Enhancing IPsec Performance in Mobile IPv6 Using Elliptic Curve Cryptography

Internet has become indispensable to the modern society nowadays. Due to the dynamic nature of human activities, the evolving mobile technology has played a significant role and it is reflected in the exponential growth of the number of mobile users globally. However, the characteristic of the Internet as an open network made it vulnerable to various malicious activities. To secure communication at network layer, IETF recommended IPsec as a security feature. Mobile IPv6 as the successor of the current mobile technology, Mobile IPv4, also mandated the use of IPsec. However, since IPsec is a set of security algorithm, it has several well-known weaknesses such as bootstrapping issue when generating a security association as well as complex key exchange mechanism. It is a well-known fact that IPsec has a high overhead especially when implemented on Mobile IPv6 and used on limited energy devices such as mobile devices. This paper aims to enhance the IPsec performance by substituting the existing key exchange algorithm with a lightweight elliptic curve algorithm. The experiments managed to reduce the delay of IPsec in Mobile IPv6 by 67% less than the standard implementation.

[1]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[2]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[3]  A. Brunstrom,et al.  Performance Analysis of IPsec in Mobile IPv6 Scenarios , 2007, 2007 16th IST Mobile and Wireless Communications Summit.

[4]  Pekka Nikander,et al.  Threat Models introduced by Mobile IPv6 and Requirements for Security in Mobile IPv6 , 2001 .

[5]  Charles E. Perkins,et al.  Mobile IP Network Access Identifier Extension for IPv4 , 2000, RFC.

[6]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[7]  M. Ramkumar Prabhu,et al.  Securing Binding Updates in Routing Optimizaton of Mobile IPv6 , 2012 .

[8]  Mark D. Baushke More Modular Exponentiation (MODP) Diffie-Hellman (DH) Key Exchange (KEX) Groups for Secure Shell (SSH) , 2017, RFC.

[9]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[10]  Jung-Doo Koo,et al.  Extended Ticket-Based Binding Update (ETBU) Protocol for Mobile IPv6 (MIPv6) Networks , 2007, IEICE Trans. Commun..

[11]  Charles E. Perkins,et al.  Mobile IP , 1997, IEEE Communications Magazine.

[12]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[13]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[14]  M. L. Valarmathi,et al.  An enhanced binding update scheme for next generation internet protocol mobility , 2018 .

[15]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[16]  Performance Analysis of Internet Key Exchange Algorithms on IPSec Security Association Initiation , 2018 .

[17]  Jerome A. Solinas,et al.  Internet Engineering Task Force (ietf) Elliptic Curve Groups modulo a Prime (ecp Groups) for Ike and Ikev2 , 2010 .

[18]  A. H. Mir,et al.  IPsec in Mobile IP : A Survey , 2013 .

[19]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[20]  Antonio F. Gómez-Skarmeta,et al.  Lightweight MIPv6 with IPSec support , 2014, Mob. Inf. Syst..

[21]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[22]  Allison Mankin Threat Models introduced by Mobile IPv6 and Requirements for Security in Mobile IPv6 , 2001 .