Abstract
Mobile IPv6 is only adapted to the mobile’s movements within its own administrative domain. As Mobile IPv6 is expected to be the basis for beyond 3G networks, a solution for inter-domain security is required allowing the visited domain to authenticate any mobile to grant it access. As such, new concepts known as AAA for Authentication, Authorization, Accounting were defined by the IETF. The IETF is currently defining the Diametr protocol to support those three functions in a Mobile IPv4 environment. Today’s difficulty is to adapt the Diameter protocol to Mobile IPv6.
After introducing the Mobile IPv6, IPsec and Diameter protocols, this paper presents our solution (IETF draft of December 2001), and an IETF alternative for adapting Diameter to Mobile IPv6. It gives a comparison and describes our prototype.
Résumé
La mobilité IPv6 est uniquement adaptée aux déplacements d’un mobile dans son domaine d’administration. Ce protocole étant pressenti pour les réseaux futures d’après 3ème génération, il est important de résoudre le problème de sécurité inter-domaine, et ce, dans le but de permettre à tout domaine d’authentifier les mobiles en visite. A cette fin, l’IETF a défini les concepts AAA (Authentication, Authorization, Accounting) et est actuellement en train de définir le protocole Diameter implémentant ces trois fonctions dans un environnement de mobilité IPv4. La difficulté actuelle est d’adapter Diameter à la mobilité IPv6.
Après une brève introduction aux protocoles Mobile IPv6, IPsec et Diameter, cet article présente notre solution (draft IETF de décembre 2001) et une alternative de l’IETF pour adapter Diameter à Mobile IPv6. Il compare ces solutions et décrit notre prototype.
Similar content being viewed by others
References
Aboba (B.),Beadles (M.), «The Network Access Identifier», RFC 2486, January 1999.
Aura (T.),Roe (M.),Arkko (J.), “Security of Internet Location Management”,18 th acsa/acmAnnual Computer Security Applications Conference acsac02, Las Vegas, Nevada, December 2002.
Blunk (L.)Vollbrecht (J.), “ppp Extensible Authentication Protocol (EAP)”, RFC 2284, March 1998.
Bournelle (J.),Laurent-Maknavicius (M.), “Securing Inter-domain Mobility with AAA protocols”,2 nd IEEE Workshop on Applications and Services in Wireless Networks ASWN 2002, Paris, France, July 2002.
Calhoun (P.R.),Akhtar (H.),Arkko (J.),Guttman (E.),Rubens (A.C.),Zorn (G.), “Diameter Base protocol”, Internet draft draft-ietf-aaa-diameter-12.txt, July 2002.
Calhoun (P.R.),Johansson (T.),Perkins (C.E.), «Diameter Mobile IPv4 Application», Internet draft draft-ietf-aaa-diameter-mobileip-11.txt, June 2002.
Cappiello (M.), Floris (A.), Veltri (L.), “Mobility amongst Heterogenous Netwoks with AAA Support”,IEEE International Conference on Communications, ICC’2002,4, 2002, p. 2064–2069.
Dupont (F.),Laurent-Maknavicius (M.), “AAA for mobile IPv6”, Internet draft draft-dupont-mipv6-aaa-00.txt, February 2001.
Dupont (F.),Laurent-Maknavicius (M.),Bournelle (J.), “AAA for mobile IPv6”, Internet draft draft-dupont-mipv6-aaa-01.txt, November 2001.
Faccin (S.M.),Le (F.),Patil (B.),Perkins (C.E.), “Diameter Mobile IPv6 Application”, Internet draft draft-le-aaa-diameter-mobileipv6-01.txt, November 2001.
Faccin (S.M.),Le (F.),Patil (B.),Perkins (C.E.),Dupont (F.),Laurent-Maknavicius (M.),Bournelle (J.), “Mobile IPv6 Authentication, Authorization, and Accounting Requirements”, Internet draft draft-le-aaa-mipv6-requirements-02.txt, April 2003.
Harkins (D.),Carrel (D.), “The Internet Key Exchange (IKE)”, RFC 2409, November 1998.
Harkins (D.),Kaufman (C.),Kent (S.),Kivinen (T.),Perlman (R.), «Proposal for the IKEV2 Protocol», Internet draft draft-ietf-ipsec-ikev2-02.txt, April 2002.
Hiller (T.),Zorn (G.), “Diameter Extensible Authentication Protocol (EAP) Application”, Internet draft draft-ietf-aaa-eap-00.txt, June 2002.
IEEE Draft P802.1X/D11: “Standard for Port Based Network Access Control”, March 27, 2001.
Johnson (D.B.),Perkins (C.E.), “Mobility Support in IPv6”, Internet draf draft-ietf-mobileip-ipv6-15.txt, July 2001.
Johnson (D.B.),Perkins (C.E.), “Mobility Support in IPv6”, Internet draf draft-ietf-mobileip-ipv6-18.txt, June 2002.
Kent (S.),Atkinson (R.), “Security Architecture for the Internet Protocol”, RFC 2401, November 1998.
Kent (S.),Atkinson (R.), “IP Authentication Header”, RFC 2402, November 1998.
Kent (S.),Atkinson (R.), “IP Encapsulating Security Payload (ESP)”, RFC 2406, November 1998.
Mishra (A.),Arbaugh (W.), “An Initial Security Analysis of the IEEE 802.1X Standard”, UMIACS-TR-2002-10, University of Maryland, February 2002.
Narten (T.),Nordmark (E.),Simpson (W.), “Neighbor Discovery for IP Version 6 (IPv6)”, RFC 2461, December 1998.
Nikander (P.), “Authorization and charging in public WLANS using FreeBSD and 802.1x”,Proceedings of the Freenix track: 2002 USENIX Annual Technical Conference, Monterey, CA, June 2002.
Penno (R.),Yegin (A.E.),Ohba (Y.),Tsirtsis (G.),Wang (C.), “Protocol for Carrying Authentication for Network Access (PANA) Requirements and Terminology”, Internet draft draft-ietf-pana-requirements-02.txt, June 2002.
Perkins (C.E.), “Mobile IP Joins Forces with AAA”,IEEE Personal Communications,7, no 4, August 2000, pp 59–61.
Rigney (C.),Rubens (A.),Simpson (W.),Willens (S.), “Remote Authentication Dial In User Service”, RFC 2138, April 1997.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Laurent-Maknavicius, M., Bournelle, J. Inter-domain security for mobile IPv6. Ann. Télécommun. 58, 1001–1020 (2003). https://doi.org/10.1007/BF03001869
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF03001869