Secure Authentication Mechanism in Mobile Internet Protocol Version 6 [at] Krizzna™

Posted on January 28, 2011 by krizzna

Secure Authentication Mechanism in Mobile Internet Protocol Version 6

Mojtaba Sadeghi, Hamid Reza Naji, Tawfik Zeki

Department of Computer Engineering

Islamic Azad University

Dubai ,UAE

June 2009

Abstract

This paper presents a secure authentication method for Mobile IPv6. As a default IPsec is used for secure signaling messages between the Mobile Node and other agents in Mobile IPv6 networks. Mobile IPv6 message transactions include the Binding Updates and Acknowledgement messages as well. We propose a new mechanism for securing Mobile IPv6 signaling between Mobile Node and other agents. The proposed method consists a Mobile IPv6 message authentication option and cookie management that can be added to the current protocols for securing IPV6. Also we investigate an architecture to integrate the mobility authentication signaling. This architecture is implemented and evaluated. In Mobile IPV4 protocol and also some authentication protocols of Mobile IPV6, there are some difficulties for satisfying timing requirements. We show the latency can be decrease between the Mobile IPV6 node, Home Agent and Correspondent Node with creating a cookie file keeping the mobile node identification.

1.Introduction

The security of a mechanism and protocol depends on the reliability and infrastructure of the Internet routing. The protocol will work between mobile nodes and any other Internet node that have no previous connection or relation with, and also we assume there is not any specific global security infrastructure. When Mobile IPV6 was developed, the built-in technology made it possible for users to change their points of attachment to the Internet while they still using the same IP connections established before. But, authentication and authorization, which are too important functions in wireless networks, were not considered during the design and creation. Therefore, this paper investigates the integration of MIPv6 and Authentication systems and develops integrated architectures as well. The mechanism described in this paper is a simplified version of the actual Mobile IPV6 protocol. We focus on the binding-update messages sent by the mobile node to its correspondents. In fact authentication service is the most important protection and inspection services in wireless networking. Security designing in mobile network is a critical stage in developing and establishing a Network infrastructure system. While a wireless system provides economic, convenience and efficient network , it must also be secured to prevent attack for theft and damage of data and information . A safe and secure wireless network can ensure that your data transmissions are not intercepted, abuse, misuse by unknown third-party. Unsecured wireless networks are vulnerable to many types of problems, including:

-Theft of information

-Corruption or illegal modification of data

-Interception of interaction ,transaction and communication

-Insider abusing of network data and resources

Establishing a professional and secure wireless network means implementing a framework of authentication, encryption and key management protocols[1]. We focus on authentication with IPV6 in this paper. As a description , authentication is a process of verifying that a device or user that is attempting to log in to the wireless network, should be allowed on the network. Encryption and Key Management are processes and techniques that are make more complex and scramble data so that an unauthorized user or device that receives the data cannot use that.

2. IPv6 Review

Based on the recent concerns over the lack of internet addresses and the desire to provide more functionality for modern mobile devices, an upgrade of the old and current version of the Internet Protocol (IP), called IPv4, has been established. This new version, called IP version 6 (IPv6), resolves weakness of IPv4 design issues and made a revolution in Internet in recent years. The long of addresses in IPv6 are 128 bits. The first 64 bit are used for the link prefix. Which it is assigned to every link and gets advertised through routers on that link. The second 64 bit of the address belongs to the interface identifier .There are different scopes of IPv6 addresses in networking. The different scopes can be diagnostic by looking at certain bit patterns of the address prefix.

We can call the most important scopes in IPv6 as below:

- Link local: An address with a scope of link local only can be used to communicate within the node’s link. Packets with this link addresses will not be

routed outside the link. The first 64 bits of this addresses are fixed and look likes this: 1111111010 0 . . – Site local

First 10 bits Proceeding 54 bits. Link local addresses are like unique addresses inside a site. The size of a site will define by site administrator. It can be a small home network with two or three clients or even the network of a university with hundreds nodes. The first 64 bits of site local addresses look like follows: 1111111011 0 . . . – Subnet ID

The 16 subnet bits are used to differentiate sites and First 10 bits Proceeding 38 bits last 16 bits. Protocol transitions are not easy and the transition from IPv4 to IPv6 is no exception. Protocol transitions are typically deployed by installing and configuring the new protocol on all nodes within the network and verifying that all node and router operations work successfully. Although this might be possible in a small or medium sized organization, the challenge of making a rapid protocol transition in a large organization is very difficult. Additionally, given the scope of the Internet, rapid protocol transition from IPv4 to IPv6 is an impossible issue. The designers of IPv6 recognize that the transition from IPv4 to IPv6 will take years and that there might be organizations or hosts within organizations that will continue to use IPv4 indefinitely[1]. IPv6 solves the network address limitations of the current IPv4 protocol by replacing IPv4′s 32-bit addresses with 128-bit addresses. Different elements were considered during the design of IPv6. One of this consideration is forecasting about the needs of future markets. We can guess that future of internet markets would rely on more security, high efficiency, and mobility[7]. Another successful issue of IPv6 designing is the way of internet’s transition from IPv4. This kind of transition involves with different software, hardware, protocol and infrastructure problems. Fortunately IPv6 has been developed to work with IPV4 network protocol as well. By creating a tunnel to transfer IPv6 packets or by creating a tunnel for transferring other protocol packets, IPv6 will support without requiring any fundamental changes. When a mobile node is far from it’s home agent, it sends information about its current location to the home agent. Any node that it wants to start interaction and communication with a mobile node will use the home address of the mobile node for this communication and sending packets. The home agent intercepts these packets information, and via using tunnels the packets to the mobile node’s care-of address. In fact Mobile Network IPv6 uses care-of address .But for supporting route optimization for direct connection between Mobile Node and Correspondent Node, the Correspondent node will use IPv6 header than the IP encapsulation. Mobile IPv6 technology allows a Mobile Node to move within the Internet infrastructure without loosing an old established connection. It means for a Mobile Node to be reachable at any time by a Correspondent Node it must have an address that not change. In fact this address belongs to the subnet of home network. In Mobile IPv6 this address is called, Home Address or
HoA. If Mobile Node be available in its home network, all packets that want to reach to it, can reach the through the normal routing way. In this situation the Home Agent is topologically correct for the Mobile Node. But if the Mobile Node moves to another subnet, it must to update a Care of Address that topologically this address belongs to the new network. From now Mobile Node will not be reachable through its HoA as well. Home Agent is responsible to receive all packets that destined to the Mobile Node, whenever Mobile Node is in another visited network. Whenever Home agent receives a packet, it would establish a tunnel it to the Mobile Node’s current Care of Address. It proves the Mobile Node has to update its Home Agent about its current Care of Address regular. It means Home Agent will forward any packets destined to the Mobile Node’s Home Address, to its current Care of Address in visited network. These packets will send through a tunnel to the Mobile Node. It should be considered that the tunnel begins from the Home Agent and will end at the Mobile Node. Mobile IPv6 works like transparent for upper layers like applications. Any time Mobile Node wants to send a packet to the Correspondent Node, it can send it direct to it’s address.

3. Security on Mobile IPV6

3.1. Data Encryption and authentication protocol

One of the solution for making sure that unauthorized users or systems do not access on your wireless and mobile network is to encrypt your data and files. The famous and basic encryption method, WEP (wired equivalent privacy), unfortunately was found to be completely weak and nonstable. WEP works on a shared key technology, or password, to prevent unauthorized

Share and Enjoy: