usage - network traffic measurements. Master’s Thesis. Department of Communications and Networking, Helsinki University of Technology, Espoo (September 2009)Google Scholar
  15. 15.
    Song, S., Choi, H.-K., Kim, J.-Y.: A secure and light weight approach for routing optimization in mobile ipv6. EURASIP Journal on Wireless Communications and Networking (2009)Google Scholar
  16. 16.
    Wu, J., Bi, J., Li, X., Ren, G., Xu, K., Williams, M.: A source address validation architecture (sava) testbed and deployment experience. RFC 5210 (June 2008)Google Scholar
  17. 17.
    Wu, J., Ren, G., Li, X.: Source address validation: Architecture and protocol design. In: Proceedings of ICNP (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Min Zhu
    • 1
    • 2
  • Ke Xu
    • 1
    • 2
  • Qi Li
    • 1
    • 2
  1. 1.Tsinghua National Laboratory for Information Science and TechnologyTsinghua UniversityBeijingChina
  2. 2.Department of Computer Science and TechnologyTsinghua UniversityBeijingChina

Personalised recommendations