An in-Depth Description of Security in Hierarchical Mobile IPv6 - Report Example

An in depth description of security in Hierarchical Mobile IPv6 (HMIPv6) and the use of Diameter protocol for AAA INTRODUCTION In the way to incorporate the phenomenal structure of Wireless LAN (WLAN) and cellular networks, the efforts are made for the emergence of all-IP based wireless networks. It is the most modern step towards the expansion of the operational functioning of the whole cellular networking process. The trends are made for an advanced interworking arrangement that will be supported by a platform IPv6. The actual crux in this attempt is the demand for an extended security to the Hierarchical Mobile IPv6 (HMIPv6). The t process that undergoes through an internetworking between UMTS and the WLAN, are efficient in their own way of providing Mobile IP service. There is no doubt that a broad AAA architecture and instrumentations are required to formulate the communication transverse over the domains of administrative links. This particular paper is an attempt towards the assessment of the security proficiencies as required in Hierarchical Mobile IPv6 (HMIPv6). The IETF website discusses the handling of the expanded security options for Hierarchical Mobile IPv6 (HMIPv6) and thereby the use of diameter protocol for AAA for the authentication of interworking structure in the IP layer. Working groups to HMIPv6 The term HMIPv6, that is Hierarchical MIPv6 is a protocol extended by the IETF. Its chief purpose is to make all possible attempts to surmount all those inadequacies of MIPv6 that creates hindrances on signaling load and potentially long handoff latencies. The introduction of HMIPv6 by IETF is a kind of new entity to the Mobility Anchor Point (MAP) of internetworking system. Its activation gets tracked when an MN moves into a new MAP domain (i.e., its MAP changes). It very actively gets two new Care-of Addresses, i.e., CoAs. These two new CoAs are; a Regional CoA on the MAP’s subnet (RCoA) and an on-link address (LCoA). After that the MN sends a binding update (BU) to the MAP detailing its RCoA in the Home Address field, using its LCoA as its foundational address. Its active participation also requests a BU (RCoA, Home Address) from its home agent (HA) and thereby the activation of the correspondent nodes (CNs) gets generated for further implementation. There are also certain deviations. Under any circumstance, if the MN makes a local shift then the only the LCoA is altered and a registration packet is sent to the MAP for further dealings. While this augmentation is an additional competent for mobility support, yet it lacks in providing QoS support and QoS-aware authorization for mobile users in general. The diameter annexation for Mobile IPv6 allocates a diameter server to authenticate, authorize, and collect accounting, that is, AAA; information for IP data traffic beneath the mobility management by MIPv6. This leads to the same kind of processing in HMIPv6. Conversely enough, there is the limitation to the application of this process. It is restricted to the elaborative specification of the obvious support of QoS-enabled mobility in a professional way. At the same time, there are equal restrictions on the way to the extension of HMIPv6. In accordance to the recent studies, there are the implementation of several hierarchical IP management techniques to solve the problems of latency and global signaling. These procedures are implemented through the process of localizing most of the mobility-related revisions to the existing effective domain of the internetworking system. The purpose of these protocols is to assuage the scaling and latency apprehensions to a noteworthy amount of accessibility. Amid all kinds of substituted proposals, the most effective are the Cellular IP* and HAWAII**. These two are defined as the host-based routing advancements. They give a kind of integrated maintenance of MN in a single domain-wide CoA. In this attempt the routing tables are suitably custom-made to reproduce the MN’s present point of connection in the networking structure. On the contrary, the mechanical processes like the Regional Tunnel Management and Hierarchical MIP are associated to an MN with multiple CoAs. The process as adopted by each of these mechanisms is concentrating on the resolving of the MN’s location at a meticulous depth in the hierarchy of the managerial format. However the implications of all these proposed formats are highly implicit to the generating factor. It is attempt by taking the use of MIP for granted in the course of global binding modus operandi. The implementation of SeQoMo architecture in this phenomenal strategy makes it effective due to the utilization of an IP-level mobility assistant in the process. Here a ‘QoS-conditionalized handoff controller’ and a ‘QoS-aware security entity’ are formulated in order to make it the foundation to the extensions to the accessible schemes for Hierarchical MIPv6 (HMIPv6), QoS Support for Mobile IP and Diameter Extensions for Mobile IPv6. Mobile and the security requirements in AAA In order to check the required securities for Mobile IPv6, it is necessary to keep a track of Mobile Node (MN). With all investigatory implications it has been expanded to facilitate with a Mobile Node (MN) that can uphold its connectivity to the Internet when it is under *A. Campbell et al., “Cellular IP,” draft-ietf-mobileip-cellularip-00.txt, IETF Jan. 2000 ** R. Ramjee et al., “IP Micro-Mobility Support Using HAWAII,” draft-ietf mobileip- hawaii-01.txt, July 2000, work in progress. the moving process from one Access Router (AR) to another. With all expertise, there is an extension done to Mobile IPv6. It is a MN is expected to be addressable at its home address, which is an IP address with the prefix from its network at its home. The activity of a MN starts as it gets is affixed to a foreign network. In the follow up of the process the MN configures a Care-of Address (CoA), an IP address. In the method of its prearranged purpose, it subnet prefix from the local network, and thereby undertakes the means to send a Binding Update message to record its CoA with a router. This particular router is called Home Agent or HA in its home network. The purpose of this particular derived HA is to reply to the MN. In the proceedings it does the job by returning a Binding Acknowledgement message to MN. Consequently, when all sorts of packages are sent to the HA of the MN, there is the facility to redirect it by the HA to the CoA of the MN, and a MN can thereby preserve its connectivity all through. However there is an intervening time limit to the whole proceedings. It is the process to handover the package when MN is incapable to fling or accept packages due to link layer switching and protocol operations. Sequentially, the purpose is to obtain a kind of seamless mobility, for which ‘Fast handovers’* and ‘Hierarchical Mobile IP’** have been recommended as additions to Mobile IPv6 with the intention of reducing the handover latency and packet loss in the internetworking phenomena. *Rajeev Koodli, “Fast Handovers for Mobile IPv6,” IETF draft-ietfmobileip-fast-mipv6-05.txt, work in progress, Sep. 2002. **Hesham Soliman, Claude Castelluccia, Karim El-Malki, Ludovic Bellier,“Hierarchical Mobile IPv6 mobility management (HMIPv6),” draft-ietf-mobileip-hmipv6-08.txt, work in progress, Jun. 2003 With a generic network layer approach the proliferation of an authentic and independent layer of technology with any link could be obtained. This can be done by the proceedings OF diversified methods headed by EAP. The only thing that needs to support the phenomena is the AAA infrastructure without any extra authorized security. The most important aspect of it is its ultimate flexibility and measuring accessibility. This helps in optimizing the mobility management of any IP infrastructure. It is made clear by the utilisation of ‘Diameter Mobile IPv6’, as it supported the mobility management and also the security aspects of it. There is of course an additional requirement for an interface between the functionality of AAAH and AH in the process of its ease of access. Source: Wenhui Zhang, ‘Interworking Security in Heterogeneous Wireless IP Networks’; University of Stuttgart, Institute of Communication Networks and Computer Engineering, Germany http://www.tkn.tu-berlin.de/tkn/publications/papers/qosaware_authorization_mobile.pdf As shown in the fig above Mobile IP AAA Requirements* depict a communications that enables the AAA servers in order to authenticate and authorise network admission demands from MNs. The MN of the HA seeks it support when it is in a foreign domain. It is done by mans yielding a quantity of documentation to a confined assistant. After this *S. Glass, et al. “Mobile IP Authentication, Authorization, and Accounting Requirements,” IETF RFC 2977 Oct. 2000 the assistant checks with the local AAA authority (AAAL) for verification of the documentations using a proper secured mode of inspection. In some cases the AAAL may not have an adequate amount of information to authenticate the documentations. In such cases there is no other way then to make contact with an external authority, the MN’s home AAA server (AAAH), to acquire required information. As a solution to this the recent research is all about the RADIUS*, a widely deployed protocol. The purpose of this new AAA protocol Diameter is to supply an AAA framework for the submissions of techniques related to the network access or IP mobility. This again is believed to be highly adequate as an AAA protocol. In order to solve the limitations of HMIPv6, this accessibility is highly recommended and is put under accessibility consideration. Security The solution to the security purposes are determined by the QoS-enabled Mobility (SeQoMo) architecture. This is a well organized abstract explanation to all the constituents that are in the routers, access points, mobile nodes, etc. Their interfaces and communication protocols are made accessible to be utilised in the midst of these components. The problems regarding the security of the standardization of MIPv6/HMIPv6 and their lack of a fast handoff detection mechanism are still under wide ranged scrutiny. They also lack in yielding a means to signal QoS for the mobile hosts. The solution that can be counted in such situational strategical arena is to offer these practicalities; the SeQoMo architecture. The SeQoMo architecture commences certain potentialities. Firstly, the enhanced mobility management by using layer-2 triggers; then *Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)," IETF RFC 2865, Jun. 2000 is the QoS signaling for mobile hosts through the QoS-conditionalized handoff scheme; and lastly the protection for mobile communications by amending the Diameter MIPv6 extension with QoS-enabled mobility support in HMIPv6. On the other hand there is the IP-level handoff assistant, i.e., IHA. The utilisation of IHA in the SeQoMo structural design broadens HMIPv6 with fast detection of MN movements. It is thoroughly based on layer-2 information to support the IP-level handoffs. It is also meant to offer the MN with the perceived movement information on both the local or global peripheral built. As IHA gets hold of the curriculum of layer-3 information; the IPv6 address of the new AR as well as of the MAP; it gets aided by the layer-2 trigger. In the process it commences the QHC and the QSE processes and decides a handoff upon positive consequences from the QHC and the QSE developments. For the secure, QoS-enabled mobility for IP-based networks, there can be an alternative solution. It is the innovative combination of HMIPv6, extended Diameter, and RSVP extension for mobile IPv6. In all these phenomenal structures the resources are very abruptly reserved. The technicality lies initially in the QoS perspective. As it has got the intermediate routers in the new path, it gets an appropriate QoS provisioning. This provisioning is very vital, so the matrix as can be employed is the resulting QoS-state gets established and re-established in accordance to the avaibility. Then the security checking are authenticated and thereby the latency and the required method for intermediate routers after the MN is ready to exercise the new CoA/LCoA and RCoA. The point can be further scrutinised and made clear by a minute assumption. From the fig.2 let us consider that CLR signify the QoS soft-state timeout timer for a router, P signify the CPU processing time of a signaling message in a router, T signify the transfer delay between two routers, and presuppose there are no other routers for the scenarios. *** Source: X. FU, T. CHEN, A. FESTAG, H. KARL and G. SCH ¨AFER C. FAN, Secure, QoS-Enabled Mobility Support for IP-based Networks; httpwww.tmg.informatik.unigoettingen.depublications1022ipcn03.pdf Conclusion: Eventually, as a conclusion the security measures are all under process. Some are in action yet time to time they face certain limitations. As it has been mentioned in the paper the attempts are worth and the abundance of it is getting into abundance. The researches and the experiments are on the verge of giving prolific suggestions. Thus for all sorts of mobile Internet access, certain security associations are considered ***Assuming CLR >> T >> P, one can easily see that our proposed SeQoMo architecture re-establishment latency for routers is less than HMIPv6+Diameter+RSVP (RSVP++) scheme; the CPU processing (the sum of P’s) for the signaling messages needed in the routers is also much less. very necessary and are indispensable when it comes to the handling of HMIPv6. The security measures are therefore mandated to have the use of HMIPv6 in the peripheral connectivity of IP sec, in order to defend the veracity and authenticity of the ‘Binding Updates’ and ‘Acknowledgements’. ‘Mobile IP AAA Requirements’, thus with all determinative factors require security associations between a mobile terminal and the local and AAA home server. Typically if we inspect then the matter is quite complex and hard to ascertain any solution. Yet for all these security associations, there are still some of the expert recommendations which are very energetically established to get accessed. Thus the utility of both IP layer and link layer are equally important and are obtained after the whole process of authentication gets verified. In accumulation to this it has been found that the purpose of Context Transfer protocol got its own types of restrictions. It is thus literally a tougher task to handover it in heterogeneous networks. The solution is nothing but the reauthorization and the whole process of creating certain new link layer key source of courses of action. References: A. Campbell; Jan. 2000, et al., “Cellular IP,” draft-ietf-mobileip-cellularip-00.txt, IETF E. Gustafsson, A. Jonsson and C. Perkins, Mar. 2001; “Mobile IP Regional Tunnel Management,” draft-ietf-mobileip-reg-tunnel-04.txt H. Soliman, C. Castelluccia, K. El-Malki, and L. Bellier; July 2001; Hierarchical MIPv6 Mobility Management (HMIPv6). Internet draft H. Soliman’ Feb. 2001; et al., “Hierarchical MIPv6 Mobility Management,” draftsoliman- mobileip-hmipv6-02.txt, IETF Hesham Soliman, Claude Castelluccia, Karim El-Malki, Ludovic Bellier, Jun. 2003; “Hierarchical Mobile IPv6 mobility management (HMIPv6),” draft-ietf-mobileip-hmipv6-08.txt R. Ramjee’ July 2000; et al., “IP Micro-Mobility Support Using HAWAII,” draft-ietf mobileip-hawaii-01.txt Rajeev Koodli, Sep. 2002; “Fast Handovers for Mobile IPv6,” IETF draft-ietfmobileip-fast-mipv6-05.txt Rigney, C., Willens, S., Rubens, A. and W. Simpson, Jun. 2000; "Remote Authentication Dial In User Service (RADIUS)," IETF RFC 2865 S. Glass, Oct. 2000; et al. “Mobile IP Authentication, Authorization, and Accounting Requirements,” IETF RFC 2977 Stefano M. Faccin, Apr. 2003; et al., “Diameter Mobile IPV6 application,“ IETF Internet draft, draft-le-aaa-diameter-mobileipv6-03 ----------------------------------------------------------------------- Read More

Here a ‘QoS-conditionalized handoff controller’ and a ‘QoS-aware security entity’ are formulated in order to make it the foundation to the extensions to the accessible schemes for Hierarchical MIPv6 (HMIPv6), QoS Support for Mobile IP and Diameter Extensions for Mobile IPv6. Mobile and the security requirements in AAA In order to check the required securities for Mobile IPv6, it is necessary to keep a track of Mobile Node (MN). With all investigatory implications it has been expanded to facilitate with a Mobile Node (MN) that can uphold its connectivity to the Internet when it is under *A.

Campbell et al., “Cellular IP,” draft-ietf-mobileip-cellularip-00.txt, IETF Jan. 2000 ** R. Ramjee et al., “IP Micro-Mobility Support Using HAWAII,” draft-ietf mobileip- hawaii-01.txt, July 2000, work in progress. the moving process from one Access Router (AR) to another. With all expertise, there is an extension done to Mobile IPv6. It is a MN is expected to be addressable at its home address, which is an IP address with the prefix from its network at its home. The activity of a MN starts as it gets is affixed to a foreign network.

In the follow up of the process the MN configures a Care-of Address (CoA), an IP address. In the method of its prearranged purpose, it subnet prefix from the local network, and thereby undertakes the means to send a Binding Update message to record its CoA with a router. This particular router is called Home Agent or HA in its home network. The purpose of this particular derived HA is to reply to the MN. In the proceedings it does the job by returning a Binding Acknowledgement message to MN. Consequently, when all sorts of packages are sent to the HA of the MN, there is the facility to redirect it by the HA to the CoA of the MN, and a MN can thereby preserve its connectivity all through.

However there is an intervening time limit to the whole proceedings. It is the process to handover the package when MN is incapable to fling or accept packages due to link layer switching and protocol operations. Sequentially, the purpose is to obtain a kind of seamless mobility, for which ‘Fast handovers’* and ‘Hierarchical Mobile IP’** have been recommended as additions to Mobile IPv6 with the intention of reducing the handover latency and packet loss in the internetworking phenomena.

*Rajeev Koodli, “Fast Handovers for Mobile IPv6,” IETF draft-ietfmobileip-fast-mipv6-05.txt, work in progress, Sep. 2002. **Hesham Soliman, Claude Castelluccia, Karim El-Malki, Ludovic Bellier,“Hierarchical Mobile IPv6 mobility management (HMIPv6),” draft-ietf-mobileip-hmipv6-08.txt, work in progress, Jun. 2003 With a generic network layer approach the proliferation of an authentic and independent layer of technology with any link could be obtained. This can be done by the proceedings OF diversified methods headed by EAP.

The only thing that needs to support the phenomena is the AAA infrastructure without any extra authorized security. The most important aspect of it is its ultimate flexibility and measuring accessibility. This helps in optimizing the mobility management of any IP infrastructure. It is made clear by the utilisation of ‘Diameter Mobile IPv6’, as it supported the mobility management and also the security aspects of it. There is of course an additional requirement for an interface between the functionality of AAAH and AH in the process of its ease of access.

Source: Wenhui Zhang, ‘Interworking Security in Heterogeneous Wireless IP Networks’; University of Stuttgart, Institute of Communication Networks and Computer Engineering, Germany http://www.tkn.tu-berlin.de/tkn/publications/papers/qosaware_authorization_mobile.pdf As shown in the fig above Mobile IP AAA Requirements* depict a communications that enables the AAA servers in order to authenticate and authorise network admission demands from MNs.

The MN of the HA seeks it support when it is in a foreign domain.

Read More