Vesa Torvinen

Re-thinking security in IP based micro-mobility

Security problems in micro-mobility are mostly related to trust establishment between mobile nodes and middle-boxes, i.e. mobile anchor points. In this paper, we present a secure micro-mobility architecture that scales well between administrative domains, which are already using different kind of network access authentication techniques. The trust between the mobile nodes and middle boxes is established using one-way hash chains and a technique known as secret splitting. Our protocol protects the middle-boxes from traffic re-direction and related Denial-of-Service attacks. The hierarchical scheme supports signaling optimization and secure fast hand-offs. The implementation and simulation results are based on an enhanced version of Host Identity Protocol (HIP). To our knowledge, our micro-mobility protocol is the first one-and-half round-trip protocol that establishes simultaneously a trust relationship between a mobile node and an anchor point, and updates address bindings at the anchor point and at a peer node in a secure way.

Weak Context Establishment Procedure for Mobility and Multi-Homing Management

Trust establishment seems to be the most difficult problem in mobility and multi-homing management. Many protocol proposals assume the presence of some security infrastructure (e.g. a Public-Key Infrastructure). However, building such a global infrastructure has not taken place, maybe because it would be too expensive and difficult to deploy. In this paper, we introduce a security context establishment procedure that utilizes reverse hash chains, and does not require pre-existing security information. The procedure is known to be vulnerable to an active Man-in-the-Middle attack in the first message exchange, however, the procedure is efficient, and does not have inherent scalability problems.