A comparison study between the TLS-based security framework and IKEv2 when protecting DSMIPv6 signaling

This paper presents a comparison study between the TLS-based security for DSMIPv6 and IKEv2 when establishing Security Associations between MN and HA. The network transmission and processing costs are examined for each protocol using different authentication methods. The results show that the TLS-based solution has less computation cost and less authentication delay than IKEv2with D-H Groups 5 and 14. However, the high amount of transmitted data for certificate based authentications increases the authentication delay in low bandwidth wireless networks.

[1]  Tamas Skopko,et al.  Software-Based Packet Capturing with High Precision Timestamping for Linux , 2010, 2010 Fifth International Conference on Systems and Networks Communications.

[2]  Debanjan Saha,et al.  Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3]  Basavaraj Patil,et al.  Mobile IPv6 Security Framework Using Transport Layer , 2012 .

[4]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[5]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[6]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[7]  Tero Kivinen,et al.  More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) , 2003, RFC.

[8]  Charles E. Perkins,et al.  Problems with the use of IPsec as the security protocol for Mobile IPv6 , 2011 .

[9]  Francis Dupont,et al.  Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture , 2007, RFC.

[10]  Dan S. Wallach,et al.  Performance analysis of TLS Web servers , 2006, TOCS.

[11]  Yaron Sheffer,et al.  An Extension for EAP-Only Authentication in IKEv2 , 2010, RFC.