Secure Route Optimization for MIPv6 Using Enhanced CGA and DNSSEC

摘要

With mobile phones evolving every year, it is no surprise that recent surveys have shown that the worldwide number of mobile phone subscriptions reached 5.6 billion in 2011, becoming the largest pool of interconnected devices. Since mobile IP is the most-used protocol by mobile operators, the obvious solution to support more users in their network would be to replace it with MIPv6. In addition to integrating the newest IP stack, MIPv6 adds an important feature meant to replace the inefficient triangle routing by allowing an MN to communicate bidirectionally with the CN without passing through its home agent. However, the lack of preshared information between the MN and CN makes security for this RO mechanism a difficult challenge. MIPv6 adopts the RR mechanism that is only to verify the MN reachability in both its home address and care-of address without being a security feature. Other works have attempted to solve the multiple security issues in RR, but either their design was flawed or their assumptions were unrealistic. This paper presents a secure MIPv6 with a secure and efficient RO that uses DNSSEC to validate CGAs from trusted domains and provides strong authentication rather than the weak sender invariance security property. It integrates an enhanced cryptographically generated address (ECGA) based on a backward key chain that offers support to bind multiple logically linked CGAs together. ECGA tackles the time-memory tradeoff attacks with high efficiency. The validation through both AVANTSSAR and AVISPA platforms show that the proposed solution has no security flaw while still being lightweight in signaling messages on the radio network.