Documentos de Académico
Documentos de Profesional
Documentos de Cultura
i
= v L(k) / S(k) (4)
The authentication procedure is performed as MN handovers between MAGs. Hence,
the handover rate is closely related with the MNs mobility pattern. In the FF model,
the average cell crossing rate in the given PMIPv6 domain,
i
, is equal to the average
secure against
Redirection
attack
DoS attack MITM attack
[11] O
[12]
[13] O
[14] O
[15]
[proposed] O O O
handover rate, and the direction of an MNs movement is uniformly distributed in the
range of (0, 2) [15-16]. v is the average velocity of MN and i is an indicator of user
group. The user group is divided into two groups, pedestrian user (pu) and vehicular
user (vu) [15].
Handover Cost Analysis. The handover costs of our proposed scheme and [11],
namely Fig. 4 and Fig. 6, are analyzed and compared. In this section, the handover
cost is defined as the sum of signaling cost and processing cost to implement FH-
PMIPv6 supplemented with the authentication scheme. Let j be the authentication
method index ([11] or [proposed]). Let C
j,s
and C
j,p
be the signaling cost and
processing cost when an authentication method j is applied. Let AC
j
be the average
handover cost of an authentication method j in a unit time.
i
represents the average
handover rate in a unit time.
AC
j
=
i
C
j
, where C
j
= (C
j,s
+ C
j,p
) (5)
We define that C
wired
, C
wireless
, H
MN-MAG
, H
MAG-LMA
, H
MAG-MAG
, H
AAA-LMA
and H
MAG-AAA
are the transmission cost on wired link, transmission cost on wireless link, number of
hops between MN and MAG, number of hops between MAG and LMA, number of
hops between MAG and MAG, number of hops between AAA and LMA, and the
number of hops between MAG and AAA. It is also defined that P
MN
, P
MAGA
, P
MAGB
,
P
LMA
and P
AAA
are the processing costs on MN, MAG
A
, MAG
B
, LMA and AAA,
respectively. Then, the handover cost C
j
and average handover cost in time unit AC
j
are calculated based on the parameters in Table 3 as follows.
Table 3. Comparison of Authentication Costs
C
[11]
= 3H
MN-MAG
C
wireless
+ 2H
MAG-MAG
C
wired
+ 2H
MAG-AAA
C
wired
+ 2H
AAA-
LMA
C
wired
+
2H
MAG-LMA
C
wired
+ P
MN
+ P
MAGA
+ P
MAGB
+ P
AAA
+ P
LMA
P
MN
= C
enc
P
AAA
= 2C
enc
+ C
dec
+ C
key
P
MAGA
= C
hash
+ C
veri
P
LMA
= C
hash
+ C
veri
+ C
dec
+ C
key
P
MAGB
= 2C
hash
+ 2C
veri
AC
[11]
=
i
C
[11]
C
[proposed]
= 2H
MN-MAG
C
wireless
+ 2H
MAG-MAG
C
wired
+ 4H
MAG-LMA
C
wired
+ P
MN
+
P
MAGA
+ P
MAGB
+ P
LMA
P
MN
= C
hash
+ C
veri
+ C
key
P
MAGB
= 2C
hash
+ C
veri
+ C
enc
+ 2C
dec
P
MAGA
= C
hash
+ 2C
veri
+ C
enc
+ C
dec
P
LMA
= 2C
hash
+ 2C
veri
+ C
enc
+ 2C
key
AC
[proposed]
=
i
C
[proposed]
Numerical Results. In this section, we present the numerical results. The parameter
values are presented in Table 4. Note that the values are defined relatively [13, 15], so
that the cost does not mean the actual authentication cost for the scheme.
Table 4. Parameters for Evaluation
Symbol Description Value
C
wired
Transmission cost on a wired link 10
C
wireless
Transmission cost on a wireless link 20
C
hash
MAC generation cost 1
C
veri
MAC validation cost 1
C
enc
Encryption/Signature cost 1
C
dec
Decryption/Validation cost 1
C
key
Key generation cost 1
H
MN-MAG
Number of hops between MN and MAG 1
H
MAG-LMA
Number of hops between MAG and LMA 2
H
MAG-MAG
Number of hops between MAG
A
and MAG
B
1
H
AAA-LMA
Number of hops between LMA and AAA 2
H
MAG-AAA
Number of hops between MAG and AAA 4
Fig. 10 shows the numerical results of the average handover cost in time unit AC
j
. R
and k are fixed as 0.05 km and 10, respectively. The solid line in Fig. 10 shows the
average handover cost of the proposed scheme, AC
[proposed]
and the dotted line shows
the average handover cost of [11], AC
[11]
. As seen in the figures, the proposed scheme
performs at a lower handover cost than [11].
Fig. 10. Average Handover Costs
Fig. 10-(a) and (b) show the average handover cost in time unit of the pedestrian user
and vehicular user. The velocity of pu is varied from 2km/h to 5km/h, and the velocity
of vu is also varied from 50km/h to 120km/h. As we can see, the average handover
cost in a unit time increases as the velocity increases. Fig. 10-(c) and (d) reveal the
effect of the number of subnet and the subnet size on the handover cost in a time unit.
As we can see, as the number of subnet increases, the average handover cost in a time
unit decreases and as the subnet size increases, the average handoff cost in a time unit
rapidly decreases. Therefore, the number of subnet and the subnet size are important
for achieving an efficient handover.
6 Conclusion
Without a proper protection scheme for the signaling messages in PMIPv6, it is vul-
nerable to several security attacks such as Redirection attack, MITM attack and DoS
attack. In this paper, we pointed out the security problems of the previous authentica-
tion scheme proposed for PMIPv6, and also proposed a new authentication scheme
and key management scheme applicable to PMIPv6. In the proposed scheme, the
secret keys between MN and MAG and between MAG and LMA are used for achiev-
ing authentication of signaling message. It is based on FH-PMIPv6 and minimizes the
handover delay by interacting only once with the AAA server. As shown in Section 5,
our proposed scheme is more secure and efficient than the previous authentication
schemes.
References
1. D. Johnson, C. Perkins and J. Arkko, Mobility Support in IPv6, RFC3775, June 2004.
2. S. Gundavelli, K. Leung, V. Devarapalli, K. Chowdhury and B. Patil, Proxy Mobile IPv6,
RFC5213, August 2008.
3. R. Koodli, Fast Handovers for Mobile IPv6, RFC4068, July 2005.
4. H. Yokota, K. Ch., R. Koodli, B. Patil and F. Xia, Fast Handovers for Proxy mobile IPv6,
RFC 5949, 2010.
5. Web page of Krb Working Group, http://www.ietf.org/html.charters/krb-wg-charter.html.
6. T. Aura, M. Roe and J. Arkko, Security of Internet Location Management, in Proc. of 18th
Annual Computer Security Applications Conference, Las Vegas, December 2002.
7. P. Nikander, J. Arkko and T. Aura, G. Montenegro and E. Nordmark, Mobile IP version 6
Route Optimization Security Design Background, RFC4225, December 2005.
8. P. Nikander, J. Arkko and T. Aura, G. Montenegro and E. Nordmark, Mobile IP version 6
Route Optimization Security Design Background, RFC4225, December 2005.
9. C. Vogt, Security Threats to Network-Based Localized Mobility Management
(NETLMM), RFC 4832, 2007.
10. J. Laganier, S. Narayanan and P. McCann, Interface between a Proxy MIPv6 Mobility
Access Gateway and a Mobile Node, Internet Draft, draft-ietf-netlmm-mn-ar-if-03, 2008.
11. Huachun Zhou, Hongke Zhang and Yajuan Qin, "An Authentication Method for Proxy
Mobile IPv6 and Performance Analysis, Security and Communication Networks, vol. 2, pp.
445-454, 2009.
12. S. Ryu, G. Kim, B. Kim and Y. Mun, A Scheme to Reduce Packet Loss during PMIPv6
Handover considering Authentication, in Proc. of International Conference on Computa-
tional Sciences and Its Applications, ICCSA, pp. 47-51, 2008.
13. J. Lee, J. Lee and T. Chung, Ticket-based Authentication Mechanism for Proxy Mobile
IPv6 Environment, in Proc of Third International Conference on Systems and Networks
Communications 2008, pp. 304-309, Oct. 2008.
14. J. Song and S. Ha, One-time Key Authentication Protocol for PMIPv6, in Proc. of Third
2008 International Conference on Convergence and Hybrid Information Technology, pp.
1150-1153, November 2008.
15. J. Lee and T. Chung, A Traffic Analysis of Authentication Methods for Proxy Mobile
IPv6, in Proc. of 2008 International Conference on Information Security and Assurance,
pp. 512-517, 2008.
16. W. Wang and Ian F. Akyildiz, Intersystem Location Update and Paging Schemes for
Multitier Wireless Networks, in Proc. of International conference on Mobile computing
and networking (MobiCom) 2000, pages 99-109, August 2000.
17. S. Baek, S. Pack, T. Kwon and Y. Choi,, Localized Authentication, Authorization, and
Accounting (AAA) Protocol for Mobile Hotspots, in Proc. of IEEE/IFIP Annual Confer-
ence on Wireless On demand Network Systems and Services (WONS) 2006, Les Menuires,
France, January 2006.
18. H. Krawczyk, M. Bellare and R. Canetti, HMAC:Keyed-Hashing for Message Authentica-
tion, RFC 2104, Feburuary 1997.