• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.153-158
• /
• 2010

Mobile IPv6 is one of method can keep Mobile node's session. To solve legacy Mobile IPv4's triangular routing problem, in Mobile IPv6, Mobile Node could directly communicate with Correspond node by Binding Update. But, attacker could interfere Return Routability Procedure that is Correspond node check Home address and Care of address reachable. At this result, Attacker is able to hijack Session to correspond node from Mobile node. In This paper, We propose new Binding Update scheme for solving that problem. Our approach is that MN gives association both home token and care of token using onewayness of keyed hash fuction. From security and performance analysis, we can see that proposed binding Update Scheme can achieve stronger security than legacy scheme and at the same time requires minimal computational overhead.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.221-222
• /
• 2008

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.6
• /
• pp.1519-1523
• /
• 2007

In this paper, we propose the fast and secure binding update protocol as handoff or handover in the micro and pico environment based on mobile IPv6. The nodes or routers on participating in this protocol generate their addresses from cryptographically generated addresses (CGAs) method unlike previous address generation method. The mobile node (MN) includes in home network or home link has limited power and computational abilities. So the home agent (HA) of the MN executes key agreement protocol with the correspondent node (CN) on behalf of the MN. The CN then creates a ticket on including session key, lifetime of ticket. and so on. It then transmits it to the MN via the HA of the MN. The ticket is used to communicate directly between the MN and its CN. In performance analysis, we analyze security of proposed binding update protocol under various attack scenarios and efficiency by comparing proposed protocol with prior binding update protocols. Finally we make a conclusion of this paper and present future works.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.3 s.303
• /
• pp.1-8
• /
• 2005

At IETF (Internet Engineering Task Force), recently RFC3775, RFC3776 documents about the mobile IPv6 were standardized by IETF (Internet Engineering Task Force). Those specifications propose that during the roaming, the mobile node sends securely the binding update to the home agent and the correspondent node after setting the security association between Mobile Node and Home Agent. But there is no secure bootstrapping method between a mobile node and a home agent at the two RFC documents. This paper proposed a method for the secure bootstrapping between a mobile node and a home agent. This makes the authentication, binding update, home agent assignment, security association distribution through the AAA-based secure channel between mobile node and home agent. And the proposed method was analyzed in the view of the procedure, round trip and security strength.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.62-65
• /
• 2008

Mobile IPv6에서 단말이 이동을 하게 되면 경로 최적화를 위한 바인딩 업데이트를 하게 된다. 안전한 바인딩 업데이트를 위해 RFC 3775에서 Return Routability가 제안 되었다. 그러나 Return Routability는 MN과 HA 사이에는 IPSec으로 Secure Path를 보장 받지만, MN과 CN 사이에는 바인딩 업데이트 과정에 공격자가 개입할 경우 다양한 공격에 노출될 수 있다. 이에 본 논문에서는CN도 MN과 같이 HA와 Secure Channel을 보유한 이동 단말일 경우, 각 HA 사이에 커버로스 서버를 이용한 키 분배를 통해 바인딩 업데이트 메시지가 전달되는 전 구간에 걸쳐 안전한 경로를 확보하는 아키텍쳐를 제안한다.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.11-25
• /
• 2005

In MIPv6 environment, an important design consideration for public key based binding update protocols is to minimize asymmetric cryptographic operations in mobile nodes with constraint computational power, such as PDAs and cellular phones, For that, public key based protocols such as CAM-DH. SUCV and Deng-Zhou-Bao's approach provides an optimization to offload asymmetric cryptographic operations of a mobile node to its home agent. However, such protocols have some problems in providing the optimization. Especially, CAM-DH with this optimization does not unload all asymmetric cryptographic operations from the mobile node, while resulting in the home agent's vulnerability to denial of service attacks. In this paper, we improve the drawbacks of CAM-DH. Furthermore, we adopt Aura's two hash-based CGA scheme to increase the cost of brute-force attacks searching for hash collisions in the CGA method. The comparison of our protocol with other public key based protocols shows that our protocol can minimize the MN's computation overhead, in addition to providing better manageability and stronger security than other protocols.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.5
• /
• pp.21-30
• /
• 2005

Recently, a mobile IPv6 binding update protocol using Address Based Keys (BU-ABK) was proposed. This protocol applies Address Based Keys (ABK), generated through identity-based cryptosystem, to enable strong authentication and secure key exchange without any global security infrastructure. However, because it cannot detect that public cryptographic parameters for ABKs are altered or forged, it is vulnerable to man-in-the-middle attacks and denial of service attacks. Furthermore, it has heavy burden of managing the public cryptographic parameters. In this paper, we show the weaknesses of BU-ABK and then propose an enhanced BU-ABK (EBU-ABK). Furthermore, we provide an optimization for mobile devices with constraint computational power. The comparison of EBU-ABK with BU-ABK shows that the enhanced protocol achieves strong security while not resulting in heavy computation overhead on a mobile node.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.397-408
• /
• 2017

As mobile traffic increases rapidly, DMM (Distributed Mobility Management) has been proposed as a mobility management technology for seamless communication of mobile devices as mobile traffic increases rapidly. the DMM distributes mobility management from the core network to the edge network, enabling stable binding updates with low latency. However, the DMM still have network delay and security problems for sessions. In this paper, we point out the problems existing in the DMM and propose a new protocol in which the MN (Mobile Node) directly participates in authentication and mutual authentication is correctly performed to solve this problem. We demonstrate not only security improvements but also performance improvements with performance analysis.

• Journal of Convergence for Information Technology
• /
• v.9 no.6
• /
• pp.13-18
• /
• 2019

This paper proposes efficient and secure two-way authentication protocol for binding update messages between mobile devices and home agents / correspondent nodes in IoT and Mobile IPv6 (MIPv6) environments with limited computing power and resources. Based on the MIPv6 message exchange, the proposed protocol satisfies both the authentication and the public key exchange optimized for both sides of the communication with minimum modification. In the future, we will carry out a performance analysis study by implementing the proposed protocol in detail.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.463-466
• /
• 2006

유비쿼터스 사회가 다가옴으로써 많은 모바일 단말기를 사용자들이 이용하게 될 것이다. 이러한 환경에서는 모바일 단말기에 IPv6의 주소가 활당될 것이고, 외부로 이동한 단말기가 지속적인 서비스를 제공 받기 위해서 홈 네크워크에 자신의 이동 IP 주소를 바인딩 업데이트를 통해서 제공할 것이다. 그러나 공개되어 있는 네트워크에서 바인딩 업데이트의 수정을 통해서 서비스를 받지 못하게 하거나 DoS공격을 받을 수 있게 할 수 있다. 그러므로 본 제안 방식에서는 AAA시스템을 통해 티켓을 발급 받은 사용자가 안전하게 바인딩 업데이트를 할 수 있는 방안에 대하여 제시한다. 홈 네트워크의 AAA 서버가 티켓을 발급하고 외부 네트워크를 통해서 접근하는 모바일 노드의 바인딩 업데이트의 정보를 인증하여 안전한 서비스를 제공받도록 한다.