International Journal of Engineering Research and Development is an international premier peer reviewed open access engineering and technology journal promoting the discovery, innovation, advancement and dissemination of basic and transitional knowledge in engineering, technology and related disciplines.
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
International Journal of Engineering Research and Development (IJERD)
1. International Journal of Engineering Research and Development
e-ISSN: 2278-067X, p-ISSN: 2278-800X, www.ijerd.com
Volume 9, Issue 1 (November 2013), PP. 01-04
Survey of Secure Password Authentication
Mechanism for seamless handover in proxy mobile IPv6
networks
S.Kanmani1, S.Preetha2
1. M.E. Student, Department of Computer Science and Engineering, Kongunadu College of Engineering and
Technology, Trichy
2. Assistant Professor, Department of Computer Science and Engineering, Kongunadu College of Engineering
and Technology, Trichy
Abstract:- To support mobility management without the participation of mobile nodes in any mobility-related
signaling, the Internet Engineering Task Force NETLMM Working Group recently proposed a network-based
localized mobility management protocol called Proxy Mobile IPv6 (PMIPv6). Even PMIPv6 reduces the
signaling overhead and handover latency, it still suffers from packet loss problem and long authentication
latency during handoff. There are many security threats to PMIPv6. In this study, to avoiding the packet loss
problem perform a bicasting scheme, to reduce the signaling overhead here use the piggyback technique and to
protecting a valid user from attacks provide a secure password authentication mechanism (SPAM) in PMIPv6
networks. SPAM provides high security properties including anonymity, location privacy, mutual
authentication, stolen-verified attack resistance, no clock synchronization problem, modification attack
resistance, forgery attack resistance, replay attack resistance, choose and change password free, fast error
detection, and session key agreement. SPAM is an efficient authentication scheme that performs the
authentication procedure locally. In addition, it has low computational cost. Final study, demonstrate that this
scheme can resist various attacks and provides better performance than existing schemes.
Keywords:- Authentication, bicasting, handover, piggyback, Proxy Mobile IPv6 (PMIPv6).
I.
INTRODUCTION
In recent years, wireless and mobile communication systems have become increasingly popular; many
people use mobile devices to access all kinds of services, such as web-browsing, VoIP, video conferencing, and
multimedia applications, anytime, anywhere. The Internet Engineering Task Force (IETF) proposed a hostbased mobility management protocol, called Mobile IPv6 (MIPv6) protocol [1], for mobile nodes (MNs) to
maintain continuous service when they move among different foreign networks. However, MIPv6 does not
provide good service for real-time applications because it causes long disruptions during handover. Subsequent
work [2], [3], [22], [23] introduced new host-based schemes to improve the performance of MIPv6.
Recently, the IETF NETLMM Working Group developed a network-based localized mobility
management protocol called Proxy Mobile IPv6 (PMIPv6) [4]. This protocol is used for building a common and
access technology independent of mobile core networks, accommodating various access technologies such as
WiMAX, 3GPP, 3GPP2 and WLAN based access architectures. PMIPv6 is completely transparent to mobile
node (use of a proxy to do the handoff work). PMIPv6 is to be used in localized network with limited topology
where handoff signaling delays are minimal. PMIPv6 is primarily targeted at the following network (i) WLAN
based campus style network: PMIPv6 provides transparent handoff for mobile node in campus networks. (ii)
Advanced 3G/4G network: replace GTP (GPRS tunneling protocol) by PMIP, thus reduce the costs and
management in the networks.
PMIPv6 has the following characteristics: 1) it allows unmodified IPv6 MNs to access the network; 2)
it avoids tunneling overhead over the wireless link; and 3) it reduces the signaling overhead (i.e., an MN does
not need to participate in any mobility-related signaling). Moreover, PMIPv6 has lower handoff latency than
host-based schemes because it does not perform the duplicate address detection (DAD) process. Such a solution
is being standardized within the 3GPP System Architecture Evolution/Long Term Evolution Standard [5] for
next-generation networks. Although PMIPv6 reduces lots of handover latency compared with MIPv6, it still
suffers from the packet loss and inefficient authentication procedure problems during handover [21]. In addition,
PMIPv6 protocol easily encounters many security threats [6]. Therefore, PMIPv6 protocol calls for an efficient
handover scheme and secure an authentication mechanism. In this study, propose a feasible solution for solving
the flaws of the authentication and handover procedures of PMIPv6.
1
2. Survey of Secure Password Authentication Mechanism for seamless handover…
II.
RELATED WORKS
PMIPv6 substantially reduces the handover latency of MIPv6 since its handover procedure takes over
the movement detection and DAD process from the handover procedures of layer 3 for MIPv6. In Charles,
Johnson[10], designed protocol enhancements of IPv6, known as Mobile IPv6, that allow transparent routing of
IPv6 packets to mobile nodes. In Mobile IPv6, regardless of its current point of attachment to the Internet, each
mobile node is always identified by its home address. While away from its home 1P subnet, a mobile node is
also associated with a care-of address, which indicates the mobile node’s current location. Any IPv6 node are
enabled by mobile IPv6 to learn and cache the care-of address associated with a mobile node’s home address
and to send packets destined for the mobile node directly to it at this care-of address using an IPv6 Routing
header.
In Hyon and Lee[11], proposed Fast Handover procedure in Mobile IPv6 to support real-time and
throughput-sensitive applications. Fast wireless connection between MN and NAR is established by considering
both handovers layers to reduce handover latency. The Fast Handover discussed for Wireless LAN is based on
first triggers. The performance of triggers is analyzed in view of handover timeliness and accuracy. Almost
same performance is obtained by three pre-handover-triggers in the real environment. Melia, Riccardo, Carlos
and Wetterwald [12], mobility management is achieved via the Proxy Mobile IPv6 protocol while optimized
handover control is provided by the integration of the IEEE 802.21 framework with Proxy Mobile IPv6
networks.
Tin, Chieh Chao and Hsiang[13], proposed new technologies to solve bandwidth, security problems.
First, a Security Access Gateway (SAG) is proposed to solve the security issue. SAG not only offers high
calculating power to encrypt the encryption demand of SAG’s domain. But it also helps mobile terminals to
establish a multiple safety tunnel to maintain a secure domain. Second, Robust Header Compression (RoHC)
technology is adopted to increase the utilization of bandwidth. Instead of Access Point (AP), Access Gateway
(AG) is used to deal with the packet header compression and de-compression from the wireless end.
From Charles & David [1], we says that both “sides”, Internet and Cellular Communication have
recognized the promising potential of the Mobile Internet market. IPv6 and Mobile IPv6 are seen as an efficient
and scalable solution for the future Mobile Internet. Co-operation between organizations of the Internet and
Cellular Communication side are established. Magagula et al. [17] used IEEE 802.21 [18] Media Independent
Handover services to support the fast handover. Kong et al. [7], [8] used AAA infrastructure to authenticate the
MN in PMIPv6 networks, but their schemes inherit the packet loss and inefficient authentication problems from
PMIPv6.
Ryu et al. [16] proposed the packet lossless PMIPv6 (PLPMIPv6) that uses a buffer mechanism to
prevent packet loss during handover, but the inefficient authentication procedure of PL-PMIPv6 causes long
handover latency. In addition, the PL-PMIPv6 still suffers from the packet loss problem before the bidirection
tunnel is built between the LMA and the new MAG. In [6], there are many security threats to PMIPv6. The main
problems on PMIPv6 as man-in-the middle attack, message replay attack and impersonation attack. EAP-TLS
[19] can also be applied to the PMIPv6 networks. But EAP-TLS has serious drawbacks. These disadvantages
result in high signaling overhead and long authentication latency. Lee and Chung [20] proposed two secure
authentication procedures for PMIPv6, but they did not take the handover procedure into consideration.
III. FEATURES OF THE MECHANISMS
In Kim and Jeong [14], uses fast handover Proxy Mobile IPv6 (PMIPv6) scheme using the IEEE
802.21 Media Independent Handover (MIH) function is proposed for heterogeneous wireless networks. This
scheme comes to support fast handover for the mobile node (MN) irrespective of the presence or absence of
MIH functionality as well as L3 mobility functionality, whereas the MN in existing schemes has to implement
MIH functionality. That is, this scheme does not require the MN to be involved in MIH related signaling
required for handover procedure. The base station (BS) with MIH functionality performs handover on behalf of
the MN. Therefore, this scheme can reduce burden and power consumption of MNs with limited resource and
battery power since MNs are not required to be involved for the handover procedure. In addition, the proposed
scheme can reduce considerably traffic overhead over wireless links between MN and BS since signaling
messages are reduced.
Charles and Johnson[1], Mobile IPv6 is a protocol enhancements for IPv6, that allow transparent
routing of IPv6 packets to mobile nodes, taking advantage of the opportunities made possible by the design of a
new version of 1P. In Mobile IPv6, each mobile node is always identified by its home address, regardless of its
current point of attachment to the Internet. It is an efficient and deployable protocol for handling mobility with
the new IPv6 protocol, and suitable for use with the coming multitudes of mobile nodes. This protocol is as
lightweight as possible, given the need to be transparent to higher level protocols; among schemes which
propagate updates to any agent on the home subnet, this protocol attempts to minimize the control traffic needed
to effect mobility while nevertheless supplying the necessary information to all IPv6 nodes which need it, in an
event-driven fashion.
2
3. Survey of Secure Password Authentication Mechanism for seamless handover…
Xavier and Torrent-Moreno[18] gives the quantitative results of the improvements provided by HMIPv6 with
respect to handoff latency, packet loss, bandwidth per station and signaling load as well as an indication of the
number of users that could be accommodated depending on the traffic source. These factors were shown to
influence the packet loss rate of HMIPv6, and indicated the points that can be improved in an implementation.
Moreover, here performed a ’stress-test’ of the protocol to investigate the behavior of the protocol under channel
saturation conditions. Hierarchical Mobile IPv6 (HMIPv6) is a localized mobility management proposal that
aims to reduce signaling load outside a predefined domain. The mobility management inside the domain is
handled by a Mobility Anchor Point (MAP). Mobility between separate MAP domains is handled by MIPv6.
Janne Lundberg [15], Mobile IPv6 Fast Handover shortens the period of service interruption period of
service interruption and its Implementation must be done in the context of a link layer. Fast Handovers for
Mobile IPv6 is an internet draft that gives a solution to the problem of packet loss during the handover
procedure of Mobile IPv6. By establishing temporary tunnels between access routers, the draft attempts to solve
the problem. The tunnels are used to forward packets that would otherwise be sent to an address where the
mobile node would not be able to receive them. The solution also allows access routers to temporarily store
packets before they need to be delivered to the mobile node. Fast Handovers for Mobile IPv6 is a protocol that
can, in some situations, solve the problem of frequent and seamless handovers in Mobile IPv6.
Proxy Mobile IPv6 (PMIPv6) [4] being actively standardized by the IETF NETLMM working group
and it is expected to expedite the real deployment of IP mobility management. Network-based mobility
management approach such as PMIPv6 is serving network handles the mobility management on behalf of the
MN. Here MN is not required to participate in any mobility related signaling. Compared to MIPv6 and its
enhancements PMIPv6 has the following salient features and advantages. They are (i) Deployment perspective:
not require any modification of MNs. Be expected to accelerate the practical deployment of PMIPv6. (ii)
Performance perspective: the serving network controls the mobility management on behalf of the MN. So
message can be reduced. (iii) Network service provider perspective: that is not dependent on any accesstechnology-specific protocol, so it could be used in any IP-based network.
Tin, Chieh Chao and Hsiang [13], at present encryption is one of the methods used to solve the security
problem. According to most researches, the longer the encryption bits are in the key, the higher the security
level obtained. Nevertheless, to process a long-bit encryption key requires higher calculating power. While light
and thin mobile terminals cannot produce such high calculating power, the Security Access Gateway (SAG) is
effective in solving this problem. In its own area, the SAG can assist each the equipment to own high calculating
power, fulfill the need to encrypt, and set up a secure domain. To achieve a high security transmitting method
such as P2P, multiple-layered encryption technology is necessary to process two encryption mechanisms. In
order to improve the bandwidth utilization of wireless networks, the Robust Header Compression (RoHC)
technology is adopted. After the RoHC header compression technology compresses the header, a 1 to 2 bytes
Context ID (CID) is produced to replace the original packet header. While compressing the header it will
enlarge the size of each packet’s payload. Early binding updates are used to combine Mobile IPv6 technology
with wireless networks so that users can reduce handover latency while roaming.
In Lei and Fu [9], an analytical model is used to analyze and compare the handover latency of PMIPv6
[4], MIPv6, HMIPv6, and FMIPv6. These analytical studies show that PMIPv6 may cause high handover
latency if the local mobility anchor is located far from the current mobility access gateway. Here evaluating two
most important benefits of introducing PMIPv6 for the localized mobility management through an appropriate
mathematical model. After analytical studies and comparisons on the handover latency and overhead, conclude
that PMIPv6 can achieve fairly good performance but may cause high handover latency. Therefore, some
enhancements for PMIPv6 are suggested to further reduce the handover latency. To alleviate the latency, here
proposed two enhancements to PMIPv6, namely, F-PMIPv6 and MIH-PMIPv6. Based on both theoretical and
numerical analysis, it is identified that F-PMIPv6 can dramatically reduce the handover latency but may cause
higher handover signaling overhead in the network.
VI.
CONCLUSION AND FUTURE WORK
In this research study, proposed a novel secure handover mechanism in PMIPv6 networks. This scheme
used the bicasting scheme to avoid the packet loss and out-of-sequence problems, performed the local
authentication procedure to reduce the handover latency, and used the piggyback technique to decrease the
signaling overhead. Moreover, the SPAM satisfied the following security requirements: anonymity, location
privacy, mutual authentication, stolen-verified attack resistance, no clock synchronization problem, modification
attack resistance, forgery attack resistance, replay attack resistance, choose and change password free, fast error
detection, and session key agreement. The analysis results showed that the proposed scheme provided a better
solution than existing schemes.
In our future work, we will study the following issues.
1) Mobility management in complex environments: we will extend the proposed scheme in more complex
environments (e.g., a nested NEMO environment) and solve the route optimization problem.
3
4. Survey of Secure Password Authentication Mechanism for seamless handover…
2) Proving the robustness of security: we will propose a cryptanalysis scheme to prove that our authentication
mechanism is secure.
3) Considering the roaming situation: we will consider the ticket-based authentication scheme for supporting
the global access technique.
4) Key management: we will provide an efficient key management scheme for secure group communications in
PMIPv6 networks
REFERENCES
[1].
[2].
[3].
[4].
[5].
[6].
[7].
[8].
[9].
[10].
[11].
[12].
[13].
[14].
[15].
[16].
[17].
[18].
[19].
[20].
[21].
[22].
D. Johnson, C. Perkins, and J. Arkko, Mobility Support in IPv6, RFC 3775, Jun. 2004.
H. Soliman, C. Castelluccia, K. ElMalki, and L. Bellier, Hierarchical Mobile IPv6 (HMIPv6) Mobility
Management, RFC 5380, Oct. 2008.
R. Koodli, Ed., Mobile IPv6 Fast Handovers, RFC 5268, Jun. 2008.
S. Gundavelli, K. Leung, V. Devarapalli, K. Chowdhury, and B. Patil, Proxy Mobile IPv6, RFC 5213,
Aug. 2008.
Architecture Enhancements for Non-3GPP Accesses, 3GPP Technical Specifications TS23.402, Mar.
2008.
C. Vogt and J. Kempf, Security Threats to Network-Based Localized Mobility Management
(NETLMM), RFC 4832, Apr. 2007.
K.-S. Kong, W. Lee, Y.-H. Han, M.-K. Shin, and H. You, “Mobility management for all-IP mobile
networks: Mobile IPv6 versus proxy mobile IPv6,” IEEE Wireless Commun., vol. 15, no. 2, pp. 36–45,
Apr. 2008.
K.-S. Kong, W. Lee, Y.-H. Han, and M.-K. Shin, “Handover latency analysis of a network-based
localized mobility management protocol,” in Proc. IEEE Int. Conf. Commun., May 2008, pp. 5838–
5843.
J. Lei and X. Fu, “Evaluating the benefits of introducing PMIPv6 for localized mobility management,”
in Proc. IEEE Int. Wireless Commun. Mobile Comput. Conf., Aug. 2008, pp. 74–80.
Charles E. Perkins David B. Johnson, “Mobility Support in IPv6”.
Hyon G. Kang and Chae Y. Lee, “Fast Handover Based on Mobile IPv6 for Wireless LAN”
Telemaco Melia, Fabio Giust, Riccardo Manfrin, Antonio de la OlivaN and Carlos J. Bernardos,
Michelle Wetterwald5, “IEEE 802.21 and Proxy Mobile IPv6: A Network Controlled Mobility
Solution”
Tin-Yu Wu, Han-Chieh Chao, and Chi-Hsiang Lo, “Providing Efficient Secured Mobile IPv6 by SAG
and Robust Header Compression”, Journal of Information Processing Systems, Vol.5, No.3, September
2009 117.
Pyung-Soo Kim and Jeong Hun Choi, “A Fast Handover Scheme for Proxy Mobile IPv6 using IEEE
802.21 Media Independent Handover”, World Academy of Science, Engineering and Technology 43
2010.
Janne Lundberg, “An Analysis of The Fast Handovers for Mobile IPv6 Protocol”
S. Ryu, G.-Y. Kim, B. Kim, and Y. Mun, “A scheme to reduce packet loss during PMIPv6 handover
considering authentication,” in Proc. IEEE Int. Conf. Comput. Sci. Its Applicat., Jul. 2008, pp. 47–51.
L. A. Magagula, O. E. Falowo, and H. A. Chan, “PMIPv6 and MIHenhanced PMIPv6 for mobility
management in heterogeneous wireless networks,” in Proc. IEEE AFRICON, Sep. 2009, pp. 1–5.
Xavier P´erez-Costa and Marc Torrent-Moreno, “A Performance Study of Hierarchical Mobile IPv6
from a System Perspective” Network Laboratories, NEC Europe Ltd., Kurf¨ursten-Anlage 36, 69115
Heidelberg, Germany.
D. Simon, B. Aboba, and R. Hurst, The EAP-TLS Authentication Protocol, RFC 5216, Mar. 2008.
J.-H. Lee and T.-M. Chung, “Secure handover for proxy mobile IPv6 in next-generation
communications: Scenarios and performance,” Wireless Commun. Mobile Comput., vol. 11, no. 2, pp.
176–186, Feb. 2011.
M.-C. Chuang and J.-F. Lee, “FH-PMIPv6: A fast handoff scheme in proxy mobile IPv6 networks,” in
Proc. IEEE CECNET, Apr. 2011, pp. 1297–1300.
T.-Y. Wu, H.-C. Chao and C.-H. Lo, “Providing efficient secured mobile IPv6 by SAG and robust
header compression,” J. Information Process. Syst., vol. 5, no. 2, pp. 117–130, Jun. 2009.
4