Smart Card Based Protocol for Secure and Controlled Access of Mobile Host in IPv6 Compatible Foreign Network

Abstract

We present a proposal to combine the advantages of IPSec and smart cards in order to design a new protocol for secure bi-directional access of mobile hosts in an IPv6 foreign network using smart cards. The protocol, called Mobile Authentication Protocol (MAP), builds a security association needed for IPsec. An access router in a foreign network contacts an AAA (Authentication, Authorization and Accounting) server in order to authenticate and authorize a mobile host that approaches the router to access services. The access router then acts as a gateway for all subsequent service requirements of the mobile host. The access router interoperates between two protocols, namely, MAP to communicate with clients, and the AAA protocol to communicate with AAA servers. MAP works at the application layer and uses UDP as the transport layer. Therefore, MAP works independently of the data link layer protocols. It also supports features to establish a Local Security Association (LSA) between an access router and mobile hosts. The LSA is used to offer keying material to protect communication between a mobile host and an access router of a visited domain. The proposed design of the access router enables it to control access using IPv6 and to act as an interface between MAP and Diameter (as the AAA protocol). The network access control is secured by using IPSec by utilizing keying material offered by the LSA.