No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
One-time Key Authentication Protocol for PMIPv6
Abstract
We are now going to the 4G network and in the 4G network environment, there are so many devices connected to the Internet while they move. We have protocol that can support movement of communicating node without any disruption of their connection status named Mobile IP (MIP). But, the major problem of this MIP is too heaviness of the protocol for small mobile nodes. So, IETF now propose Proxy MIP to solve this problem. But, there is no way to authenticate the mobile node in PMIP. In this paper, we propose new authentication protocol for PMIPv6 and show the results of analysis. With our proposed protocol, we can give a lot of securing features to current PMIPv6.
... III. 기존연구 최근까지 PMIPv6 시그널링 메시지를 보호하기 위해 다양한 기법들이 제안되었다[7] [8] [9] [10] [11] [12] ...
... . 다음의 3.1 절에서는 기존연구 중 [7]기법의 동작과정과 문제점 고속의 안전한 Proxy Mobile IPv6 인증 메커니즘 [그림 2] 초기 인증절차 [7] 을 살펴보고, 3.2 절에서는 그 외의 기존기법들[8] [9] [10] [11] [12] 에 대해서 살펴본다. 다음 설명에서 HMAC_SHA1(K, m)은 메시지 m에 대해서 비밀키 K를 이용하여 계산 한 해쉬값[13] ...
... 또한 티켓의 유효기간이 경과되면 또 다시 AAA 서버에 접속해야 한다는 근본적인 문제점 은 여전히 남아 있으며, 적절한 유효기간 설정의 어 려움을 가지고 있다. [10] ...
Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.
... One-time key Generation protocol was proposed by Song et. al. [8][10]. The protocol introduced two terminologies local-LMA and home-LMA. ...
... The One-time Key authentication protocol does not have a method to prevent from replay attack and key exposure and it is also time consuming. In order to address the problems, we propose an alternative solution using One-time key Generation with Diameter message to prevent security threats like replay attack and key exposure [8]. The Diameter message was used to communicate with backend AAA/Policy server for applications such as network Pseudotimestamp access or IP mobility. ...
... According to the document of [8] [10], they specified definition of format for MH-Identifier using One-time key. In our proposed protocol, we introduce the same format for MH-Identifier using Diameter message. ...
The working group of NetLMM has proposed a new approach, known as network-based mobility management protocol that is actively standardized by Internet Engineering Task Force called Proxy Mobile IPv6 where many mobility signaling messages are performed by a network entity on behalf of a mobile host. Proxy Mobile IPv6 is an effective mobility management protocol for next generation wireless networks that are expected to enable network access ubiquity. Proxy Mobile IPv6 has salient features that attract a lot of attention among the telecommunication and Internet communities. However, Proxy Mobile IPv6 stills suffer from lengthy handover latency and packet loss when Mobile Host moves away to a new network with high speed mobility during the handover process. In order to improve the performance of Proxy Mobile IPv6, we proposed a solution scheme with integration of Media Independent Handover and neighbor discovery message of IPv6 to reduce handover latency and packet loss. But, this proposed protocol does not have methods to prevent security threats such as replay attack and key exposure when mobile host first enters into Proxy Mobile IPv6 domain and also during the handover process. In order to protect this proposed protocol, an authentication method based on the authentication protocol is presented in this paper that can prevent security threats. Also, this authentication method reduces authentication latency.
... One-time key Generation protocol was proposed by Song et. al. [8][10]. The protocol introduced two terminologies local-LMA and home-LMA. ...
... The One-time Key authentication protocol does not have a method to prevent from replay attack and key exposure and it is also time consuming. In order to address the problems, we propose an alternative solution using One-time key Generation with Diameter message to prevent security threats like replay attack and key exposure [8]. The Diameter message was used to communicate with backend AAA/Policy server for applications such as network Pseudotimestamp access or IP mobility. ...
... According to the document of [8] [10], they specified definition of format for MH-Identifier using One-time key. In our proposed protocol, we introduce the same format for MH-Identifier using Diameter message. ...
The working group of NetLMM has proposed a new approach, known as network-based mobility management protocol that is actively standardized by Internet Engineering Task Force called Proxy Mobile IPv6 where many mobility signaling messages are performed by a network entity on behalf of a mobile host. Proxy Mobile IPv6 is an effective mobility management protocol for next generation wireless networks that are expected to enable network access ubiquity. Proxy Mobile IPv6 has salient features that attract a lot of attention among the telecommunication and Internet communities. However, Proxy Mobile IPv6 stills suffer from lengthy handover latency and packet loss when Mobile Host moves away to a new network with high speed mobility during the handover process. In order to improve the performance of Proxy Mobile IPv6, we proposed a solution scheme with integration of Media Independent Handover and neighbor discovery message of IPv6 to reduce handover latency and packet loss. But, this proposed protocol does not have methods to prevent security threats such as replay attack and key exposure when mobile host first enters into Proxy Mobile IPv6 domain and also during the handover process. In order to protect this proposed protocol, an authentication method based on the authentication protocol is presented in this paper that can prevent security threats. Also, this authentication method reduces authentication latency.
... Furthermore, the scheme suffers from the problem of packet loss [9]. In order to address the above issues, the local authentication schemes are proposed [10]- [14]. Song J etc. present an authentication scheme based on one-time key [10], which is generated by specific timestamp. ...
... In order to address the above issues, the local authentication schemes are proposed [10]- [14]. Song J etc. present an authentication scheme based on one-time key [10], which is generated by specific timestamp. Kerberos [11], as an authentication service for distributed environment, makes entities to obtain multiple service by issuing ID and key. ...
With the rapid development of wireless network infrastructure and transportation industry, vehicular ad-hoc networks have been paid more and more attention. Meanwhile, proxy mobile IPv6(PMIPv6), with its shorter handover delay and lower signaling overhead, is an ideal mobility management approach to exploit the advantages of VANETs. However, security issues become the main obstacle for the combination of PMIPv6 and VANETs. Unfortunately, most scholars’ research focus on the efficiency and security during access authentication of vehicle node, while ignoring the privacy issues which may cause great impact on mobile users. In this paper, we put forward an anonymous authentication scheme based on PMIPv6 for VANETs. The scheme is equipped with pseudonyms, identity-based cryptographic mechanisms, and several salient authentication protocols. According to the security and performance analysis, the proposed scheme owns higher security and efficiency compared with the typical ones.
... One-time key Generation protocol was proposed by Song et. al. [7][10]. Onetime key Generation protocol introduced two terminologies local-LMA and home-LMA. ...
... Song et. al. specified the definition of format for MH-Identifier using One-time key [7] [10]. In our proposed protocol, we introduce the similar format for MH-Identifier but using Diameter message. ...
Proxy Mobile IPv6 (PMIPv6) is an effective mobility management protocol for next generation wireless networks which improves ubiquitous network access. However, PMIPv6 still suffers from lengthy handover latency and packet loss during the handover when Mobile Host moves to a new network. In order to improve the performance of PMIPv6, we proposed an integrated solution scheme with Media Independent Handover (MIH) and neighbor discovery message of IPv6 to reduce handover latency and packet loss. The proposed protocol does not have method to prevent from security threats such as replay attack and key exposure when mobile host first enters in PMIPv6 domain. In order to address this problem, we proposed one-time key with Diameter Message authentication framework which is based on the one-time key generation authentication protocol. It is expected the proposed framework is able to enhance security as well as reduce authentication latency.
... The probability of common attacks can be reduced by combining cryptographic hash function with a strong factor that should be periodically changed. For this reason, one-time authentication scheme [12,13] can ensure the integrity and authentication, used one-time key to achieve such a goal. ...
A number of image/message document authentication and integrity schemes have been conducted to recognize any modification in the exchange of documents between two entities (sender and receiver) within a cloud environment. Existing solutions are based on combining key-based hash function with traditional factors (steganography, smart-card, timestamp). However, none of the proposed schemes appear to be sufficiently designed as a secure scheme to prevent common forms of attack such as replay, forgery, stolen verifier, brute force, and insider attacks. In this paper, we propose a scheme to ensure message/image document integrity for each user's login by providing one-time biometric message/image authentication code called MACLESS, which is a summation of combining the key-based hash function (MAC-SHA-1) of a message/image document and the one-time bio-key. Thereafter, MACLESS is hidden in a cover image based steganography anonymity. The proposed scheme has several important security attributes, such as phase key agreement, users' one-time bio-key, and one-time authentication code is valid only for one user's login session. Finally, security analysis and experimental results demonstrate and prove the invulnerability and efficiency of the proposed scheme.
... Access authentication is achieved by presharing the key of AAA server, MN, and mobile agent entity, which increases delay between the AAA server and the proxy mobile entity. [4] solves the key management security issue in the wireless environment by adopting certificate-less sign cryption mechanism in the authentication process of PMIPv6, but this method incurs heavy load on the AAA server due to the interaction between key negotiation process and the AAA server [5] gives a better way to optimize the authentication efficiency of proxy mobile entity handover, it increases the communication cost due to long distance and communication delay among proxy mobile ...
Proxy Mobile IPv6 is a network-based mobility management protocol. The access authentication security plays the primary role in maintaining network security of proxy mobile IPv6. In this paper, we constructed an authentication framework, which is suitable for proxy mobile IPv6 and has eliminated the interaction between the access network and the home network. We implemented a mutual authentication between users and the access network by using hierarchical identity-based signature (HIBS) schemes and combining the identity-based signature and the real network environment based on proxy mobile IPv6. Also, we have enhanced the function of LMA to make it able to optimize the authentication function of proxy mobile IPv6 protocol by reusing historical authentication information. By results from security analysis, this scheme is secure.
Proxy MIPv6 (PMIPv6) provides network-based mobility management without the participation of mobile node. Security and privacy issues are the main obstacles during mobile’s access authentication in PMIPv6 network. A secure anonymous authentication scheme (SAAS) based on proxy group signature is proposed in this paper to achieve mutual authentication between mobile node and mobility access gateway. Anonymity is guaranteed through the identity-based proxy group signature. The formal security proof through SVO logic and the performance analysis demonstrate that the proposed scheme is both robust and efficient.
With the rapid development of network infrastructure and the explosive growth of mobile devices, the construction of network architecture has been paid more and more attention, in which PMIPv6 network with its shorter handover delay and lower signaling overhead becomes one of the current research’s hotspots. However, most scholars’ research focus on the efficiency and security of the authentication process between the mobile node and the access network, while ignoring the privacy issues during authentication which may cause great impact for mobile users. In this paper, we put forward an anonymous authentication scheme for PMIPv6 based on group IBS. The scheme is equipped with pseudonyms and several salient authentication protocols. Brief analysis shows that the proposed scheme is more efficient than the typical ones.
Proxy Mobile IPv6 (PMIPv6) enables local network-based mobility management for mobile node without being involved with any mobility-related signalling. However, the lack of access authentication makes PMIPv6 more vulnerable. The literature authentication schemes suffer from low efficiency and suitability. This paper presents a novel efficient authentication scheme for PMIPv6 based on a 2-level identity-based signature scheme. A mutual access authentication protocol is then achieved to eliminate the interactions between the home network and the access network for improving authentication efficiency and reducing communication cost. Moreover, the security and performance analysis demonstrate that the proposed scheme is robust and is able to provide better solution than existing ones.
Proxy Mobile IPv6 (PMIPv6) is a protocol for network-based mobility management. Without a proper protection mechanism of the signaling messages to be used for mobility support in PMIPv6, PMIPv6 is vulnerable to several security attacks such as Redirection, MITM (Man-In-The-Middle), and DoS (Denial of Service) attacks. In this paper, we point out some security problems of previous authentication scheme associated with PMIPv6, and also propose a new authentication scheme and key management scheme applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.
With the proliferation of mobile devices, mobility management has been one of critical research issues. To make high quality mobility management protocol, PMIPv6 is developed. However, to use PMIPv6 widely in the real world, security issues must also be considered. Authentication is the most basic solution to protect many security threats, but detailed authentication procedure is not specified in the PMIPv6 standard document. So, many researchers have proposed their own authentication schemes. Most of these schemes assume that there is only one PMIPv6 domain. Recently, inter-PMIPv6-domain handover schemes, which consider multiple domain environments, were devised to enable PMIPv6 to cover much larger area, but little research has been done about authentication procedure of inter-domain handover. In this paper, we propose a public key based PMIPv6 authentication scheme. According to our analysis, proposed scheme shows better performance than other previous works.
To support the high mobility of vehicles, the Internet Engineering Task Force (IETF) defines proxy mobile IPv6 (PMIPv6) to reduce the signaling overhead. However, the design of PMIPv6 does not thoroughly consider security issues, such as man-in-the-middle and impersonation attacks. Moreover, the traditional authentication/authorization/accounting (AAA) server architecture in PMIPv6 could impede the localized advantage because of the long-distance delivery between a mobile access gateway (MAG) and the AAA server. In practice, the billing is a crucial issue that is, unfortunately, rarely discussed in vehicular ad hoc networks (VANETs). In this paper, a local-based authentication and billing scheme is proposed to lessen the long-distance communication overhead. An incentive-aware multihop forwarding procedure is also offered to stimulate the help of forwarding others' messages in a vehicle-to-vehicle (V2V) environment. Therefore, the proposed billing scheme is designed for full VANETs, including the vehicle-to-infrastructure (V2I) and V2V environments. Lightweight keyed hash functions and batch verification are employed for efficient computation and concise communication overhead. Only a few signatures are used in the first message to ensure the nonrepudiation payment approval. Security analysis and performance evaluation show that the proposed scheme is secure and efficient, compared with a conventional public-key based scheme. The advantages of the proposed scheme include: 1) mutual authentication and session key agreement; 2) privacy preservation; 3) confidentiality, integrity, free-riding resistance, double-spending avoidance, and nonrepudiation properties; and 4) efficient billing and payment clearance.
For a better compatibility, proxy mobile IPv6 (PMIPv6) has been proposed as a network-based mobility management protocol without the requirement of the participation of mobile terminals. With the feature of localized mobility, PMIPv6 is often used in vehicular ad hoc networks (VANETs) to suit for the high mobility property in vehicles. However, the design of PMIPv6 does not consider security issues thoroughly. The identity authentication of a mobile terminal is suggested by an authentication/authorization/accounting (AAA) server architecture in PMIPv6 standard, which damages the localized advantage because of the long transmission distance between mobile access gateways (MAGs) and the AAA server. In this paper, we propose a localized authentication and billing scheme to reduce the communications between MAGs and the AAA server. Moreover, our billing function enables an Internet Service Providers (ISP) to easily charge mobile terminals (MTs) even if these MTs are roaming within other ISPs' networks. The techniques of the signcryption, hash chain and batch verification are adopted to achieve multiple advantages including (1) mutual authentication and session key agreement, (2) privacy preserving, (3) confidentiality, integrity, and non-repudiation properties, (4) efficient billing and payment clearance.
This paper proposes a new mobility management (MM) scheme for seamless service in IP-based Next Generation Network (NGN). The proposed scheme supports local mobility as well as global mobility, which overcomes problems from existing schemes, such as PMIPv6 or just MIPv6. This paper verifies that the proposed scheme has lower handover latency time than the others by using numerical analysis.
We are now going to the 4G network and in the 4G network environment, there are so many devices connected to the Internet while they move. We have protocol that can support movement of communicating node without any disruption of their connection status named Mobile IP(MIP). But, the major problem of this MIP is too heaviness of the protocol for small mobile nodes. So, IETF now propose PMIP to solve this problem. But, there is no way to authenticate the mobile node in PMIP. In this paper, we propose updated version of one-time key based authentication protocol for PMIPv6[Song (2008)] and show the extended results of analysis. With our proposed protocol, we can give a lot of securing features to current PMIPv6.
Interface between a Proxy MIPv6 Mobility Access Gateway and a Mobile Node, IETF netlmm WG Draft(work in progress)
- J Laganier
- S Narayanan
- P Mccann
IP Mobility Support for IPv4, revised, IETF mip4 WG Draft(work in progress)
- C Perkins
A One-Time Password System
Internet X.509 Public Key Infrastructure: Certification Path Building
Mobility Support in IPv6