ABSTRACT- The next generation wireless systems aim to provide high speed mobility and uninterrupted secure internet access to users through the adoption of standard interfaces and protocols, such as Mobile IP. Mobile IPv4 was introduced by IETF as Network Layer Protocol, which allows users to maintain a permanent IP address while moving among different networks. However, with the introduction of IPv6 as the successor of IPv4, the need to replace Mobile IPv4 with Mobile IPv6 is becoming increasingly important due to enhancements introduced in Mobile IPv6. One such enhancement is the introduction of route optimization in Mobile IPv6 which may cause other security threats. Mobile IPv6's initial draft was submitted in 1996, one year later than the submission of the draft of IPv6. The backbone reason behind the delayed submission of draft was to mitigate the security threats to Mobile IPv6. This paper gives short introduction of Mobile IPv6 and of major security threats to Mobile IPv6 as a consequence of the introduction of Route Optimization in Mobile IPv6. This paper also discusses the solutions to those security threats and outlines how these security solutions minimize the security threats to Mobile IPv6.
Get your grade
or your money back
using our Essay Writing Service!
Key words: Mobile IPv4, Mobile IPv6, IPv4, IPv6, Internet Engineering Task Force (IETF), Network Layer Protocol, Mobile Node (MN), Corresponding Node (CN), Home Agent (HA), Home Address (HoA), Care of Address (CoA), Binding Update (BU), Binding Acknowledgement (BA), Route Optimization, Mobility.
I. MOBILE IPv6
Mobile IP is Internet Engineering Task Force (IETF) communication network layer protocol which allows the user/node to move among different networks while maintaining its single IP address (Upper layer connectivity). People usually confuse it with portability which allows node to relocate to different networks and node remains reachable. In portability when node relocates to new network its upper layer connectivity is disrupted and node always obtains and addressed by new IP address. 
The idea behind mobile IP is that when Mobility is implemented in network layer, it should be implemented once and its functionality should be transparent to all the upper layer protocols. This paper will discuss that how much this promise has been fulfilled in implementation of Mobile IPv6. 
Mobile IPv6 acronyms
Care of Address
Message Authentication Code
II. MOBILE IPv6 ARCHITECTURE
In the world of internet, IP addresses perform two major functions: routing and identification. IP addresses consist of two parts: subnet prefix and interface identifier. Typically every IP address in IPv6 has 64 bit subnet prefix and 64 bit interface identifier. The subnet prefix, part of IP address determined by location (Network) and is used to identify that specific network for routing. Interface identifier part of IP addresses is used to uniquely identify the host on that particular network. The combination of subnet prefix and interface identifier gives the globally unique identifier and globally routable address for a specific node. 
In mobility when node moves among different networks, its subnet prefix will be changed. Every time node will move to different location it will assigned the new IP address. The change in IP address will cause the two major problems: Firstly, the established connections, such as IPSec security association, TCP connection and all other higher layer sessions between the mobile node and the other hosts becomes invalid because of change of address of one endpoint. Secondly, mobile node will not be reachable at previous address. The MIPv6 aims to solve two major problems: all higher layers established connections should survive during the movement of node among different networks and node should be reachable until it is connected to the internet anywhere in the world.
For the implementation of mobility, MIPv6 has made a strong assumption about the environment, i.e., every mobile node has its home network and Home address (HoA) on that network. This home network has major role in providing infrastructure for implementation of mobility. This assumption regarding the home network was made when most of the nodes were static and mobility was an exception. By using this assumption, MIP has solved the reach-ability problem by making sure that MN anywhere in the world will receive the packets sent to its home address (HoA). 
Always on Time
Marked to Standard
MIPv6 introduced three different network entities which are shown below in Figure 1: Mobile Node (MN), Home Agent (HA) and Correspondent Node (CN). MNs are allowed to move among different networks, HAs are responsible for maintaining the reach ability of packets to MNs and all other MIPv6 aware nodes are called CNs. MIPv6 also introduced two new address types: Home address (HoA) and Care of Address (CoA). HoA is assigned to MN by its home network. HoA is a permanent address and used as an identification of MN. CoA is configured every time when MN visits a foreign network. CoA changes with change of network. Every time MN connects to different network, MN is assigned a new CoA. In MIPv6, CoA is used to route packets. 
III. MIPv6 WORKING MECHANISM
For mobility implementation, MIPv6 working mechanism depends upon two fundamental techniques: transparent mode and route optimization mode. In transparent mode shown in figure 2(a), HA in home network behaves as MN's trusted agent and works as router. When CN sends any IP packets to MN, it uses MN's HoA as a destination address. When IP packets arrive in home network, HA tunnels these packets to MN's CoA. HA uses IPIP tunnel to send packets to MN, i.e., encapsulate packets in another IP packet. When MN wants to send packets to CN, it tunnels these packets back to HA. HA decapsulates packets and forwards them to CN. 
When MN changes its location, it informs HA about the change in its IP address by sending BU. BU tells HA to update IPIP tunnel to route packets to and from new CoA. When MN sends BU to HA, HA sends binding BA back to MN before updating IPIP tunnel. This BU and BA are authenticated by using predefined IPSec security association between HA and MN. Here we depend on the long-term trust relationship between HA and MN. HA and MN are already connected so there are number of possible ways to create security association between them, such as IKE with authentication certificate and many other. 
This paper assumes that security association exists between MN & HA and all signaling messages sent between them are protected and encrypted. Data between HA and MN is protected using IPSec tunnel mode. To make discussion simple, this paper assumes that both, data and signaling messages between HA and MN, get the IPSec tunnel protection. 
The same transparent mode is used in Mobile IPv4. Transparent mode assures reach-ability of packets when the MN moves but routing of packets is not optimum. Every packet travels far to pass through the HA. If MN and CN are in the same network and HA is in different, even then every packet between MN and CN will pass through the HA . To make MIP optimum, MIPv6 introduced a Route Optimization mechanism. Route optimization process requires some modifications in CN and then every IPv6 node will support it .
The route optimization process is shown in Figure 2 (b). This process also includes BUs and BAs. When MN receives its 1st tunnel packet, it sends BU to the CN. BU contains MN's HoA and current CoA. In response of BU, CN sends BA and stores BU information in its binding cache (Routing Table), which tells that a packet whose destination address is HoA, should be sent to CoA. Binding is refreshed after some time by sending new BU. BU has predefined life. If life time of BU expires then CN will forward those packets to HoA and CN will not even accept packets from MN. At this stage, this paper assumes that the BU sent to CN is unauthenticated. 
After binding, packets sent or received by CN have an extra Home Address Destination Option field. These packets contain Home Address in type-2 routing header. CN just before sending packets compares destination address to the binding cache. If it finds binding then it will replace the destination address with CoA and when MN receives this packet, it will replace the destination address with HoA. On the other end, when MN wants to send packets to CN, MN will place CoA as a source address and HoA in type-2 routing header field. When CN will receive this packet, it will replace its source address again with HoA. This process in Route Optimization is responsible for maintaining transparent mobility to upper layers . The selection of route optimization is always a choice for MN and CN. If they want to continue without route optimization then all the packets will travel through HA.
IV. BINDING UPDATE AUTHENTICATION
This Essay is
a Student's Work
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.Examples of our work
This part of paper discusses about the authentication of binding updates between MN and CN because as we already discussed that data and signaling between HA and MN are secured.
As discussed in previous section that BUs between CN and MN are unauthenticated. This is s a serious security threat. If BUs are unauthenticated, anyone can listen them and can send false BU to CN. This section discusses the security issues because of unauthenticated BUs and authenticated BU mechanism. 
IV.1 Connection Hijacking
Suppose that two nodes, somewhere on internet, are communicating and they support MIPv6 and Route Optimization. It's quite simple for an attacker to hijack connection between two nodes. The attacker needs to know the IP addresses of both nodes. While two honest nodes A & B are communicating, meanwhile attacker (Node C) sends false BU to node B pretending to be node A. It will send its own address as a CoA and node A's address as HoA. As there is no authentication required for BU, so node B will simply redirect its node A's traffic to C and similarly node C can send BU to node A to redirect node B's traffic to itself. In this way, node C can easily hijack the connection. Node C can also redirect traffic to any unknown node by just using that node's address in BU. Because of end to end encryption, IPSec and SSL, the attacker may not be able to read data but attacker can easily be a cause of denial of service. 
IETF halted the standardization process of MIPv6 just because of the possibilities of these attacks because the implementation of protocol without security may be the cause of the breakdown of whole internet. Addition of these authentication security mechanisms will definitely make protocol slow and complex. 
IV.2 INFRASTRUCTURELESS AUTHENTICATION
The only solution of BU spoofing is authentication. An authentication infrastructure such as Public key Infrastructure (PKI) is required and this infrastructure should work between any two IPv6 nodes of internet. There isn't any infrastructure which can be used globally and it's not realistic to design a new infrastructure for MIPv6. The use of any existing infrastructures i.e., IPSec or PKI will confine Mobile IPv6 to certain organization where all the required security services are implemented. While designing MIPv6, the goal of IETF was to make it atleast as much secure as MIPv4. It shouldn't introduce any new threats. Because of above defined reasons, IETF decided to use Infrastructureless authentication. This authentication will not be as much secure as PKI but it doesn't matter because their aim isn't so high. 
IV.3 CRYPTOGRAPHICALLY GENERATED ADDRESSES
As discussed in start of this paper, IP layer performs two major tasks. Firstly, IP address architecture gives the globally unique IPv6 address to node and secondly, this IP address is used for routing packets to that specific node. So in this technique, both, addressing and routing are used to define an authentication technique which is not as stronger as PKI and obviously better than no authentication. In this technique, the idea is to create interface identifier of home address as a one way hash of MN's public key. MN signs its present location with corresponding private key and sends public key with signed data. Before verifying signed data, CN hashes the public key and compares the hash with address. Such addresses are called cryptographically generated addresses and this only allows MN to send its location update for its address. The beauty of this technique is that it uses IP address public key authentication without the involvement of any third party. There was many further proposals for BU authentication using this technique  but this technique was rejected by the designers of Mobile IP because of even simpler routing based authentication. 
IV.4 ROUTING-BASED AUTHENTICATION
This is 2nd Infrastructureless authentication method, according to this method as show in a figure 4, when MN initiate BU protocol (MSG 1) to CN, the CN will send a secrete key to MN's HoA (MSG 2) as plain text. HA will forward this key to MN through secure tunnel. MN then uses this key to send authenticated BU message and sends it to CN (MSG 3). CN uses that key to authenticate BU and send BA (MSG 4) to MN. In this method CN makes sure that MN can receive messages sent at its HoA. This method called routing-based authentication because CN receive back its key.
To spoof BU, the hacker should be between HA and CN because as discussed earlier, that data is secured between HA and MN. If hacker spoofs BU, it means there is some problem with network security. If MIPv6 is using this method for BU authentication then none of the nodes on internet can spoof BU except those who are somewhere on path of packets, travelling between HA and CN. If MIPv6 is using routing-based authentication then it is atleast as much secure as IPv4 was and this was the major goal while designing MIPv6. 
IV.5 VERIFICATION OF CoA
Routing-based authentication enabled MIPv6 to verify the sender (HoA) of the BUs but while working on these security mechanisms, we developed a deep understanding of threats to MIPv6. We discovered a threat which uses BU to amplify the flooding attack, which is atleast as much serious as the spoofing of BU. This section discusses that how the modification of routing-based authentication protocol can cope with this threat. 
IV.5.a BOMBING ATTACKS
As discussed earlier that MN sends HoA and CoA in BU. The routing-based authentication protocol only verifies the HoA but in worst case scenario, node tells truth about its HoA and lies about its CoA because HoA will be verified and this can make CN to forward packets to unknown mobile. 
As shown in figure 5 that node A starts to download a heavy stream data from a pubic website (Node B) because it just wants to send these packets to unknown Node C. After starting downloading data, Node A will send BU to Node B that I am node A and now I am C. By using routing-based authentication mechanism CN will verify the HoA and Node A will verify it. After verification Node B will start sending data to Node C. This bombing attack is so serious that it can attack any node on internet. 
As it can be easily judged that the only solution to bombing attack is that we should also verify the CoA just like HoA before authenticating BU. As we used routing-based authentication protocol to verify HoA, similarly this protocol can be extended to verify the CoA  also as shown in below in figure 6.
As we can see in figure 6 that when MN initiate BU (MSG 1), CN will send different keys to HoA (MSG 2a) and to CoA (MSG 2b). MN uses both keys in BU and sends (MSG 3) it to CN and CN uses these both keys as MAC on binding update. If it's successful then CN will send a BA to MN. In this way CN verifies that MN receives messages at both, HoA and CoA addresses. Verifications of HoA and CoA by using routing-based authentication protocol are called return-routability test of HoA and return-routability test of CoA respectively.
Return-routability authentication protocol is sufficient to deal with security vulnerabilities due to the introduction of route optimization in MIPv6 and even after the introduction of route optimization in MIPv6; it is as much secure as IPv4 was. There are still some potential security threats to MIPv6 protocol like any other protocol but are out of scope of this paper.
Mobile IP gave awesome solution in order to implement mobility and Mobile IPv6 is more efficient and robust as compare to Mobile IPv4. Security threats because of introduction of route optimization in MIPv6 were major causes to slower down the implementation of MIPv6. Although potential security threats to MIPv6 has been resolved and integrated into the base protocol but still there are many security challenges which MIPv6 is facing and contributing towards their solutions. The implementation of MIPv6 will allow every internet node to be mobile and will introduce robust, more efficient and highly secure internet.