Abstract
Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the mobile’s home address and care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard toolkit for designing Internet mobility protocols, some details of the reasoning have not been previously documented.
Résumé
Mobile IPv6 est un protocole de réseau mobile pour Internet IPv6. Ce protocole intègre plusieurs mécanismes de sécurité, tels que des tests de routage en retour, à partir de l’adresse fixe et des adresses temporaires. Cet article explique le modèle d’attaque et les principes de conception qui motivent les mécanismes de sécurité de Mobile IPv6. Bien que beaucoup de ces idées fassent maintenant partie des outils standards pour la conception de protocoles de mobilité pour Internet, certains détails du raisonnement qui les motive n ’avaient pas été documentés jusqu ’ici.
Similar content being viewed by others
References
Arkko (J.), Nikander (P.), How to authenticate unknown principals without trusted parties.In Security Protocols, 10th International Workshop,2845 ofLncs, pages 5–16, Cambridge, UK, April 2002. Springer.
Aura (T.), Cryptographically generated addresses (Cga).Rfc 3972,Ietf. To appear.
Aura (T.), Cryptographically generated addresses (Cga). In Proc. 6th Information Security Conference (Isc’03),2851 ofLncs, pages 29–43, Bristol,Uk, October 2003. Springer.
Aura (T.), Mobile IPv6 security.In Proc. Security Protocols, 10th International Workshop,Lncs, Cambridge,Uk, April 2002. Springer.
Aura (T.),Arkko (J.),Mipv6Bu attacks and defenses. Internet Draft draft-aura-mipv6-bu-attacks-01,Ietf MobileIp Working Group, February 2002. Archived at http://www.watersprings.org/pub/id/draft-aura-mipv6-bu-attacks-01.txt.
Aura (T.), Nikander (P.), Stateless connections. In Proc. International Conference on Information and Communications Security (Icics’97),1334 ofLncs, pages 87–97, Beijing, China, November 1997. Springer.
Aura (T.), Nikander (P.), Camarillo (G.), Effects of mobility and multihoming on transport-protocol security. In Proc. 2004Ieee Symposium on Security and Privacy (Ssp’04), Berkeley,Ca usa, May 2004.Ieee Computer Society.
Aura (T.), Roe (M.), Arkko (J.), Security of Internet location management.In Proc. 18th Annual Computer Security Applications Conference, Las Vegas,Nv usa, December 2002.iEee Press.
Ferguson (P.),Senie (D.), Network ingress filtering: Defeating denial of service attacks which employIp source address spoofing,Rfc 2827,Ietf, May 2000.
Harkins (D.),Carrel (D.), The Internet key exchange (Ike),Rfc 2409,Ietf, November 1998.
Hinden (R. M),Deering (S.E.),Ip version 6 addressing architecture,Rfc 2373,Ietf, July 1998.
Huitema (C), Routing in the Internet.Prentice Hall, 1995.
Ioannidis (J.), Protocols for Mobile Internetworking. PhD thesis, Columbia University in the City of New York, 1993.
Johnson (D. B.),Perkins (C),Arkko (J.), Mobility support in IPv6,Rfc 3775,Ietf, June 2004.
Karn (P.),Simpson (W.A.), Photuris: session-key management protocol,Rfc 2522,Ietf Network Working Group, March 1999.
Kempf (J.), Arkko (J.), Nikander (P.), Mobile IPv6 security. Kluwer Wireless Personal Communications special issue on Security for Next Generation Communications, 29(3–4):389–414, June 2004.
Carpenter (B. E.),Crowcroft (J.),Rekhter (Y.). IPv4 address behaviour today,Rfc 2101,Ietf, February 1997.
Montenegro (G.),Castelluccia (C),Sucv identifiers and addresses. Internet Draft draft-montenegro-sucv02, November 2001. Archived at http://www.watersprings.org/pub/id/draft-montenegro-sucv-02.txt.
Narten (T.),Draves (R.). Privacy extensions for stateless address autoconfiguration in IPv6.Rfc 3041,Ietf, January 2001.
Nikander (P.), A scaleable architecture for IPv6 address ownership. Internet-Draft draft-nikander-ipng-pbkaddresses-00, March 2001.
Nikander (P.), Denial-of-service, address ownership, and early authentication in the IPv6 world.In Proc. 9th International Workshop on Security Protocols,2467 ofLncs, pages 12–21, Cambridge, UK, April 2001. Springer 2002.
Nikander (P.),Perkins (C), Binding authentication key establishment protocol for Mobile IPv6. Internet Draft draft-perkins-bake-01,Ietf MobileIp Working Group, July 2001. Archived at http://www.watersprings. org/pub/id/draft-perkins-bake-01.txt.
Nikander (P.), Aura (T.), Arkko (J.), Montenegro (G.), MobileIp version 6 (Mipv6) route optimization security design. In Proc.Ieee Vehicular Technology Conference Fall 2003, Orlando,Flusa, October 2003. IEEE Press.
Nikander (P.),Ylitalo (J.),Wall (J.), Integrating security, mobility, and multi-homing in aHip way. In Proc. Network and Distributed Systems Security Symposium (Ndss’03), pages 87–99, San Diego,Ca usa, February 2003.
O’shea (G.),Roe (M.), Child-proof authentication for mipv6 (Cam),Acm Computer Communications Review, 31(2), April 2001.
Paxson (V.), An analysis of using reflectors for distributed denial-of-service attacks,Acm Computer Communications Review (Ccr), 31(3), July 2001.
Perkins (C), Editor, ip mobility support for IPv4,Rfc 3344,Ietf, August 2002.
Roe (M.),Aura (T.),O’shea (G.),Arkko (J.), Authentication of Mobile IPv6 binding updates and acknowledgments. Internet Draft draft-roe-mobileip-updateauth-01, November 2001. Archived at http://www.waters-prings.org/pub/id/draft-roe-mobileip-updateauth-01.txt.
Schuba (C.L.), Krsul (I.V.), Kuhn (M.G.), Spaffold (E.H.), Sundaram (A.), Zamboni (D.), Analysis of a denial of service attack onTCP. In Proc. 1997Ieee Symposium on Security and Privacy, pages 208–223, Oakland,Ca usa, May 1997,Ieee Computer Society Press.
Soliman (H.), Mobile IPv6: Mobility in a Wireless Internet.Addison-Wesley, 2004.
Thomson (S.),Narten (T.), IPv6 stateless address autoconfiguration,Rfc 2462,Ietf, December 1998.
Ylönen (T.), SSH — secure login connections over the Internet. In Proc. 6thUsenix Security Symposium, pages 37–42, San Jose,Ca usa, June 1996.Usenix Association.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Aura, T., Roe, M. Designing the mobile IPv6 security protocol. Ann. Télécommun. 61, 332–356 (2006). https://doi.org/10.1007/BF03219911
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF03219911