Quality of Service (QoS) mechanisms in net- works supporting mobile Internet communications give rise to new threats: these mechanisms could be abused by malicious entities launching so-called Denial of Service (DoS) attacks. If the network can not efficiently check the credibility of a QoS-request during a handover process, malicious entities could flood the network with bogus QoS- requests; if the authentication check is performed by means of an AAA protocol before the access network commits its resources to the request, the authentication process may not only introduce a notable latency to the handover pro- cess, but also generate an extensive traffic which degrades the signaling capacity in the network when there are a con- siderable amount of malicious requests. In order to de- fend against these kinds of attacks and meet the low-latency micro-mobility handover requirement, we 1 propose to have a preliminary authentication check with a cookie-based mechanism before processing the requests and performing authentication and authorization. The performance evalu- ation shows that the cookie-based mechanism is efficient in dealing with the identified issues.
[1]
Claude Castelluccia,et al.
Hierarchical Mobile IPv6 Mobility Management (HMIPv6)
,
2005,
RFC.
[2]
Cornelia Kappler,et al.
QoS-Conditionalized Handoff for Mobile IPv6
,
2002,
NETWORKING.
[3]
Philippe Robert.
Stochastic Networks and Queues
,
2003
.
[4]
Pekka Nikander,et al.
DOS-Resistant Authentication with Client Puzzles
,
2000,
Security Protocols Workshop.
[5]
Charles E. Perkins,et al.
Mobility support in IPv6
,
1996,
MobiCom '96.
[6]
Victor Fajardo,et al.
Diameter Base Protocol
,
2003,
RFC.