论文信息 - Securing Dynamic Home Agent Address Discovery with Cryptographically Generated Addresses and RSA Signatures

Securing Dynamic Home Agent Address Discovery with Cryptographically Generated Addresses and RSA Signatures

With dynamic home agent address discovery (DHAAD), as specified in Mobile IPv6, a Mobile Node can discover the address of a suitable Home Agent on the home link. However, DHAAD suffers from security problems as the signaling is not authenticated nor integrity protected. The IETF has defined SEcure Neighbor Discovery that is providing security for the IPv6 Neighbor Discovery protocol, based on several asymmetric cryptographic mechanisms. It is shown that these mechanisms can also be used to secure DHAAD to increase its level of protection and to provide resistance against attacks.

Christian Bauer | Max Ehammer

[1] Stephen T. Kent,et al. X.509 Extensions for IP Addresses and AS Identifiers , 2004, RFC.

[2] Pascal Thubert. Global HA to HA protocol , 2006 .

[3] Ryuji Wakikawa,et al. Network Mobility (NEMO) Basic Support Protocol , 2005, RFC.

[4] David Cooper,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[5] Tuomas Aura,et al. Cryptographically Generated Addresses (CGA) , 2005, ISC.

[6] Pekka Nikander,et al. IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[7] Charles E. Perkins,et al. Mobility support in IPv6 , 1996, MobiCom '96.

[8] Thomas Narten,et al. Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[9] James Kempf,et al. Mobile IPv6 Bootstrapping in Split Scenario , 2007, RFC.

[10] Pekka Nikander,et al. SEcure Neighbor Discovery (SEND) , 2005, RFC.

[11] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[12] Henrik Petander,et al. On securing dynamic home agent address discovery of on-board mobile router in mobile IPv 6 networks , 2007 .