Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers

Research Article

A Novel Scheme for Supporting Location Authentication of Mobile Nodes

Download
451 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-17502-2_8,
        author={Osama Elshakankiry and Andy Carpenter and Ning Zhang},
        title={A Novel Scheme for Supporting Location Authentication of Mobile Nodes},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={},
        doi={10.1007/978-3-642-17502-2_8}
    }
    
  • Osama Elshakankiry
    Andy Carpenter
    Ning Zhang
    Year: 2012
    A Novel Scheme for Supporting Location Authentication of Mobile Nodes
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-17502-2_8
Osama Elshakankiry,*, Andy Carpenter1,*, Ning Zhang1,*
  • 1: The University of Manchester
*Contact email: elshakao@cs.man.ac.uk, andy@cs.man.ac.uk, nzhang@cs.man.ac.uk

Abstract

A home registration scheme is typically used for a mobile node to inform its home agent about the mobile node’s current location when it is away from its home link. The Mobile IPv6 protocol protects a home registration scheme against outsider attacks, but it fails to protect from attacks by legitimate mobile nodes behaving maliciously. A malicious mobile node could pretend to own a third-party’s address and luring its home agent to flood that victim with useless packets. This paper attempts to address this weakness by proposing a novel secure home registration scheme to support location authentication of mobile nodes to their home agents in Mobile IPv6 networks. The proposed scheme makes use of a combination of two ideas. Firstly, the care-of addresses are formed using a symmetric key cryptographic address generation technique that prevents the stealing of other nodes’ addresses. Secondly, concurrent care-of addresses reachability tests are used to verify mobile nodes’ reachability at the claimed care-of-addresses. In addition, this paper proposes the idea of segmenting the IPv6 address space into three parts: home addresses, care-of addresses, and stationary addresses to differentiate between nodes based on their IPv6 address. Segmenting IPv6 address space could reduce the number of targets that are vulnerable to flooding attacks launched by malicious MNs. To investigate the efficiency and efficacy of the proposed scheme, the performance, in terms of home registration delay, is investigated using simulation (built with the OPNET Modeler version 14.5).