SECURING BINDING UPDATE IN MOBILE IPv6 USING AN IP ADDRESS-BASED MULTISIGNATURE

摘要

Mobile IP permits mobile node seamless roaming across different administrative domains. However, false binding of home address and care-of address poses a potential for session hijacking and denial of service attacks. This paper presents a new method for authenticating binding update messages between a mobile node and a correspondent node in cases that no pre-established security relationship exists between these two entities. The basic idea is to use the home address of a mobile node as its public key and the care-of address as the public key of a visited router in a foreign domain. The binding message is valid if and only if both the mobile node and visited router sign it. The correspondent node uses the IP addresses in the binding message to verify the compact multisignature. Our scheme provides security protection to both home and care-of addresses, and is efficient in terms of both computational time and message overheads.