Skip to main content
SpringerLink
Log in

Designing the mobile IPv6 security protocol

Conception du Protocole de Sécurité Pour Mobile IPV6

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the mobile’s home address and care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard toolkit for designing Internet mobility protocols, some details of the reasoning have not been previously documented.

Résumé

Mobile IPv6 est un protocole de réseau mobile pour Internet IPv6. Ce protocole intègre plusieurs mécanismes de sécurité, tels que des tests de routage en retour, à partir de l’adresse fixe et des adresses temporaires. Cet article explique le modèle d’attaque et les principes de conception qui motivent les mécanismes de sécurité de Mobile IPv6. Bien que beaucoup de ces idées fassent maintenant partie des outils standards pour la conception de protocoles de mobilité pour Internet, certains détails du raisonnement qui les motive n ’avaient pas été documentés jusqu ’ici.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Arkko (J.), Nikander (P.), How to authenticate unknown principals without trusted parties.In Security Protocols, 10th International Workshop,2845 ofLncs, pages 5–16, Cambridge, UK, April 2002. Springer.

    Google Scholar 

  2. Aura (T.), Cryptographically generated addresses (Cga).Rfc 3972,Ietf. To appear.

  3. Aura (T.), Cryptographically generated addresses (Cga). In Proc. 6th Information Security Conference (Isc’03),2851 ofLncs, pages 29–43, Bristol,Uk, October 2003. Springer.

    Google Scholar 

  4. Aura (T.), Mobile IPv6 security.In Proc. Security Protocols, 10th International Workshop,Lncs, Cambridge,Uk, April 2002. Springer.

    Google Scholar 

  5. Aura (T.),Arkko (J.),Mipv6Bu attacks and defenses. Internet Draft draft-aura-mipv6-bu-attacks-01,Ietf MobileIp Working Group, February 2002. Archived at http://www.watersprings.org/pub/id/draft-aura-mipv6-bu-attacks-01.txt.

  6. Aura (T.), Nikander (P.), Stateless connections. In Proc. International Conference on Information and Communications Security (Icics’97),1334 ofLncs, pages 87–97, Beijing, China, November 1997. Springer.

    Google Scholar 

  7. Aura (T.), Nikander (P.), Camarillo (G.), Effects of mobility and multihoming on transport-protocol security. In Proc. 2004Ieee Symposium on Security and Privacy (Ssp’04), Berkeley,Ca usa, May 2004.Ieee Computer Society.

    Google Scholar 

  8. Aura (T.), Roe (M.), Arkko (J.), Security of Internet location management.In Proc. 18th Annual Computer Security Applications Conference, Las Vegas,Nv usa, December 2002.iEee Press.

    Google Scholar 

  9. Ferguson (P.),Senie (D.), Network ingress filtering: Defeating denial of service attacks which employIp source address spoofing,Rfc 2827,Ietf, May 2000.

  10. Harkins (D.),Carrel (D.), The Internet key exchange (Ike),Rfc 2409,Ietf, November 1998.

  11. Hinden (R. M),Deering (S.E.),Ip version 6 addressing architecture,Rfc 2373,Ietf, July 1998.

  12. Huitema (C), Routing in the Internet.Prentice Hall, 1995.

  13. Ioannidis (J.), Protocols for Mobile Internetworking. PhD thesis, Columbia University in the City of New York, 1993.

  14. Johnson (D. B.),Perkins (C),Arkko (J.), Mobility support in IPv6,Rfc 3775,Ietf, June 2004.

  15. Karn (P.),Simpson (W.A.), Photuris: session-key management protocol,Rfc 2522,Ietf Network Working Group, March 1999.

  16. Kempf (J.), Arkko (J.), Nikander (P.), Mobile IPv6 security. Kluwer Wireless Personal Communications special issue on Security for Next Generation Communications, 29(3–4):389–414, June 2004.

    Google Scholar 

  17. Carpenter (B. E.),Crowcroft (J.),Rekhter (Y.). IPv4 address behaviour today,Rfc 2101,Ietf, February 1997.

  18. Montenegro (G.),Castelluccia (C),Sucv identifiers and addresses. Internet Draft draft-montenegro-sucv02, November 2001. Archived at http://www.watersprings.org/pub/id/draft-montenegro-sucv-02.txt.

  19. Narten (T.),Draves (R.). Privacy extensions for stateless address autoconfiguration in IPv6.Rfc 3041,Ietf, January 2001.

  20. Nikander (P.), A scaleable architecture for IPv6 address ownership. Internet-Draft draft-nikander-ipng-pbkaddresses-00, March 2001.

  21. Nikander (P.), Denial-of-service, address ownership, and early authentication in the IPv6 world.In Proc. 9th International Workshop on Security Protocols,2467 ofLncs, pages 12–21, Cambridge, UK, April 2001. Springer 2002.

  22. Nikander (P.),Perkins (C), Binding authentication key establishment protocol for Mobile IPv6. Internet Draft draft-perkins-bake-01,Ietf MobileIp Working Group, July 2001. Archived at http://www.watersprings. org/pub/id/draft-perkins-bake-01.txt.

  23. Nikander (P.), Aura (T.), Arkko (J.), Montenegro (G.), MobileIp version 6 (Mipv6) route optimization security design. In Proc.Ieee Vehicular Technology Conference Fall 2003, Orlando,Flusa, October 2003. IEEE Press.

    Google Scholar 

  24. Nikander (P.),Ylitalo (J.),Wall (J.), Integrating security, mobility, and multi-homing in aHip way. In Proc. Network and Distributed Systems Security Symposium (Ndss’03), pages 87–99, San Diego,Ca usa, February 2003.

  25. O’shea (G.),Roe (M.), Child-proof authentication for mipv6 (Cam),Acm Computer Communications Review, 31(2), April 2001.

  26. Paxson (V.), An analysis of using reflectors for distributed denial-of-service attacks,Acm Computer Communications Review (Ccr), 31(3), July 2001.

  27. Perkins (C), Editor, ip mobility support for IPv4,Rfc 3344,Ietf, August 2002.

  28. Roe (M.),Aura (T.),O’shea (G.),Arkko (J.), Authentication of Mobile IPv6 binding updates and acknowledgments. Internet Draft draft-roe-mobileip-updateauth-01, November 2001. Archived at http://www.waters-prings.org/pub/id/draft-roe-mobileip-updateauth-01.txt.

  29. Schuba (C.L.), Krsul (I.V.), Kuhn (M.G.), Spaffold (E.H.), Sundaram (A.), Zamboni (D.), Analysis of a denial of service attack onTCP. In Proc. 1997Ieee Symposium on Security and Privacy, pages 208–223, Oakland,Ca usa, May 1997,Ieee Computer Society Press.

    Google Scholar 

  30. Soliman (H.), Mobile IPv6: Mobility in a Wireless Internet.Addison-Wesley, 2004.

  31. Thomson (S.),Narten (T.), IPv6 stateless address autoconfiguration,Rfc 2462,Ietf, December 1998.

  32. Ylönen (T.), SSH — secure login connections over the Internet. In Proc. 6thUsenix Security Symposium, pages 37–42, San Jose,Ca usa, June 1996.Usenix Association.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, Roger Needham Building, 7 JJ Thomson Avenue, CB3 OFB, Cambridge, UK

    Tuomas Aura & Michael Roe

Authors
  1. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Roe
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Aura, T., Roe, M. Designing the mobile IPv6 security protocol. Ann. Télécommun. 61, 332–356 (2006). https://doi.org/10.1007/BF03219911

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF03219911

Key words

Mots clés

Search

Navigation