A Secure Correspondent Router Protocol for NEMO Route Optimization

The Network Mobility (NEMO) protocol is needed to support the world-wide mobility of aircraft mobile networks across different access networks in the future IPv6 based aeronautical telecommunications network (ATN). NEMO suffers from the constraint that all traffic has to be routed via the home agent though. The already existing correspondent router (CR) protocol solves this triangular routing problem and permits to route packets on a direct path between the mobile network and the ground based correspondent nodes. We identify security deficiencies of this protocol that make it unsuitable for use within the ATN. We therefore propose a new route optimization procedure based on the CR protocol that provides a higher level of security. We evaluate our new protocol in three ways. We first conduct a simulation based handover performance study using an implementation of a realistic aeronautical access technology. We then investigate the mobility signaling overhead. Finally, we specify a threat model applicable for the aeronautical environment and use it to perform a security analysis of both the old and our new protocol. It is shown that our protocol is not only more secure but also provides better handover latency, smaller overhead in the aeronautical scenario and a higher level of resilience when compared to the original CR protocol.

[1]  Christian Bauer NEMO route optimization with strong authentication for aeronautical communications , 2011, 2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications.

[2]  A. Varga,et al.  THE OMNET++ DISCRETE EVENT SIMULATION SYSTEM , 2003 .

[3]  Jari Arkko,et al.  Enhanced Route Optimization for Mobile IPv6 , 2007, RFC.

[4]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[5]  Daniel Massey,et al.  Deploying Cryptography in Internet-Scale Systems: A Case Study on DNSSEC , 2011, IEEE Transactions on Dependable and Secure Computing.

[6]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[7]  Zhen Cao,et al.  Integrating Identity Based Cryptography with Cryptographically Generated Addresses in Mobile IPv6 , 2007, ICCSA.

[8]  Mohammed Atiquzzaman,et al.  Performance evaluation of multihomed NEMO , 2012, 2012 IEEE International Conference on Communications (ICC).

[9]  Jung-Doo Koo,et al.  Authenticated route optimization scheme for network mobility (NEMO) support in heterogeneous networks , 2010 .

[10]  Marcelo Bagnulo,et al.  Design and Experimental Evaluation of a Route Optimization Solution for NEMO , 2006, IEEE Journal on Selected Areas in Communications.

[11]  Marcelo Bagnulo,et al.  CRYPTRON: CRYptographic Prefixes for Route Optimization in NEMO , 2010, 2010 IEEE International Conference on Communications.

[12]  Dieter Eier,et al.  Satellite based voice communication for air traffic management and airline operation , 2011, ICNS 2011.

[13]  Christian Wietfeld,et al.  An accurate and extensible mobile IPv6 (xMIPV6) simulation model for OMNeT , 2008, Simutools 2008.

[14]  Wesley M. Eddy,et al.  Network Mobility Route Optimization Requirements for Operational Use in Aeronautics and Space Exploration Mobile Networks , 2009, RFC.

[15]  Stephen T. Kent,et al.  A public‐key based secure Mobile IP , 1999, Wirel. Networks.

[16]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[17]  Robert H. Deng,et al.  Routing optimization security in mobile IPv6 , 2006, Comput. Networks.

[18]  Gabriel Montenegro,et al.  Crypto-based identifiers (CBIDs): Concepts and applications , 2004, TSEC.

[19]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[20]  Jun Murai,et al.  ORC: optimized route cache management protocol for network mobility , 2003, 10th International Conference on Telecommunications, 2003. ICT 2003..

[21]  Jean-Pierre Hubaux,et al.  Analysis and Optimization of Cryptographically Generated Addresses , 2009, ISC.

[22]  David D. Clark,et al.  The design philosophy of the DARPA internet protocols , 1988, SIGCOMM '88.