Mobile IPv6: Mobility Management and Security Aspects

Mobile IPv6: Mobility Management and Security Aspects

Tayo Arulogun, Ahmad AlSa'deh, Christoph Meinel
DOI: 10.4018/978-1-4666-4514-1.ch003
(Individual Chapters)
No Current Special Offers


Mobile Internet Protocol (MIP) enables a mobile node to be recognized via a single IP address while the node moves between different networks. MIP attains the connectivity to nodes everywhere without user intervention. One general improvement in Mobile IPv6 (MIPv6) compared to MIPv4 is the enhanced security. However, there are areas still susceptible to various kinds of attacks. Security approaches for the MIPv6 are still in progress and there are few unsolved concerns and problems. This chapter focuses on MIPv6 security considerations, potential threats, and possible defense mechanisms. The authors discuss and analyze in detail the MIPv6 mobility management and security approaches with respect to the efficiency and complexity and bring forward some constructive recommendations.
Chapter Preview

Mipv6 Design

MIPv6 is network-layer mobility protocol-based on IPv6 and standardized by the Internet Engineering Task Force (IETF) via the Request for Comments (RFC) number 6275. Its design was based on the MIPv4 and offers more enhancements as summarized in (Perkins et al., 2011). One of the main differences between MIPv4 and MIPv6 is that, in the latter, MN can perform mobility signaling directly with mobile and non-mobile Correspondent Nodes (CN) (Aura & Roe, 2006). The architecture of MIPv6, Figure 1(a), allows MN to move within the Internet while maintaining reachability without noticeable disruption to active sessions, using a permanent Home Address (HoA) and Care of Address (CoA) for communication with a CN. MIPv6 operates using multiple IPv6 extension headers: the Mobility Option Header, the Destination Option Header, the Type 2 Routing Header (RH2) and Internet Control Message Protocol for IPv6 (ICMPv6) messages for signaling. These headers are used to send packets to and from the MN at its CoA, to CN as if HoA is the source and the destination of these packets respectively. When a MN moves away from its home location to a foreign network, it registers with its HA. To register, the MN sends a packet from its CoA to the HA with the Destination Option Header containing the HoA of the MN and a Mobility Option Header with a Type 5 Binding Update (BU) message. HA confirms this BU by sending a packet to the CoA of the MN that contains an RH2 that lists the HoA of the MN and contains a Mobility Option Header with a Type 6 Binding Acknowledgment (BA) message. The MIPv6 mobility can be blue printed via Transparent mode or Route Optimization (RO) mode as shown in Figure 1(a).

Figure 1.

MIPv6 architecture: (a) mobility route, (b) route optimization (Aura & Roe, 2006)


In Transparent mode, HA is a router at the home network, acts as the MN’s trusted agent and link to the CoA. The HA intercepts packets sent by CN to the HoA and forwards them to the CoA over IPv6 tunnel. When the mobile wants to send packets to CN, it sends them to the HA over the reverse tunnel. The HA decapsulates the packets and forwards them to the CN. When MN moves to a new location, it tells HA its new CoA by sending a BU message. The BU message causes the HA to update the IP-in-IP tunnel in such a way that the tunneled packets are routed to and from the new CoA. The binding update and the subsequent BA are authenticated using a preconfigured IP security (IPsec) security association between the MN and the HA.

Complete Chapter List

Search this Book: