| With the wide spread use of mobile devices and increasing requirement of mobile computing, various mobility technology has emergered and been applied. As a crucial technology which implements mobility on network layer, Mobile IPv6 permits mobile node seamless to roam across different administrative domains, while keeping transparent to users. However, mobility itself has introduced many new threats. For mobile node and its home agent has prior security association, security could be gauranteed at some level. Whereas no reasonable security could be achieved between mobile node and its correspondent node with the help of IPsec and solutions which rely on the third party such as PKI and involves public key operation couldn't satisfy the needs of mobile devices with limited performance. So more scalable method is essential. The key issue of mobile IPv6 security is as follows:false binding of home address and care-of address poses a potential for session hijacking and denial of service attacks. We have to implement the authentication of correspondent node binding update to solve the basic problem. It has drawn plenty of concern since early in the 1990s. Many protolcols have been proposed to secure above mentioned operation but couldn't be deployed widely due to respective weakness.This paper presents two protocols for authenticating binding update messages between a mobile node and a correspondent node in cases that no pre-established security relationship exits between these two entities. One protocol for authenticating Mobile IPv6 correspondent node binding update is Trust Chain Based Binding Update Authentication Protocol. The protocol imposes minimal computational requirements on mobile nodes, uses as few messages as possible, and may be adapted to resist denial of service attacks.The protocol has two parts, an initialization phase and an update phase. The author has formally verified the correctness of the protocol using the finite-state analysis tool Murphi.Another one is IPv6 address-based Multisignature Protocol. The basic idea is to use the home address of a mobile node as its public key and the care-of address as the public key of a visited router in foreign domain. The binding message is valid if and only if both the mobile node and visited router sign it. The correspondent node uses the IP addresses in the binding message to verify the multisignature. The proposed scheme provides security protection to both home and care-of addresses, and is efficient in... |
PDF Full Text Request