Design and formal security evaluation of NeMHIP: A new secure and efficient network mobility management protocol based on the Host Identity Protocol

NEtwork MObility Basic Support (NEMO BS) is a standardized protocol for managing the mobility of a set of nodes that move together as a whole while having continuous connectivity to the Internet through one or more Mobile Routers (MRs). Because it is based on Mobile IPv6 (MIPv6), it inherits the properties of MIPv6, such as the use of IPsec. However, NEMO BS does not address all the features required by the demanding Intelligent Transportation Systems (ITS) scenario to provide an integrated and global secure mobility management framework. In addition, unlike MIPv6, the routing in NEMO BS is suboptimal, which makes difficult the provision of an adequate service performance. These characteristics make the application of the NEMO BS protocol not optimum in this scenario. An interesting strategy to provide security and good service performance is to consider a protocol that establishes and maintains Security Associations (SAs), such as the Host Identity Protocol (HIP). Different HIP-based approaches have been defined. However, these HIP-based network mobility solutions still present unsolved issues. In this article, we present a secure and efficient network mobility protocol named NeMHIP. NeMHIP provides secure and optimum mobility management and efficient end-to-end confidentiality and integrity protection apart from the basic security properties inherited from HIP. To evaluate the security provisions of NeMHIP, we have conducted a belief-based formal evaluation. The results demonstrate that the defined security goals are achieved by the protocol. Furthermore, we have performed an automated formal evaluation to validate additional security aspects of NeMHIP. Thus, we have modeled NeMHIP using the AVISPA tool and assessed its security when an intruder is present. The results confirm that NeMHIP is a secure protocol that ensures end-to-end confidentiality and integrity without introducing security leaks to the basic HIP. Thus, we have addressed the need found in the literature for providing security and efficiency in the network mobility scenario.

[1]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[2]  Pekka Nikander,et al.  End-Host Mobility and Multihoming with the Host Identity Protocol , 2008, RFC.

[3]  Jan Melén,et al.  Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP) , 2008, RFC.

[4]  Yannick Chevalier,et al.  A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols , 2004 .

[5]  Henrik Petander,et al.  An Experimental Evaluation of a HIP Based Network Mobility Scheme , 2008, WWIC.

[6]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[7]  Sebastian Mödersheim,et al.  OFMC: A Symbolic Model-Checker for Security Protocols , 2004 .

[8]  Hugo Krawczyk,et al.  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[9]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[10]  浩二 長谷部 A logic for authentication in network communications , 2006 .

[11]  Pekka Nikander,et al.  Host Identity Protocol , 2005 .

[12]  Mihui Kim,et al.  A Fast Defense Mechanism Against IP Spoofing Traffic in a NEMO Environment , 2005, ICOIN.

[13]  Pasi Eronen,et al.  IKEv2 Mobility and Multihoming Protocol (MOBIKE) , 2006, RFC.

[14]  Fan Zhao,et al.  Threat Analysis on NEtwork MObility (NEMO) , 2004, ICICS.

[15]  A. V. Senthil Kumar Mobile Computing Techniques in Emerging Markets: Systems, Applications and Services , 2012 .

[16]  Jung-Doo Koo,et al.  Authenticated route optimization scheme for network mobility (NEMO) support in heterogeneous networks , 2010, Int. J. Commun. Syst..

[17]  Jukka Ylitalo,et al.  Host Identity Protocol-based Mobile Router (HIPMR) , 2009 .

[18]  Nerea Toledo,et al.  Analytical Evaluation of a HIP Registration Enhancement for NEMO Scenarios , 2011, IEEE Communications Letters.

[19]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[20]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[21]  Nerea Toledo,et al.  Network Mobility Management in the ITS Context: Protocols for Managing Vehicle-to-Infrastructure Communications , 2012 .

[22]  Nerea Toledo,et al.  Fundamentals of NeMHIP: An enhanced HIP based NEMO protocol , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[23]  Ryuji Wakikawa,et al.  Network Mobility (NEMO) Basic Support Protocol , 2005, RFC.

[24]  Paul C. van Oorschot,et al.  Extending cryptographic logics of belief to key agreement protocols , 1993, CCS '93.

[25]  Hiroshi Inamura,et al.  Secure route optimization for Mobile Network Node using secure address proxying , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[26]  László Bokor,et al.  Design and Evaluation of a Novel HIP-Based Network Mobility Protocol , 2008, J. Networks.

[27]  SeongHan Shin,et al.  LR-AKE-Based AAA for Network Mobility (NEMO) Over Wireless Links , 2006, IEEE Journal on Selected Areas in Communications.

[28]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.