Enhancing Security in Mobile IPv6 with Private Key-Based Binding Update Protocol / Hero Modares
In the Mobile IPv6 (MIPv6) protocol, a Mobile Node (MN) is a mobile device with a permanent Home Address (HoA) on its home link. The MN will acquire a Care-of Address (CoA) when it roams into a foreign link. It then sends a Binding Update (BU) message to the Home Agent (HA) and the Correspondent Nod...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Published: |
2013
|
Subjects: | |
Online Access: | http://studentsrepo.um.edu.my/5540/1/Hero_Modares(WHA100020).pdf http://studentsrepo.um.edu.my/5540/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | In the Mobile IPv6 (MIPv6) protocol, a Mobile Node (MN) is a mobile device with a permanent Home Address (HoA) on its home link. The MN will acquire a Care-of Address (CoA) when it roams into a foreign link. It then sends a Binding Update (BU) message to the Home Agent (HA) and the Correspondent Node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks such as: the Man-In-The-Middle (MITM) attack, session hijacking attack, Denial-of-Service (DoS) attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The Private Key-based Binding Update (PKBU) protocol is proposed in this thesis to overcome the shortcomings of some existing MIPv6 protocols. The proposed PKBU protocol incorporates: (a) a method to assert the address ownership of the MN by creating a 128-bit MIPv6 address based on the MN‘s private key, and computing one-way hash function in order to authenticate the MNs authority, thus, allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements as well as it able to check the address ownership of the MN; and (b) a method to verify the reachability of the MN by sending packets from the MN to the CN, directly, and through the HA. The CN will then use both packets to verify the reachability of the MN. The results show that the CN is able to correctly validate the HoA and the CoA, and also address the security requirements such as authentication, confidentiality and integrity. The PKBU protocol also offers protection for the MN against false binding-update attacks, in which an attacker attempts to spoof two different messages, which are sent to the CN in two different paths. Thus, the PKBU protocol has addressed the important security requirements of mobile communication such as address ownership, reachability, and device authentication. The PKBU protocol was subjected to formal security verification to identify any security flaws, by using the Protocol Composition Logic (PCL). The verification results show that the PKBU protocol meets all the security requirements and is able to successfully defend the BU message against common attacks. The INETMANET-2.0 framework in the OMNeT++ network simulator was used to model the working of the PKBU protocol against common attacks and for attack detection, and attack mitigation. The results of the formal security verification and the network simulation modelling of the PKBU protocol show that the proposed protocol can improve the level of security in the MPv6 protocols, especially, the security of the BU messages transmitted between the MN and the CN. |
---|