Skip to main content
SpringerLink
Log in

Secure and mobile networking

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The IETF Mobile IP protocol is a significant step towards enabling nomadic Internet users. It allows a mobile node to maintain and use the same IP address even as it changes its point of attachment to the Internet. Mobility implies higher security risks than static operation. Portable devices may be stolen or their traffic may, at times, pass through links with questionable security characteristics. Most commercial organizations use some combination of source-filtering routers, sophisticated firewalls, and private address spaces to protect their network from unauthorized users. The basic Mobile IP protocol fails in the presence of these mechanisms even for authorized users. This paper describes enhancements that enable Mobile IP operation in such environments, i.e., they allow a mobile user, out on a public portion of the Internet, to maintain a secure virtual presence within his firewall-protected office network. This constitutes what we call a Mobile Virtual Private Network (MVPN).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. S. Kent and R. Atkinson, Security architecture for the Internet Protocol, Internet Draft, draft-ietf-ipsec-arch-sec-07.txt (work in progress) (July 1998) (a previous version appears as RFC 1825).

  2. S. Kent and R. Atkinson, IP authentication header, Internet Draft, draft-ietf-ipsec-auth-header-07.txt (work in progress) (July 1998) (a previous version appears as RFC 1826).

  3. S. Kent and R. Atkinson, IP encapsulating security payload, Internet Draft, draft-ietf-ipsec-esp-v2-06.txt (work in progress) (July 1998) (a previous version appears as RFC 1827).

  4. A. Aziz and M. Patterson, Design and implementation of SKIP, available on-line at http://skip.incog.com/inet-95.ps. A previous version of the paper was presented at INET' 95 under the title “Simple Key Management for Internet Protocols (SKIP)”, and appears in the conference proceedings.

  5. A. Aziz, T. Markson and H. Prafullchandra, Assigned numbers for SKIP protocols, available on-line at http://skip.incog.com/spec/numbers.html.

  6. CERT Advisory CA-96.21, TCP SYN flooding and IP spoofing attacks, available at ftp://info.cert._org/pub/cert advisories/CA-96.21.tcp_syn_flooding.

  7. D.B. Chapman and E. Zwicky, Building Internet Firewalls(O'Reilly & Associates, Inc., 1995).

  8. M. Degermark, B. Nordgren and S. Pink, IP Header Compression, Internet Draft, draft-degermark-ipv6-hc-04.txt (November 1997) (work in progress).

  9. W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. Info. Theory IT-22 (1976) 644–654.

    Google Scholar 

  10. R. Droms, Dynamic Host Configuration Protocol, RFC 2131 (March 1997).

  11. D. Eastlake and C. Kaufman, Domain name system security extensions, RFC 2065 (January 1997).

  12. V. Gupta, A versatile tunneling interface, distributed as part of the Solaris Mobile IP software package at http://playground.sun.com/pub/mobile-ip (May 1997).

  13. V. Gupta and S. Glass, Firewall traversal for Mobile IP: guidelines for firewalls and Mobile IP entities, Internet Draft, draft-ietfmobileip-firewall-trav-00.txt (March 1997) (work in progress).

  14. D. Harkins and D. Carrel, The resolution of ISAKMP with Oakley, Internet Draft, draft-ietf-ipsec-isakmp-oakley-05.txt (November 1997) (work in progress).

  15. M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas and L. Jones, SOCKS protocol version 5, RFC 1928 (March 1996).

  16. P. McMahon, GSS-API authentication method for SOCKS version 5, RFC 1961 (June 1996).

  17. J. Mogul and S. Deering, Path MTU discovery, RFC 1191 (November 1990).

  18. G. Montenegro, Reverse tunneling for Mobile IP, RFC 2344 (May 1998).

  19. P. Calhoun, G. Montenegro and C. Perkins, Tunnel Establishment Protocol (TEP), Internet Draft, draft-ietf-mobileip-calhoun-tep-01.txt (March 1998) (work in progress).

  20. G. Montenegro and V. Gupta, Sun's SKIP firewall support for Mobile IP, RFC 2356 (June 1998).

  21. C. Perkins, Editor, IP mobility support, RFC 2002 (October 1996).

  22. C. Perkins, IP encapsulation within IP, RFC 2003 (October 1996).

  23. C. Perkins, Minimal encapsulation within IP, RFC 2004 (October 1996).

  24. Y. Rekhter, B. Moskowitz, D. Karrenberg, G.J. de Groot and E. Lear, Address allocation for private internets, RFC 1918 (February 1996).

  25. W. Simpson, The Point-to-Point Protocol (PPP), RFC 1661 (July 1994).

Download references

Author information

Authors and Affiliations

  1. Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA, 94303-4900, USA

    Vipul Gupta & Gabriel Montenegro

Authors
  1. Vipul Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriel Montenegro
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gupta, V., Montenegro, G. Secure and mobile networking. Mobile Networks and Applications 3, 381–390 (1998). https://doi.org/10.1023/A:1019153505523

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1019153505523

Keywords

Search

Navigation