Due to the popularization of numerous portable devices and the desire of having continuous Internet connectivity regardless of the mobile device’s physical position, location information update and management of mobile network are becoming increasingly important. Accordingly, Mobile IPv6 [1] is developed as a subset of Internet Protocol version 6 to support the mobile capability. Mobile IPv6 is now a standard which allows mobile devices whose IP addresses are associated with one network to stay connected when moving to another different network. Unlike traditional devices with fixed attachment to the network, mobile devices may change their point of attachment frequently. Since a mobile device frequently moves among secure private networks and highly unguarded public networks, the security issue is much more significant. This thesis reveals the current threats in Mobile IPv6 networks and proposes an approach that mitigates some of these threats.
1.1 Motivation
IT industry is now facing the challenge of mobility revolution, where the spread of mobile and ubiquitous services have a more significant effect on commercial and social life than Internet revolution. Besides, the introduction of new communication protocol (WiMAX) technology brings a significant influence to Telecom industry, speeds up the growth of mobile devices and blurs the boundary between 3G and Wi-Fi. Users expect services that are unique and fully mobility ready, which mean that the roles of the operators will change, new business models will emerge and new methods for developing and marketing services will surface. Nevertheless, those services will reside on the widespread IP based network, because IP based infrastructure had gradually shared the
telecom market and been an essential part of communication. Not only datacom, but telecom industry also assumed IP based services as the roadmap at present or in the future.
Internet Engineering Task Force (IETF) noticed this trend and designed Mobile IP version 4 in 1996. However, MIPv4 has not been deployed widely enough and has several major shortcomings, including a cumbersome communication process and a limited number of IP addresses. A limited address space is an important issue because the number of mobile devices is increasing rapidly and without enough IP address, they cannot access Internet or communicate with peers. In order to overcome these deficiencies and introduce new capabilities, the IETF has been developing MIPv6. Therefore, MIPv6 increases the available IP addresses, introduce lots of new features and retains mobile users’
connections to the Internet as they move between networks.
Once our computing devices are mobile, they are exposed to the same kinds of vulnerabilities as public networks. Compared to fixed attachment network, mobility brings many new security issues that need to attend to. Even though IPv6 [2] introduced many mechanism(AH and ESP of IPSec) for securing IP packets, new mechanism of Mobile IPv6 causes some other issues, such as false binding update. How to overcome these issues becomes an important next step for MIPv6 implementation.
After the successful story of Youtube, the potential market for sharing and watching videos through the Internet cannot be ignored. Some manufacturers are considering embedding media players in handheld devices for watching videos provided by Youtube and Joost. In addition, more and more vendors are developing new audiovisual streaming technology to integrate into mobile devices. Consequently, researches, such as Stream Control Transmission Protocol (SCTP), that supports multiple streams in an attempt to boost throughput for multimedia application, are now underway.
1.2 Research focus
Our research focuses on the security enhancement of RR Test in MIPv6. MIPv6 enables a Mobile Node to move from its home network to another network while retaining its IPv6 address. That is, a Mobile Node can always be reached through its home address.
Packets are routed to the Mobile Node’s home address when MN is away from home. This is due to the fact that whenever Mobile Node changed its attached network, Home Agent (HA) will be notified through Binding Update messages containing Mobile Node’s Care-of-Address (CoA).
Return Routability (RR) is the basic technique for authenticating MIPv6 Binding Updates (BUs). Because RR can choose to apply any data encryption mechanism or not and the exchanged messages for weak authentications in RR are through known static routes, it is possible for attackers to launch Man-in-the-middle attacks. Thus, we would like to make some changes to MN/HA/CN that reduces the opportunities against such attacks.
We also find a way to enhance the throughput for massive multimedia data transfers by modifying SCTP over MIPv6. In order to increase routing path diversity, we considered introducing multiple HAs (Home Agent), multi-homed HA or distributed HAs as selective intermediate nodes when Mobile Nodes request for Return Routability authentication.
Through the ideas proposed above, we are able to enhance RR authentication mechanism by making a few changes yet substantially reduce the probability of being compromised due to the weaknesses of original RR Test. At the same time, we would like to gain the benefit of applying SCTP for better throughput between MN and CN.
1.3 Thesis Organization
This thesis consists of 6 chapters. Chapter 2 describes MIPv6 in general, and highlights
some of its threats and defenses. Chapter 3 presents an overview of related works in the field. Chapter 4 describes our proposal of enhancing Return Routability (RR) by using selective routing paths and employ multihomed feature of SCTP with selective source addresses. In Chapter 5, we use NS2 with additional Mobiwan module to demonstrate the security improvement and to analyze the performance of our scheme through simulation results. Conclusions and future work are addressed in Chapter 6.