DOI QR코드

DOI QR Code

프록시 모바일 IPv6 네트워크에서 LMA도메인 간 핸드오버 기법의 보안성 분석 및 구현

Security Analysis and Implementation of Fast Inter-LMA domain Handover Scheme in Proxy Mobile IPv6 Networks

  • 채현석 (성균관대학교 정보통신공학부) ;
  • 정종필 (성균관대학교 정보통신공학부)
  • 투고 : 2011.12.26
  • 심사 : 2012.02.08
  • 발행 : 2012.04.30

초록

PMIPv6는 기존 프로토콜과는 다르게 MN이 이동성의 주체가 아니라, 네트워크 구성 요소들이 MN의 이동성을 보장해준다. MN이 해야 했던 일들을 네트워크를 구성하는 요소들이 대신 수행해줌으로써 MN은 소형화 및 경량화가 가능하다. 그중에서PMIPv6(Proxy Mobile IPv6)[1]프로토콜에서 인증, 권한 검증, 과금을 지원하는 AAA 프로토콜을사용하여 이동성과 MN장치의 보안성을 제공하는 방법이 제안되었다. 이 방법은 MN장치의 보안성을 제공하고 패킷손실을 줄일 수 있는 좋은 이점에도 불구하고, 보호되지 않는 시그널링 메시지에 대한 보안 위협이 있으며, 도메인간의 전역 이동성은 지원하지 않는다. 본 논문에서는 You-Lee-Sakurai-Hori의 ESS-FH 기법과 Kang-Park[3] 기법을 분석하여 PMIPv6 환경에 적용하여 AAA 프로토콜을 통해 각 객체간의 상호인증과 비밀키 설정 및 관리를 통해 안전한 핸드오버를 수행할 수 있음을 설명하고, 서비스 거부 공격 및 리다이렉트 공격으로부터 안전함을 설명하고, 논리적인 BAN로직 도구를 이용하여 및 이동성 모델링을 통해 검증하였다. 또한 PMIPv6 환경하에서 도메인간의 고속 핸드오버 기법을 제안하다.

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. The one of the protocols, Fast Handovers for Proxy Mobile IPv6(FPMIPv6)[1] has studied by the Internet Engineering Task Force(IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6(FMIPv6) in Proxy Mobile IPv6(PMIPv6), it reduces the packet loss. Conventional scheme has proposed that it cooperated with an Authentication, Authorization and Accounting(AAA) infrastructure for authentication of a mobile node in PMIPv6, Despite the best efficiency, without begin secured of signaling messages, PMIPv6 is vulnerable to various security threats such as the DoS or redirect attAcks and it can not support global mobility between PMIPv. In this paper, we analyze Kang-Park & ESS-FH scheme, and then propose an Enhanced Security scheme for FPMIPv6(ESS-FP). Based on the CGA method and the pubilc key Cryptography, ESS-FP provides the strong key exchange and the key independence in addition to improving the weaknesses for FPMIPv6. The proposed scheme is formally verified based on Ban-logic, and its handover latency is analyzed and compared with that of Kang-Park scheme[3] & ESS-FH and this paper propose inter-domain fast handover sheme for PMIPv6 using proxy-based FMIPv6(FPMIPv6).

키워드

참고문헌

  1. D. Johnson, C. Perkins, and J. Arkko, "Mobility support in IPv6," RFC 3775, June, 2004.
  2. R. Koodli, "Mobile IPv6 Fast handovers," RFC 5568, July, 2009.
  3. El. Malki, L. Bellier, "Hierarchical Mobile IPv6 Mobility Management (HMIPv6)," RFC 4140, August, 2005.
  4. S. Gundavelli, K. Leung, V. Devarapalli and K. Chowdhury, "Proxy mobile IPv6," RFC 5213, August, 2008.
  5. H. Yokota, K. Chowdhury and R. Koodli, "Fast handovers for Proxy Mobile IPv6," RFC 5949, September, 2010.
  6. Kang, H.S., Park, C.S. "MIPv6 Binding Update Protocol Secure Against Both Redirect and DoS Attacks," CISC 2005, Lecture Notes in Computer Science, LNCS Vol.3822, Springer-Verlag pp.407-418, 2005.
  7. I. You, J. Lee, K, Sakurai, and Y.Hori, "ESS-FH:Enhanced Security for Fast Handover in Hierarchical Mobile IPv6," IEICE Tr. on Information and Systmes, Vol.E93-D, No.5, pp.1096-1105, May, 2010. https://doi.org/10.1587/transinf.E93.D.1096
  8. T. Aura, "Cryptographically Generated Address," RFC 3972, March, 2005.
  9. T. Narten, E. Nordmark, W. Simpson, and H. Soliman, "Neighbor Discovery for IP version 6(IPv6)," RFC 4681, September, 2007.
  10. J. Arkko, C. Vogt and W. Haddad, "Enhanced Route Optimization for Mobile IPv6," IETF RFC 4866, May, 2007.
  11. M Burrows, M Abadi and R Needham, "A logic of authentication," ACM Trans. Comput. Syst., Vol.8, No.1, pp.18-36, February, 1990. https://doi.org/10.1145/77648.77649
  12. I. F. Akyildiz and W. Wang, "A dynamic location management scheme for next-generation multitier PCS systems," IEEE Trans. Wireless Commun., Vol.1, No.1, pp.178-189, January, 2002. https://doi.org/10.1109/7693.975456
  13. Ki-Sik Kong, Youn-Hee Han, Myung-Ki Shin, HeungRyeol Yoo, and Wonjun Lee, "Mobility management for all-IP mobile networks: mobile IPv6 vs. proxy mobile IPv6," IEEE Wireless Communications, Vol.15, pp.36-45, April, 2008. https://doi.org/10.1109/MWC.2008.4492976
  14. Y. Han, J. Choi, and S. Hwang, "Reactive Handover Optimization in IPv6 Based Mobile Networks," IEEE JSAC, Vol.24, No.9, pp.1758-72, September, 2006.
  15. K. S. Kong, W. Lee, Y. H. Han, M. K. Shin, "Handover Latency Analysis of a Network-based Localized Mobility Management Protocol," IEEE ICC'08, pp.5838-5843, 2008.

피인용 문헌

  1. CEM-PF: Cost-Effective Mobility Management Scheme Based on Pointer Forwarding in Proxy Mobile IPv6 Networks vol.12, pp.4, 2012, https://doi.org/10.7236/JIWIT.2012.12.4.81
  2. Design and Performance Analysis of Cost-Effective and Fast Inter-Domain NEMO Scheme with Multicasting Support vol.1, pp.2, 2012, https://doi.org/10.3745/KTCCS.2012.1.2.087