Research on Security of Binding Update to Correspondent Nodes in Mobile IPv6
|Course||Computer System Architecture|
|Keywords||Mobile IPv6 binding update certificate WPKI OMNET++|
With the development of the scale of Internet, mobile IPv6 as a very important component of IPv6 becomes more and more popular. Mobility was considered in the beginning of the IPv6 designing, so many of the fundamental theories of IPv6 was specially proposed for solving problems as follows: address autoconfiguration, neighbor discovery, security mechanism, routing header, dynamic home address discovery, implementation of transparency.However, mobility of IPv6 has posed many new threats. Features of mobile IP itself such as the open link, the frequency of handover and the implementation of tunneling mechanism, make it more tend to be attacked by passive wiretapping, relay attack and DoS.Binding update registration is a key to mobile IPv6 security. To design a suitable security protocols for mobile IPv6, a series of problems should be considered, such as mobile devices’low computation capability, low bandwidth and high bit error rate in a wireless data networks, etc.Based on analysis of potential attacks and threats(e.g. relay attack, information interception) to the procedure of binding update between a mobile node and a correspondent node in mobile IPv6 mechanism, this thesis proposes an authentication method which suits mobile IPv6 and can protect the binding update procedure. The solution is on the basis of the new WTLS certificates、ECC and the WTLS protocol in WAP, provides privacy, data integrity, and authentication between MN and CN. The solution improves the security of RRP, and the security of mobile IPv6, reduces system overhead and redundancy and enhances system robustness.The structure of this thesis as follows: Chapter one covers the purpose and background of the thesis. Chapter two gives a background to mobile IPv6. Chapter three analyzes the security threats to mobile IPv6 environment in detail. Chapter four compares the current protocols. Chapter five presents basic principle of WPKI. Chapter six proposes an authentication mechanism based on WPKI certificates. Chapter seven analyzes performance of this scheme with OMNET++. Chapter eight summarizes the scheme and puts forward some ideas about the scheme with WPKI and how to improve the scheme next.