Mobile IPv4 secure firewall traversal with deployment of foreign agents

Currently mobile IP can enable mobile users to enjoy seamless roaming. However, if home networks are firewall-protected, mobile users can not access their home networks without successful authentication. So mobile users are out of contact with their home agents and then get lost to some extent. In this paper, we consider the case that, in mobile IPv4, a mobile node away from home obtains a care-of address from a foreign agent and communicates with its home agent and a correspondent node that are both behind the firewall of the home network. Our solution can achieve successful firewall traversal as well as end-to-end security by applying IPsec mechanisms on network entities. It does not require any modification of protocols and network entities. Besides, if foreign agents are deployed hierarchically, the security associations do not need to be renegotiated whenever a mobile node changes its network attachment point.

[1]  Gabriel Montenegro,et al.  Reverse Tunneling for Mobile IP, revised , 2001, RFC.

[2]  Vipul Gupta,et al.  Secure and mobile networking , 1998, Mob. Networks Appl..

[3]  Charles E. Perkins,et al.  Mobile IP joins forces with AAA , 2000, IEEE Wirel. Commun..

[4]  Vipul Gupta,et al.  Sun's SKIP Firewall Traversal for Mobile IP , 1998, RFC.

[5]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[6]  Matteo Berioli,et al.  IP mobility support for IPsec-based virtual private networks: an architectural solution , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[7]  Farid Adrangi,et al.  Problem Statement: Mobile IPv4 Traversal of VPN Gateways , 2003 .

[8]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[9]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[10]  Torsten Braun,et al.  Secure mobile IP communication , 2001, Proceedings LCN 2001. 26th Annual IEEE Conference on Local Computer Networks.

[11]  Charles E. Perkins,et al.  Mobile IP , 1997, IEEE Communications Magazine.

[12]  Atsushi Inoue,et al.  Design and implementation of Network CryptoGate-IP-layer security and mobility support , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[13]  Stephen T. Kent,et al.  A public‐key based secure Mobile IP , 1999, Wirel. Networks.

[14]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[15]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[16]  Gerald Q. Maguire,et al.  IP-based protocols for mobile internetworking , 1991, SIGCOMM 1991.

[17]  Günter Schäfer,et al.  FATIMA: a firewall-aware transparent Internet mobility architecture , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[18]  S.M. Bellovin,et al.  Network firewalls , 1994, IEEE Communications Magazine.

[19]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[20]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[21]  William Stallings Zhu,et al.  Network Security Essentials : Applications and Standards , 2007 .

[22]  James D. Solomon,et al.  Mobile IP: The Internet Unplugged , 1997 .