Mobile IPv6: Mobility in a Wireless Internet

by Hesham Soliman; published by Addison Wesley

This excerpt is from Chapter 5, Securing Mobile IPv6 Signaling in Mobile IPv6: Mobility in a Wireless Internet written by Hesham Soliman and published by Addison Wesley. You can download the entire chapter here for free.

    Requires Free Membership to View

Mobility adds inherent security risks to those already in the Internet today. Some of these risks are introduced by the specific mobility protocol. Mobile IPv6 is a new protocol that attempts to do something that has not been done before on the Internet: redirect traffic between a mobile node and other correspondent nodes from one address to another. The signaling for such redirection is done between the mobile and correspondent nodes. To be able to design a protocol that avoids some or all of the security risks associated with it, we need to identify the types of threats specific to this protocol. Then we need to place requirements on the protocol to avoid some or all of these threats. In some cases, it is acceptable to have known threats associated with a protocol, provided that they are documented and understood. The output of the requirements study is used to test the protocol and see whether or not it conforms.

In this chapter, we focus on the security threats that result from the introduction of Mobile IPv6. We analyze different Mobile IPv6 messages and show how each one can be used by Bad Guy to produce undesired effects to the mobile node, correspondent node, and home agent. We then present the mechanisms used by Mobile IPv6 to secure its messages.

5.1 Why Do We Need to Secure Mobile IPv6?
Before we analyze the threats of Mobile IPv6's messages, we consider two different communication scenarios that are possible when Mobile IPv6 is used. Figure 5–1 shows the different cases.

A mobile node may tunnel its packets to the home agent, which in turn decapsulates and forwards them to the correspondent node. If route optimization were used (i.e., the mobile node sent a binding update to the correspondent node), the mobile node would send packets directly to the correspondent node after adding a home address option. The correspondent node would also send packets directly to the mobile node using a routing header type 2 that includes the mobile node's home address. We need to analyze the types of attacks that Bad Guy can launch when he is on-path or off-path. An on-path attacker is one that can see packets going through a certain link between two nodes. For instance, an attacker can be on-path between the mobile and correspondent nodes if he is located at the mobile node's link, the correspondent node's link, or any link between the two where packets between the two nodes are routed. On the other hand, an off-path attacker is unable to see packets sent between the two nodes he is trying to attack.

Download the entire chapter here for free.

This was first published in June 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.