Secure Mobility Management Based on Session Key Agreements

Abstract

AbstractThe issue of securing control signaling in mobility management is still an unsolved concern. To offer enhanced security, features in the recent mobile IP protocols rely on the use of IP Security (IPSec) Security Association (SA). However, the SA itself will cease to be valid if a mobile node moves or a network moves. This paper proposes secure mobile IP (SecMIP) scheme based on one-time transaction key agreements instead of using the pre-generated IPsec SA. In the proposed scheme, the mobile node is responsible for relaying its blind key information from the Home Agent (HA) to the Foreign Agent (FA) while the relating secret value is securely kept in its HA. Receiving the Binding Update (BU) message that contains the FA’s blind key, the HA can calculate the same transaction key as the FA. We analyze the time required for the enemy to succeed to attack our SecMIP scheme on integrity and authentication. Based on the analysis results, we suggest the optimum use of the operational parameters in our SecMIP scheme relating to the length of the secret value and the length of the prime number q in digit. The derived dimensions can guarantee an average of 1 year required for exhaustive key searching by brute force approaches while maintaining a maximum addition of 200 millisecond time latency for the HA and the FA to process the secured BU message.KeywordsMobile IPMobility ManagementSecurity SupportDiffie-Hellman Key AgreementDomain NameResource Record