International Journal of Engineering Research and Development (IJERD)


Published on

International Journal of Engineering Research and Development is an international premier peer reviewed open access engineering and technology journal promoting the discovery, innovation, advancement and dissemination of basic and transitional knowledge in engineering, technology and related disciplines.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

International Journal of Engineering Research and Development (IJERD)

  1. 1. International Journal of Engineering Research and Development e-ISSN: 2278-067X, p-ISSN: 2278-800X, Volume 9, Issue 1 (November 2013), PP. 01-04 Survey of Secure Password Authentication Mechanism for seamless handover in proxy mobile IPv6 networks S.Kanmani1, S.Preetha2 1. M.E. Student, Department of Computer Science and Engineering, Kongunadu College of Engineering and Technology, Trichy 2. Assistant Professor, Department of Computer Science and Engineering, Kongunadu College of Engineering and Technology, Trichy Abstract:- To support mobility management without the participation of mobile nodes in any mobility-related signaling, the Internet Engineering Task Force NETLMM Working Group recently proposed a network-based localized mobility management protocol called Proxy Mobile IPv6 (PMIPv6). Even PMIPv6 reduces the signaling overhead and handover latency, it still suffers from packet loss problem and long authentication latency during handoff. There are many security threats to PMIPv6. In this study, to avoiding the packet loss problem perform a bicasting scheme, to reduce the signaling overhead here use the piggyback technique and to protecting a valid user from attacks provide a secure password authentication mechanism (SPAM) in PMIPv6 networks. SPAM provides high security properties including anonymity, location privacy, mutual authentication, stolen-verified attack resistance, no clock synchronization problem, modification attack resistance, forgery attack resistance, replay attack resistance, choose and change password free, fast error detection, and session key agreement. SPAM is an efficient authentication scheme that performs the authentication procedure locally. In addition, it has low computational cost. Final study, demonstrate that this scheme can resist various attacks and provides better performance than existing schemes. Keywords:- Authentication, bicasting, handover, piggyback, Proxy Mobile IPv6 (PMIPv6). I. INTRODUCTION In recent years, wireless and mobile communication systems have become increasingly popular; many people use mobile devices to access all kinds of services, such as web-browsing, VoIP, video conferencing, and multimedia applications, anytime, anywhere. The Internet Engineering Task Force (IETF) proposed a hostbased mobility management protocol, called Mobile IPv6 (MIPv6) protocol [1], for mobile nodes (MNs) to maintain continuous service when they move among different foreign networks. However, MIPv6 does not provide good service for real-time applications because it causes long disruptions during handover. Subsequent work [2], [3], [22], [23] introduced new host-based schemes to improve the performance of MIPv6. Recently, the IETF NETLMM Working Group developed a network-based localized mobility management protocol called Proxy Mobile IPv6 (PMIPv6) [4]. This protocol is used for building a common and access technology independent of mobile core networks, accommodating various access technologies such as WiMAX, 3GPP, 3GPP2 and WLAN based access architectures. PMIPv6 is completely transparent to mobile node (use of a proxy to do the handoff work). PMIPv6 is to be used in localized network with limited topology where handoff signaling delays are minimal. PMIPv6 is primarily targeted at the following network (i) WLAN based campus style network: PMIPv6 provides transparent handoff for mobile node in campus networks. (ii) Advanced 3G/4G network: replace GTP (GPRS tunneling protocol) by PMIP, thus reduce the costs and management in the networks. PMIPv6 has the following characteristics: 1) it allows unmodified IPv6 MNs to access the network; 2) it avoids tunneling overhead over the wireless link; and 3) it reduces the signaling overhead (i.e., an MN does not need to participate in any mobility-related signaling). Moreover, PMIPv6 has lower handoff latency than host-based schemes because it does not perform the duplicate address detection (DAD) process. Such a solution is being standardized within the 3GPP System Architecture Evolution/Long Term Evolution Standard [5] for next-generation networks. Although PMIPv6 reduces lots of handover latency compared with MIPv6, it still suffers from the packet loss and inefficient authentication procedure problems during handover [21]. In addition, PMIPv6 protocol easily encounters many security threats [6]. Therefore, PMIPv6 protocol calls for an efficient handover scheme and secure an authentication mechanism. In this study, propose a feasible solution for solving the flaws of the authentication and handover procedures of PMIPv6. 1
  2. 2. Survey of Secure Password Authentication Mechanism for seamless handover… II. RELATED WORKS PMIPv6 substantially reduces the handover latency of MIPv6 since its handover procedure takes over the movement detection and DAD process from the handover procedures of layer 3 for MIPv6. In Charles, Johnson[10], designed protocol enhancements of IPv6, known as Mobile IPv6, that allow transparent routing of IPv6 packets to mobile nodes. In Mobile IPv6, regardless of its current point of attachment to the Internet, each mobile node is always identified by its home address. While away from its home 1P subnet, a mobile node is also associated with a care-of address, which indicates the mobile node’s current location. Any IPv6 node are enabled by mobile IPv6 to learn and cache the care-of address associated with a mobile node’s home address and to send packets destined for the mobile node directly to it at this care-of address using an IPv6 Routing header. In Hyon and Lee[11], proposed Fast Handover procedure in Mobile IPv6 to support real-time and throughput-sensitive applications. Fast wireless connection between MN and NAR is established by considering both handovers layers to reduce handover latency. The Fast Handover discussed for Wireless LAN is based on first triggers. The performance of triggers is analyzed in view of handover timeliness and accuracy. Almost same performance is obtained by three pre-handover-triggers in the real environment. Melia, Riccardo, Carlos and Wetterwald [12], mobility management is achieved via the Proxy Mobile IPv6 protocol while optimized handover control is provided by the integration of the IEEE 802.21 framework with Proxy Mobile IPv6 networks. Tin, Chieh Chao and Hsiang[13], proposed new technologies to solve bandwidth, security problems. First, a Security Access Gateway (SAG) is proposed to solve the security issue. SAG not only offers high calculating power to encrypt the encryption demand of SAG’s domain. But it also helps mobile terminals to establish a multiple safety tunnel to maintain a secure domain. Second, Robust Header Compression (RoHC) technology is adopted to increase the utilization of bandwidth. Instead of Access Point (AP), Access Gateway (AG) is used to deal with the packet header compression and de-compression from the wireless end. From Charles & David [1], we says that both “sides”, Internet and Cellular Communication have recognized the promising potential of the Mobile Internet market. IPv6 and Mobile IPv6 are seen as an efficient and scalable solution for the future Mobile Internet. Co-operation between organizations of the Internet and Cellular Communication side are established. Magagula et al. [17] used IEEE 802.21 [18] Media Independent Handover services to support the fast handover. Kong et al. [7], [8] used AAA infrastructure to authenticate the MN in PMIPv6 networks, but their schemes inherit the packet loss and inefficient authentication problems from PMIPv6. Ryu et al. [16] proposed the packet lossless PMIPv6 (PLPMIPv6) that uses a buffer mechanism to prevent packet loss during handover, but the inefficient authentication procedure of PL-PMIPv6 causes long handover latency. In addition, the PL-PMIPv6 still suffers from the packet loss problem before the bidirection tunnel is built between the LMA and the new MAG. In [6], there are many security threats to PMIPv6. The main problems on PMIPv6 as man-in-the middle attack, message replay attack and impersonation attack. EAP-TLS [19] can also be applied to the PMIPv6 networks. But EAP-TLS has serious drawbacks. These disadvantages result in high signaling overhead and long authentication latency. Lee and Chung [20] proposed two secure authentication procedures for PMIPv6, but they did not take the handover procedure into consideration. III. FEATURES OF THE MECHANISMS In Kim and Jeong [14], uses fast handover Proxy Mobile IPv6 (PMIPv6) scheme using the IEEE 802.21 Media Independent Handover (MIH) function is proposed for heterogeneous wireless networks. This scheme comes to support fast handover for the mobile node (MN) irrespective of the presence or absence of MIH functionality as well as L3 mobility functionality, whereas the MN in existing schemes has to implement MIH functionality. That is, this scheme does not require the MN to be involved in MIH related signaling required for handover procedure. The base station (BS) with MIH functionality performs handover on behalf of the MN. Therefore, this scheme can reduce burden and power consumption of MNs with limited resource and battery power since MNs are not required to be involved for the handover procedure. In addition, the proposed scheme can reduce considerably traffic overhead over wireless links between MN and BS since signaling messages are reduced. Charles and Johnson[1], Mobile IPv6 is a protocol enhancements for IPv6, that allow transparent routing of IPv6 packets to mobile nodes, taking advantage of the opportunities made possible by the design of a new version of 1P. In Mobile IPv6, each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. It is an efficient and deployable protocol for handling mobility with the new IPv6 protocol, and suitable for use with the coming multitudes of mobile nodes. This protocol is as lightweight as possible, given the need to be transparent to higher level protocols; among schemes which propagate updates to any agent on the home subnet, this protocol attempts to minimize the control traffic needed to effect mobility while nevertheless supplying the necessary information to all IPv6 nodes which need it, in an event-driven fashion. 2
  3. 3. Survey of Secure Password Authentication Mechanism for seamless handover… Xavier and Torrent-Moreno[18] gives the quantitative results of the improvements provided by HMIPv6 with respect to handoff latency, packet loss, bandwidth per station and signaling load as well as an indication of the number of users that could be accommodated depending on the traffic source. These factors were shown to influence the packet loss rate of HMIPv6, and indicated the points that can be improved in an implementation. Moreover, here performed a ’stress-test’ of the protocol to investigate the behavior of the protocol under channel saturation conditions. Hierarchical Mobile IPv6 (HMIPv6) is a localized mobility management proposal that aims to reduce signaling load outside a predefined domain. The mobility management inside the domain is handled by a Mobility Anchor Point (MAP). Mobility between separate MAP domains is handled by MIPv6. Janne Lundberg [15], Mobile IPv6 Fast Handover shortens the period of service interruption period of service interruption and its Implementation must be done in the context of a link layer. Fast Handovers for Mobile IPv6 is an internet draft that gives a solution to the problem of packet loss during the handover procedure of Mobile IPv6. By establishing temporary tunnels between access routers, the draft attempts to solve the problem. The tunnels are used to forward packets that would otherwise be sent to an address where the mobile node would not be able to receive them. The solution also allows access routers to temporarily store packets before they need to be delivered to the mobile node. Fast Handovers for Mobile IPv6 is a protocol that can, in some situations, solve the problem of frequent and seamless handovers in Mobile IPv6. Proxy Mobile IPv6 (PMIPv6) [4] being actively standardized by the IETF NETLMM working group and it is expected to expedite the real deployment of IP mobility management. Network-based mobility management approach such as PMIPv6 is serving network handles the mobility management on behalf of the MN. Here MN is not required to participate in any mobility related signaling. Compared to MIPv6 and its enhancements PMIPv6 has the following salient features and advantages. They are (i) Deployment perspective: not require any modification of MNs. Be expected to accelerate the practical deployment of PMIPv6. (ii) Performance perspective: the serving network controls the mobility management on behalf of the MN. So message can be reduced. (iii) Network service provider perspective: that is not dependent on any accesstechnology-specific protocol, so it could be used in any IP-based network. Tin, Chieh Chao and Hsiang [13], at present encryption is one of the methods used to solve the security problem. According to most researches, the longer the encryption bits are in the key, the higher the security level obtained. Nevertheless, to process a long-bit encryption key requires higher calculating power. While light and thin mobile terminals cannot produce such high calculating power, the Security Access Gateway (SAG) is effective in solving this problem. In its own area, the SAG can assist each the equipment to own high calculating power, fulfill the need to encrypt, and set up a secure domain. To achieve a high security transmitting method such as P2P, multiple-layered encryption technology is necessary to process two encryption mechanisms. In order to improve the bandwidth utilization of wireless networks, the Robust Header Compression (RoHC) technology is adopted. After the RoHC header compression technology compresses the header, a 1 to 2 bytes Context ID (CID) is produced to replace the original packet header. While compressing the header it will enlarge the size of each packet’s payload. Early binding updates are used to combine Mobile IPv6 technology with wireless networks so that users can reduce handover latency while roaming. In Lei and Fu [9], an analytical model is used to analyze and compare the handover latency of PMIPv6 [4], MIPv6, HMIPv6, and FMIPv6. These analytical studies show that PMIPv6 may cause high handover latency if the local mobility anchor is located far from the current mobility access gateway. Here evaluating two most important benefits of introducing PMIPv6 for the localized mobility management through an appropriate mathematical model. After analytical studies and comparisons on the handover latency and overhead, conclude that PMIPv6 can achieve fairly good performance but may cause high handover latency. Therefore, some enhancements for PMIPv6 are suggested to further reduce the handover latency. To alleviate the latency, here proposed two enhancements to PMIPv6, namely, F-PMIPv6 and MIH-PMIPv6. Based on both theoretical and numerical analysis, it is identified that F-PMIPv6 can dramatically reduce the handover latency but may cause higher handover signaling overhead in the network. VI. CONCLUSION AND FUTURE WORK In this research study, proposed a novel secure handover mechanism in PMIPv6 networks. This scheme used the bicasting scheme to avoid the packet loss and out-of-sequence problems, performed the local authentication procedure to reduce the handover latency, and used the piggyback technique to decrease the signaling overhead. Moreover, the SPAM satisfied the following security requirements: anonymity, location privacy, mutual authentication, stolen-verified attack resistance, no clock synchronization problem, modification attack resistance, forgery attack resistance, replay attack resistance, choose and change password free, fast error detection, and session key agreement. The analysis results showed that the proposed scheme provided a better solution than existing schemes. In our future work, we will study the following issues. 1) Mobility management in complex environments: we will extend the proposed scheme in more complex environments (e.g., a nested NEMO environment) and solve the route optimization problem. 3
  4. 4. Survey of Secure Password Authentication Mechanism for seamless handover… 2) Proving the robustness of security: we will propose a cryptanalysis scheme to prove that our authentication mechanism is secure. 3) Considering the roaming situation: we will consider the ticket-based authentication scheme for supporting the global access technique. 4) Key management: we will provide an efficient key management scheme for secure group communications in PMIPv6 networks REFERENCES [1]. [2]. [3]. [4]. [5]. [6]. [7]. [8]. [9]. [10]. [11]. [12]. [13]. [14]. [15]. [16]. [17]. [18]. [19]. [20]. [21]. [22]. D. Johnson, C. Perkins, and J. Arkko, Mobility Support in IPv6, RFC 3775, Jun. 2004. H. Soliman, C. Castelluccia, K. ElMalki, and L. Bellier, Hierarchical Mobile IPv6 (HMIPv6) Mobility Management, RFC 5380, Oct. 2008. R. Koodli, Ed., Mobile IPv6 Fast Handovers, RFC 5268, Jun. 2008. S. Gundavelli, K. Leung, V. Devarapalli, K. Chowdhury, and B. Patil, Proxy Mobile IPv6, RFC 5213, Aug. 2008. Architecture Enhancements for Non-3GPP Accesses, 3GPP Technical Specifications TS23.402, Mar. 2008. C. Vogt and J. Kempf, Security Threats to Network-Based Localized Mobility Management (NETLMM), RFC 4832, Apr. 2007. K.-S. Kong, W. Lee, Y.-H. Han, M.-K. Shin, and H. You, “Mobility management for all-IP mobile networks: Mobile IPv6 versus proxy mobile IPv6,” IEEE Wireless Commun., vol. 15, no. 2, pp. 36–45, Apr. 2008. K.-S. Kong, W. Lee, Y.-H. Han, and M.-K. Shin, “Handover latency analysis of a network-based localized mobility management protocol,” in Proc. IEEE Int. Conf. Commun., May 2008, pp. 5838– 5843. J. Lei and X. Fu, “Evaluating the benefits of introducing PMIPv6 for localized mobility management,” in Proc. IEEE Int. Wireless Commun. Mobile Comput. Conf., Aug. 2008, pp. 74–80. Charles E. Perkins David B. Johnson, “Mobility Support in IPv6”. Hyon G. Kang and Chae Y. Lee, “Fast Handover Based on Mobile IPv6 for Wireless LAN” Telemaco Melia, Fabio Giust, Riccardo Manfrin, Antonio de la OlivaN and Carlos J. Bernardos, Michelle Wetterwald5, “IEEE 802.21 and Proxy Mobile IPv6: A Network Controlled Mobility Solution” Tin-Yu Wu, Han-Chieh Chao, and Chi-Hsiang Lo, “Providing Efficient Secured Mobile IPv6 by SAG and Robust Header Compression”, Journal of Information Processing Systems, Vol.5, No.3, September 2009 117. Pyung-Soo Kim and Jeong Hun Choi, “A Fast Handover Scheme for Proxy Mobile IPv6 using IEEE 802.21 Media Independent Handover”, World Academy of Science, Engineering and Technology 43 2010. Janne Lundberg, “An Analysis of The Fast Handovers for Mobile IPv6 Protocol” S. Ryu, G.-Y. Kim, B. Kim, and Y. Mun, “A scheme to reduce packet loss during PMIPv6 handover considering authentication,” in Proc. IEEE Int. Conf. Comput. Sci. Its Applicat., Jul. 2008, pp. 47–51. L. A. Magagula, O. E. Falowo, and H. A. Chan, “PMIPv6 and MIHenhanced PMIPv6 for mobility management in heterogeneous wireless networks,” in Proc. IEEE AFRICON, Sep. 2009, pp. 1–5. Xavier P´erez-Costa and Marc Torrent-Moreno, “A Performance Study of Hierarchical Mobile IPv6 from a System Perspective” Network Laboratories, NEC Europe Ltd., Kurf¨ursten-Anlage 36, 69115 Heidelberg, Germany. D. Simon, B. Aboba, and R. Hurst, The EAP-TLS Authentication Protocol, RFC 5216, Mar. 2008. J.-H. Lee and T.-M. Chung, “Secure handover for proxy mobile IPv6 in next-generation communications: Scenarios and performance,” Wireless Commun. Mobile Comput., vol. 11, no. 2, pp. 176–186, Feb. 2011. M.-C. Chuang and J.-F. Lee, “FH-PMIPv6: A fast handoff scheme in proxy mobile IPv6 networks,” in Proc. IEEE CECNET, Apr. 2011, pp. 1297–1300. T.-Y. Wu, H.-C. Chao and C.-H. Lo, “Providing efficient secured mobile IPv6 by SAG and robust header compression,” J. Information Process. Syst., vol. 5, no. 2, pp. 117–130, Jun. 2009. 4