Research Article
A Novel Scheme for Supporting Location Authentication of Mobile Nodes
@INPROCEEDINGS{10.1007/978-3-642-17502-2_8, author={Osama Elshakankiry and Andy Carpenter and Ning Zhang}, title={A Novel Scheme for Supporting Location Authentication of Mobile Nodes}, proceedings={Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers}, proceedings_a={MOBISEC}, year={2012}, month={5}, keywords={}, doi={10.1007/978-3-642-17502-2_8} }
- Osama Elshakankiry
Andy Carpenter
Ning Zhang
Year: 2012
A Novel Scheme for Supporting Location Authentication of Mobile Nodes
MOBISEC
Springer
DOI: 10.1007/978-3-642-17502-2_8
Abstract
A home registration scheme is typically used for a mobile node to inform its home agent about the mobile node’s current location when it is away from its home link. The Mobile IPv6 protocol protects a home registration scheme against outsider attacks, but it fails to protect from attacks by legitimate mobile nodes behaving maliciously. A malicious mobile node could pretend to own a third-party’s address and luring its home agent to flood that victim with useless packets. This paper attempts to address this weakness by proposing a novel secure home registration scheme to support location authentication of mobile nodes to their home agents in Mobile IPv6 networks. The proposed scheme makes use of a combination of two ideas. Firstly, the care-of addresses are formed using a symmetric key cryptographic address generation technique that prevents the stealing of other nodes’ addresses. Secondly, concurrent care-of addresses reachability tests are used to verify mobile nodes’ reachability at the claimed care-of-addresses. In addition, this paper proposes the idea of segmenting the IPv6 address space into three parts: home addresses, care-of addresses, and stationary addresses to differentiate between nodes based on their IPv6 address. Segmenting IPv6 address space could reduce the number of targets that are vulnerable to flooding attacks launched by malicious MNs. To investigate the efficiency and efficacy of the proposed scheme, the performance, in terms of home registration delay, is investigated using simulation (built with the OPNET Modeler version 14.5).