Computer Communication Laboratory
Dept. of computing, Soonsil University

Security & Authentication with Mobile IP

The several methods to protect the 'binding information' from being exposes to attacker have been proposed for Mobile IPv6. The proposed approaches basically provide the strong security facilities. However in case of hand-held device that requires the cryptographic processing the very complex and power-consuming arithmetic operation in common, it's a big burden for such a device that the header and payload of all incoming/outgoing packets have to be processed with cryptographic engine. Another feature is how to distribute a binding key or keying materials with secure manner for Mobile IPv6. The IKE (Internet Key Exchange) is a Key Distribution mechanism for Internet community and it has been reviewed from Mobile IP working group to deploy it in mobile communication but the result shows that it is lack of extensibility and flexibility in mobile network and the performance for real-operation is contrary to expectations. Another approach to simplify the key distribution process without depending on existing infrastructure, RR (Return Routablity), has proposed as a lightweight key distribution mechanism where the mobile node (MN) initiates the key distribution process and the correspondent node (CN) takes the responsibility of creating and distributing the key and keying materials. However the security power is very weak which can lead us to the 'Bidding Down' attack if an attacker is able to eavesdrop the security negotiation packets between MN and CN before all the procedure for key distribution has complete by forging the negotiation payload as being weak security then the communication peers negotiate the weak level of security although they have more strong security capabilities. So, when considering the property of mobile service environment, introducing the robust infrastructure that enables to provide the global roaming service with maintaining the overhead of the mobile node as minimal is required.

In Mobile IPv6, there may be vulnerabilities when providing mobility service since the IP roaming across the different domains is likely to happen within a brief time of intervals. So, the AAA technology to provide the mobile node moving rapidly among the domains managed by different service provider with secure roaming service is required. If the global authentication infrastructure such as AAA is not present then the visiting node is unable to get the right to access the visited link and ongoing sessions will be dropped. The draft-18 of Mobile IP working group dose not describes how to provide the mobile node with secure roaming service in such an environment. In 802.11a/b wireless network, the mobile nodes listens the beacon signal and join the network with SSID advertised from the AP (Access Point). After joining the BSS area then it tries to authenticate itself to visited link where the shared key (WEP) is used to access the link. If the node is not belonging to the same domain with the AP then it has no idea of the WEP key, so the authentication is fails and all ongoing session will be dropped. To get the WEP key and keying materials, the node has to be authenticated according to the roaming contract between home and visited domains. There are several entities to make it possible that the mobile node visiting the link in different domains is able to access the network without losing the session. Including the Mobile IP entities (MN, CN and Home Agent) the Attendant, AAA server in visited domain and AAA server in home domain are defined as well.

There has been proposed many AAA infrastructures especially the RAIUS was successful in wired network however the lot of messages in completing the authentication and the limits on the AVPs (total 255 items) are inadequate for mobile and large-scaled network. The DIAMATER overcomes the shortcomings of the RADIUS and currently existing AAA technologies in aspect of minimizing the message sequences for wired or wireless network, broker architecture for scalability and extensibility and transport layer security (TCP, SSL) with comparing to its competitive technologies. The DIAMETER is an alternative choice to apply it to global roaming infrastructure for Mobile IP.

The message flows between DIAMETER entities to distribute the session key. The proposed message sequence depicted as the following figure.

Figure 1. The message flows between DIAMETER entities to distribute the session key

MN tries to find the attendant(entry point of visited link) by sending this message at the time when MN knows it has moved. If there is no reply from attendant, this message is issued periodically until it finds out the attendant. If AS message received from MN, replies to MN with local challenge used to authenticate the AReq message. The attendant extracts the payload data from AReq and constructs a new m_AR message with parameter set(AVPs) from the payload. When the V_AAA receives this message, it validates the NAI of the MN to decide if the requests will be allowed or not. If it is not valid(wrong NAI or unallowed roaming request) then the V_AAA SHOULD send the h_AA to attendant with Result-Code-Option(NAI-ROAMING-INVALID) of the Action-AVP. If the entry exists and the lifetime is still alive then the V_AAA can compute the session_key and its keying materials as follow: session_key = prf(N_m | N_a, m_HoA, m_CoA, a_R), key_material = {Nonces(N_a, N_m), SPI, HASH,..} where, N_a is a nonce value generated by the V_AAA in behalf of the MN's Home Agent or H_AAA server. m_HoA and m_CoA are the Home Address and Care-of Address of the MN as described before. The a_R is a random number generated by V_AAA for each required session key. All parameters except for the random number and nonce are referenced from the Security Context in the delegation list entry for MN. When the attendant receives this message, it should extracts the session_key with MN and stores it into it's local storage area to authenticate the session between the MN and the attendant. Notice that it should not send the session_key itself to the MN before the session is protected by it. The attendant converts the AAA(Diameter) message into the message known to the MN and Attendant(e.g. EAP). HA performs the binding registration procedure as described in mobile ip working group(mobileip)

Copyright. Computer Networking and Mobile Computing Team All right reserved.