Conference Proceeding Article
The route optimization operation in Mobile IP Version 6 (MIPv6) allows direct routing from any correspondent node to any mobile node and thus eliminates the problem of "triangle routing" present in the base Mobile IP Version 4 (MIPv4) protocol. Route optimization, however, requires that a mobile node constantly inform its correspondent nodes about its new care-of addresses by sending them binding update messages. Unauthenticated or malicious binding updates open the door for intruders to perform redirect attacks, i.e., malicious acts which redirect traffic from correspondent nodes to locations chosen by intruders. How to protect binding update messages to defend against redirect attacks is a challenging problem given the open environment in which MIPv6 operates. In this paper, we first look at two solutions proposed by the IETF Mobile IP Working Group and point out their weaknesses. We then present a new protocol for securing binding update messages. We also show that our protocol achieves strong security and at the same time is highly scalable to wide spread deployment.
mobile IP security, authenticated key-exchange, mobile IP, secure binding update, redirect attack
CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security, November 18-22, Washington, DC
City or Country
DENG, Robert H.; ZHOU, Jianying; and BAO, Feng.
Defending against redirect attacks in mobile IP. (2002). CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security, November 18-22, Washington, DC. 59-67. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/1100
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.