• Title/Summary/Keyword: Cryptographically Generated Address(CGA)

Search Result 17, Processing Time 0.025 seconds

Design of Modified CGA for Address Autoconfiguration and Digital Signature in Hierarchical Ad Hoc Network (개선된 CGA(Modified CGA)를 이용한 계층적 애드 혹 네트워크에서의 주소 자동 설정 및 전자 서명 제공 방안)

  • Lee, Hye-Won;Kim, Guk-Boh;Mun, Young-Song
    • Journal of KIISE:Information Networking
    • /
    • v.33 no.2
    • /
    • pp.175-182
    • /
    • 2006
  • The CGA proposed by IETF working group prevents address spoofing and stealing and provides digital signature to users, but key collision problem arises. To solve this critical problem, the CGA defines the SEC field within address format, which is set to high value when high security is required and vice versa, but the CGA faces a dilemma between security and the processing time. As SEC value increases, the processing time to generate the CGA grows dramatically while key collision ratio increases if low SEC value is applied to the CGA. We propose modified CGA (MCGA) that has shorter processing time than the CGA and offers digital signature with small overheads. To solve key collision problem, we employ hierarchical ad hoc network. The MCGA is applicable to IPv6 networks as well public networks. In this paper, we design a mathematical model to analyze the processing time for MCGA and CGA first and evaluate the processing time via simulations, where the processing time for MCGA is reduced down 3.3 times when SEC value is set to 0 and 68,000 times when SEC value is set to 1. Further, we have proved that the CGA is inappropriate for both ad hoc networks and IPv6 networks when the SEC field is set to more than 3.

Improving the CGA-based HMIPv6 Security Protocol (CGA 기반의 HMIPv6 보안 프로토콜 개선)

  • You, Il-Sun;Kim, Heung-Jun;Lee, Jin-Young
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.1
    • /
    • pp.95-102
    • /
    • 2009
  • In 2006, Haddad, Krishnan and Soliman proposed a Cryptographically Generated Address based protocol as a standard for protecting HMIPv6. Though this protocol can provide both the strong message authentication and binding update key negotiation based on the public-key cryptography, it is still vulnerable to several attacks such as denial of service attacks and redirection attacks. This paper improves the problems caused by the protocol. The improved protocol is analyzed in terms of security and performance, and then is shown to be better than the previous one considering the two factors together.

MIPv6 Binding Update Protocol Secure Against both Redirect and DoS Attacks (Redirect 공격과 DoS 공격에 안전한 MIPv6 바인딩 업데이트 프로토콜)

  • Kang Hyun-Sun;Park Chang-Seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.5
    • /
    • pp.115-124
    • /
    • 2005
  • We propose a new binding update(BU) protocol between mobile node(CN) and correspondent node(CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also propose the stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Suity of our proposed Protocol is analyzed and compared with other protocols. The proposed protocol is more efficient than previous schemes in terms of the number of message flows and computation overhead and is secure against both redirect and DoS attacks.

Authenticated Route Optimization Protocol for Network Mobility Support (네트워크 이동성 지원을 위한 인증된 경로 최적화 프로토콜)

  • Koo, Jung-Doo;Lee, Gi-Sung
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.8 no.4
    • /
    • pp.781-787
    • /
    • 2007
  • Network Mobility (NEMO) basic support protocol doesn't execute the process of route optimization and has not presented the particular security mechanism in other blocks except hi-directional tunnel between Mobile Router (MR) and its Home Agent (HA). Therefore in this paper we process secure route optimization courses through authenticated binding update protocol between MR and its Correspondent Node (CN) and the protocol of the competency of mandate between MR and its Mobile Network Node (MNN); its block also uses an bi-directional tunnel as the block between MR and its HA. The address of each node are generated by the way of Cryptographically Generated Address (CGA) for proving the ownership of address. Finally we analyze the robustness of proposed protocol using security requirements of MIPv6 and existing attacks and the efficiency of this protocol using the connectivity recovery and end-to-end packet transmission delay time.

  • PDF

Modified CGA for Frequently Moving Mobile Nodes in Secure Neighbor Discovery

  • Kim, Esther;Kim, Nam-Uk;Kim, Soo-Duek;Chung, Tae-Myoung
    • Annual Conference of KIPS
    • /
    • 2009.11a
    • /
    • pp.537-538
    • /
    • 2009
  • IPv6 is newly introduced to solve limitations and problems of IPv4 and in IPv6 network, nodes use Neighbor Discovery protocol to discover the subnet prefix and configure its own address. However, Neighbor Discovery is vulnerable to various attacks as it does not have secure mechanism to protect itself. Thus, the Secure Neighbor Discovery has introduced and the main mechanism used in Secure Neighbor Discovery is Cryptographically Generated Address. In this paper, we provide a brief of Cryptographically Generated Address and its limitation in a case where a mobile node moves from one network to another frequently. The proposed scheme resolves this limitation by using the fixed interface identifier.

A Study on the Performance Improvement in SEcure Neighbor Discovery (SEND) Protocol (보안 이웃 탐색 프로토콜 성능 향상 기법에 관한 연구)

  • Park, Jin-Ho;Im, Eul-Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.85-96
    • /
    • 2008
  • Neighbor Discovery(ND) protocol is used to exchange an information of the neighboring nodes on the same link in the IPv6 protocol environment. For protecting the ND protocol, firstly utilizing Authentication Header(AH) of the IPsec protocol was proposed. But the method has some problems-uses of key exchange protocol is not available and it is hard to distribute manual keys. And then secondly the SEcure Neighbor Discovery(SEND) protocol which protects all of the ND message with digital signature was proposed. However, the digital signature technology on the basis of public key cryptography system is commonly known as requiring high cost, therefore it is expected that there is performance degradation in terms of the availability. In the paper, to improve performance of the SEND protocol, we proposed a modified CGA(Cryptographically Generated Address) which is made by additionally adding MAC(Media Access Control) address to the input of the hash function. Also, we proposed cache mechanism. We compared performance of the methods by experimentation.

Authenticated Mobile IPv6 Binding Update Protocol for Micro/Pico Cell Environments (마이크로 및 피코 셀 환경에 적합한 인증된 모바일 IPv6 바인딩 갱신 프로토콜)

  • Lee, Gi-Sung
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.8 no.6
    • /
    • pp.1519-1523
    • /
    • 2007
  • In this paper, we propose the fast and secure binding update protocol as handoff or handover in the micro and pico environment based on mobile IPv6. The nodes or routers on participating in this protocol generate their addresses from cryptographically generated addresses (CGAs) method unlike previous address generation method. The mobile node (MN) includes in home network or home link has limited power and computational abilities. So the home agent (HA) of the MN executes key agreement protocol with the correspondent node (CN) on behalf of the MN. The CN then creates a ticket on including session key, lifetime of ticket. and so on. It then transmits it to the MN via the HA of the MN. The ticket is used to communicate directly between the MN and its CN. In performance analysis, we analyze security of proposed binding update protocol under various attack scenarios and efficiency by comparing proposed protocol with prior binding update protocols. Finally we make a conclusion of this paper and present future works.

  • PDF

A Security method and Performance evaluation of preventing DoS attack against DAD in MANET (MANET 환경에서 중복 주소 탐지에 대한 DoS 공격을 방지하는 보안 기법과 성능 평가)

  • Lim, Jeong-Mi;Park, Chang-Seop
    • Journal of Korea Multimedia Society
    • /
    • v.12 no.8
    • /
    • pp.1099-1108
    • /
    • 2009
  • The study of IP address allocation in MANET can be categories into Stateful and Stateless. The one, special node monitors other nodes' IP address and allocates IF address. And the other, node generates IP address by itself. Nodes in MANET have mobility and restricted resource, so Stateless is more suitable than Stateful. But, in Stateless, node requires DAD process because of unique IP address allocation. And Dos attack can be happened in DAD precess. In this paper, we propose a security method on preventing DoS attack against DAD in MANET using one-way hash function. Since, Computation of one-way hash function is suitable for nodes' restricted resource character in MANET. And we evaluate performance using NS2 and compare with other security method which is CGA using signature.

  • PDF

An Improved Protocol for the Secure Mobile IPv6 Binding Updates (안전한 모바일 IPv6 바인딩 갱신을 위한 개선된 프로토콜)

  • You, Il-Sun;Won, You-Seuk;Cho, Kyung-San
    • The KIPS Transactions:PartC
    • /
    • v.11C no.5
    • /
    • pp.605-612
    • /
    • 2004
  • In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol [2], by adopt-ing Aura's CGA scheme with two hashes [9]. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

Mutual Authentication and Route Optimization between MN and CN using AAA in Mobile IPv6 (Mobile IPv6에서 AAA를 이용한 MN과 CN간의 상호 인증 및 경로 최적화)

  • 김미영;문영성
    • Journal of KIISE:Information Networking
    • /
    • v.31 no.5
    • /
    • pp.429-437
    • /
    • 2004
  • The mobileip working group is equipped with the RR(Return Routabilit) taking the simple procedures and small amount of cryptographic operations by considering the processing capability of the mobile node however it dose not provide security features enough. To replace with enhanced methods, mobileip WG is making an effort to find the approved solutions include CGA(Craptographically Generated Address), IPsec(Internet Protocol Security) as well as the existing infrastructure such as AAA(Authentication, Authorization and Account) and PKI(Public Key Infrastructure). In this paper, we propose the authentication and route optimization based on AAA suitable for the requested security service for its successful story in wireless network such as 802.11 and 3GPP(3rd Generation Partnership Project) as well as wired one. We analyze the effectiveness of our scheme according to the traffic and mobility properties. The result shows the cost reduction up to 20 percent comparing with RR.