Jan Melén

Handover performance with HIP and MIPv6

Mobility management in the current Internet is designed to work with mobile IPv4 and, when IPv6 is available, with mobile IPv6. These solutions are based on the current architecture in the Internet, where the IP address represents both the locator and the identifier of the node. In the IETF, identity and location information separation has raised a lot of discussion and new ideas have emerged to separate these. Host identity protocol is one candidate that can be used for this separation. It introduces also a new way of handling mobility management taking advantage on the mentioned identity and location separation.

Re-thinking security in IP based micro-mobility

Security problems in micro-mobility are mostly related to trust establishment between mobile nodes and middle-boxes, i.e. mobile anchor points. In this paper, we present a secure micro-mobility architecture that scales well between administrative domains, which are already using different kind of network access authentication techniques. The trust between the mobile nodes and middle boxes is established using one-way hash chains and a technique known as secret splitting. Our protocol protects the middle-boxes from traffic re-direction and related Denial-of-Service attacks. The hierarchical scheme supports signaling optimization and secure fast hand-offs. The implementation and simulation results are based on an enhanced version of Host Identity Protocol (HIP). To our knowledge, our micro-mobility protocol is the first one-and-half round-trip protocol that establishes simultaneously a trust relationship between a mobile node and an anchor point, and updates address bindings at the anchor point and at a peer node in a secure way.

An experimental evaluation of a HIP based network mobility scheme

In this paper, the authors present and evaluate a network mobility scheme based on Host Identity Protocol (HIP). The cryptographic host identifiers are combined with an authorization mechanism and used for delegating the mobility management signalling rights between nodes in the architecture. While the delegation of the signalling rights scheme itself is a known concept, the trust model presented in this paper differs from the MIPv6 NEMO solution. In the presented approach, the mobile routers are authorized to send location updates directly to peer hosts on behalf of the mobile hosts without opening the solution for re-direction attacks. This is the first time the characteristics of the new scheme is measured in the HIP moving network context using a real implementation. The trust model makes it possible to support route optimization and minimize over-the-air signalling and renumbering events in the moving network. The measurements also reveal new kinds of anomalies in the protocol implementation and design when data integrity and confidentiality protection are integrated into signalling aggregation. The authors propose solutions for these anomalies.

Host Identity Protocol Proxy

The Host Identity Protocol (HIP) is one of the more recent designs that challenge the current Internet architecture. The main features of HIP are security and the identifier-locator split, which solves the problem of overloading the IP address with two separate tasks. This paper studies the possibility of providing HIP services to legacy hosts via a HIP proxy. Making a host HIP enabled requires that the IP-stack of the host is updated to support HIP. From a network administrator’s perspective this can be a large obstacle. However, by providing HIP from a centralized point, a HIP proxy, the transition to begin using HIP can be made smoother. This and other arguments for a HIP proxy will be presented in this paper along with an analysis of a prototype HIP proxy and its performance.

Gateway selection in capillary networks

The world is adopting machine-type communication, wherein sensors and actuators blend seamlessly with the environment around us, bringing a new ubiquitous computing and communication era - a shift that is, to some extent, illustrated by the explosive growth of the Internet of Things (IoT). Capillary Networks play an important role in the growth of IoT, enabling wireless sensor networks to connect and use the capabilities of cellular networks through Capillary Gateways. In that sense, Capillary Gateways facilitate the seamless integration of wireless sensor networks with cellular networks. Therefore, an optimal selection of the Capillary Gateways by the wireless sensor network is crucial for balancing the load between the gateways and optimizing the end-to-end path through both networks. This paper describes a set of possible gateway selection architectures and presents an algorithm for determining the gateway selection based on policies and a set of constraints. Then, the paper describes our implementation of two selected architectures, discussing the solutions and challenges encountered during implementation. Finally, the paper evaluates the traffic and load generated by gateway selection.