A study of CGA- (cryptographically generated address) signature based authentication of binding update messages in low-end MIPv6 node

摘要

It is well known that the existing weak mechanism for authenticating binding update messages is one of the biggest security weaknesses in MIPv6. The best candidate to replace this weak mechanism is CGA signatures. CGA signatures require generating a digital signature of a binding update message. It is also known that public-key cryptographic operations (like digital signatures) are computationally expensive for low-end nodes. This study presents the initial effort in investigating the feasibility of using CGA signature based authentication on low-end nodes. It is found that the commonly used RSA cryptosystem should be replaced with an alternative cryptosystem (esp. because of the computationally intensive operations of key generation and the signature generation)