James Kempf

Securing IPv6 neighbor and router discovery

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

Scalability and robustness analysis of mobile IPv6, fast mobile IPv6, hierarchical mobile IPv6, and hybrid IPv6 mobility protocols using a large-scale simulation

Fast mobile IPv6 (FMIP) and hierarchical mobile IPv6 (HMIP) are enhancements to the standard mobile IPv6 (SMIP) protocol for reducing handover latency and data loss, and for localized mobility management. In this paper, we present scalability and robustness analysis of the three protocols and two hybrid protocols of FMIP and HMIP, using a large-scale simulation. The simulation results indicate that FMIP achieves the best handover performance. HMIP incurs considerably less per-handover signaling overhead than FMIP on the wireless link, but HMIP data traffic has a fixed and permanent overhead even after handover. Hybrid protocols achieve FMIP-like handover performance and improve handover signaling overhead but cannot remove tunneling overhead. Hybrid protocols are also more robust to access router and home agent failures.

Fast mobile IPv6 handover packet loss performance: measurement for emulated real time traffic

Mobile IPv6 provides comprehensive mobility management for the IPv6 protocol. Yet, it has been known for some time that the default mobile IPv6 protocol for handover between subnets can result in packet drops, which cause a user-perceptible deterioration in a real time traffic. Recent work has defined several new algorithms for Mobile IPv6 handover. These algorithms consist of two components: preconfiguring the care of address when it is known, and establishing a source route-based tunnel between the old access router and the new so that the mobile node can continue to receive its traffic on the new link under its old care of address. In this paper, we present measurements of the fast Mobile IPv6 (FMIPv6) handover algorithms on a handover emulator. While the algorithms can reduce the number of packet drops, some amount of buffering helps smooth handover. In addition, algorithms differ in their ability to reduce handover packet drops, depending on the wireless link characteristics.

MPSS: Multiprotocol Stateless Switching

The Multiprotocol Label Switching (MPLS) architecture has become a true success story in the world of telecommunications. However, MPLS becomes cumbersome if multicast communication is needed, as aggregating of labels is not easy. Because of that, when providing Multicast VPNs, operators need to trade-off bandwidth usage with the amount of multicast state, sacrificing efficiency. Forwarding with Bloom filters in the packet headers offers the opportunity to have quasi-stateless network elements; the amount of forwarding plane state does not depend on the number of paths/trees the node participates in. In this paper, we propose Multiprotocol Stateless Switching (MPSS), the marriage of MPLS and Bloom filter based forwarding. The forwarding architecture inherits the flexibility of MPLS and gives operators the opportunity to offer Multicast VPN services while avoiding the difficult process of fine-tuning the trade-off between bandwidth usage and state.

Mobile IPv6 Security

Mobile IPv6 provides global mobility and location management support for the IPv6 network layer protocol. The design of Mobile IPv6 incorporates security features that differ significantly from its predecessor, Mobile IPv4. Some of the new security features are intended to counter new threats raised by route optimization, while others align Mobile IPv6 security more closely with basic IPv6 security mechanisms. In this paper, we outline the security threats to Mobile IPv6 and describe how the security features of the Mobile IPv6 protocol mitigate them.

Using insurance to increase internet security

Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods reduce but do not eliminate risk, and the question remains on how to handle the residual risk. Current schemes applied by Internet Service Providers (ISPs) penalize the users, who suffer from the consequences. In this paper, we take a new approach to the problem of Internet security and advocate managing the residual risk by buying insurance against it and consequently re-arranging the incentive chain. We first analyze the current state of the Internet and investigate if it is possible to alleviate the existing problems by introducing insurance schemes. By performing detailed analysis we define an insurance policy that can survive in a competitive market. Following that, we analyze the impact of insurance-based ISPs on the rest of the network and attempt to answer whether using insurance can increase the overall security of the system and provide incentive to other ISPs to implement such policies.

IP paging considered unnecessary: Mobile IPv6 and IP paging for dormant mode location update in macrocellular and hotspot networks

Cellular telephones save power by switching to a low power or dormant mode when there is no active traffic. In dormant mode, the telephone periodically checks for a beacon, and if the beacon indicates that the phone has moved to a new paging area, the telephone performs a paging area update. Paging area update signaling requires considerably less power than is required to move an active traffic channel. When a call comes in, the network pages the telephone by flood signaling the paging area on a special channel, and the telephone brings up an active traffic channel. Recent work has attempted to extend paging to IP networks, in particular, networks running the Mobile IP mobility management protocol. In this paper, we compare mobile IPv6 and IP paging for dormant mode location updating. Simulations are presented for a typical macrocellular scenario and a hotspot scenario, where broadband microcells supplement the narrowband macrocells. The results show that Mobile IPv6 dormant mode location management is roughly comparable to IP paging.

Congestion state-based dynamic FEC algorithm for media friendly transport layer

TCP-friendliness has been adopted as the most important property for the design of new media-specific transport layers in the Internet. The TCP protocol is mainly concerned with achieving as much throughput as possible while preventing long-term congestion. Various TCP protocol designs do this by inducing brief episodes of network congestion, measuring it, then reducing the offered load quickly to remove the congestion. Media flows, on the other hand, are very sensitive to even brief episodes of congestion. The question therefore arises: how can we protect media flows against TCP-induced network congestion? In this paper, we focus on combining the TCP Friendly Rate Control (TFRC) protocol with Forward Error Correction (FEC) to achieve such protection. We observe that FEC methods that solely rely on loss statistics generate significant overhead in terms of the redundant parity packets transmitted over the network. Accordingly, we investigate the loss and delay characteristics in several TCP-induced congestion scenarios in order to identify potential periods of increased congestion and apply FEC protection during those periods judiciously. We find out that indeed efficient models can be developed and incorporated into a dynamic FEC framework which can achieve substantially better overhead vs. reliability tradeoff (e.g., up to 60% improvement at high reliability region) than an FEC approach that uses fixed coding rate to satisfy a given reliability.

Real-time traffic support in heterogeneous mobile networks

Multi-hop mobile wireless networks have been proposed for a variety of applications where support for real-time multimedia services will be necessary. Support for these applications requires that the network is able to offer quality of service (QoS) appropriate for the latency and jitter bounds of the real-time application constraints. In this paper, we analyze the primary challenges of realizing QoS in mobile wireless networks with heterogeneous devices and propose a QoS framework for real-time traffic support. We address the problem in three ways: estimate the path quality for real-time flows, mitigate the impact of node heterogeneity on service performance, and reduce the impact of interfering non-real-time traffic. Specifically, our proposed QoS framework first utilizes a call setup protocol at the IP layer to discover paths for real-time flows, as well as to perform admission control by accurate service quality prediction. The underlying routing protocol also enables transparent path selection among heterogeneous nodes to provide stable paths for real-time traffic delivery. We then use a prioritized MAC protocol to provide priority access for flows with real-time constraints to reduce interference from unregulated non-real-time traffic. We foresee the utility of our proposed solution in heterogeneous mobile networks, such as campus or community-wide wireless networks. In these environments, resource-rich or fixed wireless routers may be leveraged to achieve better service quality when heterogeneity of node capability and movement is significant. Through experimental results, we demonstrate the utility and efficiency of our approach.

Cryptographically protected prefixes for location privacy in IPv6

There is a growing concern with preventing unauthorized agents from discovering the geographical location of Internet users, a kind of security called location privacy. The typical deployments of IPv6 in mobile networks allow a correspondent host and any passive eavesdroppers to infer the users rough geographical location from the IPv6 address. We present a scheme called Cryptographically Protected Prefixes (CPP), to address this problem at the level of IPv6 addressing and forwarding. CPP randomizes the address space of a defined topological region (privacy domain), thereby making it infeasible to infer location information from an IP address. CPP can be deployed incrementally. We present an adversary model and show that CPP is secure within the model. We have implemented CPP as a pre-processing step within the forwarding algorithm in the FreeBSD 4.8 kernel. Our performance testing indicates that CPP pre-processing results in a 40–50 percent overhead for packet forwarding in privacy domain routers. The additional end to end per packet delay is roughly 20 to 60 microseconds.