정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제20권3호
  • /
  • Pages.121-134
  • /
  • 2010
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

고속의 이동 IPv6를 위한 보안 프로토콜 연구

State of Art on Security Protocols for Fast Mobile IPv6

  • 투고 : 2010.04.01
  • 심사 : 2010.06.04
  • 발행 : 2010.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

고속의 이동 IPv6 (FMIPv6: Fast Handover for Mobile IPv6) 프로토콜은 2 계층에서 지원 가능한 트리거의 도움으로 핸드오버시 발생하는 과도한 지연시간과 시그날링 메시지를 효과적으로 감소시켰다. 뛰어난 효율성에도 불구하고 FMIPv6는 다양한 공격과 위협에 노출되어 있기 때문에 이를 보호하기 위한 여러 보안 프로토콜이 제안되었다. 본 논문에서는 FMIPv6의 취약점 및 보안요구사항을 정의한 후, 이를 바탕으로 주요 보안 프로토콜의 보안특성을 비교 분석하였다. 분석결과는 본 저자들에 의해 제안되었던 프로토콜이 다른 기법에 비해 과도한 연산을 유발하지 않으며 강력한 보안성을 지니고 있다는 것을 보여 주었다.

With the help of various Layer 2 triggers, Fast Handover for Mobile IPv6 (FMIPv6) considerably reduces the latency and the signaling messages incurred by the handover. Obviously, if not secured, the protocol is exposed to various security threats and attacks. In order to protect FMIPv6, several security protocols have been proposed. To our best knowledge, there is lack of analysis and comparison study on them though the security in FMIPv6 is recognized to be important. Motivated by this, we provide an overview of the security protocols for FMIPv6, followed by the comparison analysis on them. Also, the security threats and requirements are outlined before the protocols are explored. The comparison analysis result shows that the protocol presented by You, Sakurai and Hori is more secure than others while not resulting in high computation overhead. Finally, we introduce Proxy MIPv6 and its fast handover enhancements, then emphasizing the need for a proper security mechanism for them as a future work.

키워드

참고문헌

  1. D. Johnson, C. Perkins, and J. Arkko, "Mobility Support in IPv6," IETF RFC 3775, June 2004
  2. R. Koodli, "Mobile IPv6 Fast Handovers," IETF RFC 5268, June 2008
  3. H. Soliman, C. Castelluccia, K. ElMalki, and L. Bellier, "Hierarchical Mobile IPv6 (HMIPv6) Mobility Management," IETF RFC 5380, Oct. 2008
  4. J. Arkko, C. Vogt, and W. Haddad, "Enhanced Route Optimization for Mobile IPv6," IETF RFC 4866, May 2007
  5. R.H. Deng, J. Zhou, and F. Bao, "Defending against redirect attacks in mobile IP," In Proc. of the 9th ACM conference on Computer and Communications Security, pp. 59-67, Nov. 2002.
  6. I. You, K. Sakurai and Y. Hori, "A Security Analysis on Kempf-Koodli's Security Scheme for Fast Mobile IPv6," IEICE Transaction on Communications, Vol. E92-B, no. 06, pp.2287-2290, June 2009 https://doi.org/10.1587/transcom.E92.B.2287
  7. J. Kempf and R. Koodli, "Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)," IETF RFC 5269, June 2008
  8. W. Haddad and S. Krishnan, "Authenticating FMIPv6 Handovers," IETF Internet Draft, draft-haddad-mipshop-fmipv6-auth-02, Sep. 2006
  9. V. Narayanan, N. Venkitaraman, H. Tschofenig, G. Giaretta, and J. Bournelle, "Establishing Handover Keys using Shared Keys," IETF Internet Draft, draft-vidya-mipshop-handover-keys-aaa-04, March 2007
  10. I. You, K. Sakurai, and Y. Hori, "An Enhanced Security Protocol for Fast Mobile IPv6," IEICE Transaction on Information & Systems, Vol. E92-D, No.10, pp. 1979-1982, Oct. 2009 https://doi.org/10.1587/transinf.E92.D.1979
  11. J. Arkko, J. Kempf, B. Zill, and P. Nikander, "SEcure Neighbor Discovery (SEND)," IETF RFC 3971, Mar. 2005
  12. T. Aura, "Cryptographically Generated Addresses (CGA)," IETF RFC 3972, Mar. 2005
  13. F. Dupont, M. Laurent-Maknavicius and J. Bournelle, "AAA for mobile IPv6," IETF Internet Draft, draft-dupont-mipv6-a-aa-01, Nov. 2001
  14. S. Kiriyama, R. Wakikawa, J. Xia and F. Teraoka, "Context Reflector for Proxy Mobile IPv6," In Proc. of 2009 International Conference on Complex, Intelligent and Software Intensive Systems, pp. 588-594, Mar. 2009
  15. S. Gundavelli, K. Leung, V. Devarapalli, K. Chowdhury, and B. Patil, "Proxy Mobile IPv6," IETF RFC 5213, Aug. 2009
  16. H. Yokota, K. Chowdhury, R. Koodli, B. Patil, and F. Xia, "Fast Handovers for Proxy Mobile IPv6," IETF Internet Draft, draft-ietf-mipshop-pfmipv6-12, Dec. 2009.
  17. Y. Han and B. Park. "A Fast Handover Scheme in Proxy Mobile IPv6," IETF Internet Draft, draft-han-netlmm-fast-pmipv6-00, July 2008.
  18. C. Vogt and J. Kempf, "Security Threats to Network-Based Localized Mobility Management (NETLMM)," IETF RFC 4832, Apr. 2007