With the fast growing in the Numberss of the nomadic and hand-held devices that are connected to the cyberspace, the current IPv4 protocol is non able to cover all theses growing figure of IP references. This is why the Internet Protocol IPv6 has been developed.
Mobile IPv6 is an indispensable compulsory characteristic of the IPv6 that has been built to enable mobility for nomadic device in IP webs. Mobile IPv6 specification is still incomplete, so the protocol most likely will has some alterations in the hereafter. Security of nomadic IPv6 is an indispensable portion ; it will be discuss in item in this chapter.
In add-on of the mobility characteristic for the nomadic IPv6, IPSec is besides a compulsory characteristic that is required for IPv6 to supply informations security and services for communicating in IP webs and application bed protocols of TCP/IP. IPSec is used to protect Mobile IPv6 from the security menaces, but there are still some issues that need to be solved.
6.1 Differences between MIPv4 and MIPv6
MIPv6 is the following coevals criterion for Mobile IP after MIPv4, the followers is the chief differences between MIPv4 and MIPv6:
Foreign agent, MIPv6 rely on DHCP ( dynamic host constellation protocol ) waiter or router advertizements on the foreign web to acquire a care-of reference ( CoA ) , this scenario make the nomadic device to run in any topographic point without necessitating any extra support from the local router, because it does non depend on the foreign agent to publish the care-of reference as in MIPv4.
Home agent reference find, IPv6 is has a characteristic called anycast that send informations to the nearest or best receiving system. With this characteristic nomadic device can direct update to the place agent any dramatis personae reference. In this instance, if there are multiple place agents on the web, the nearest place agent will direct the response to the nomadic device. By this characteristic, scalability and redundancy can be provided to the web by maintaining track several place agents.
Security, Both Mipv6 and Mipv4 provide informations security by utilizing Virtual Private Network ( VPN ) solution. Once the nomadic device going outside its place web and connecting to the foreign web ; Mipv4 use IPSec v4 ( Internet Protocol Security ) and VPN Solution. Mipv6 usage IPSec v6 and VPN solution.
Route Optimization, When the nomadic device leave its ain web and connect to other web, it acquire a new care-of reference and so inform the place agent with this reference, so the place agent record the new Care-of reference in its binding tabular array. MIPv6 has direct routing package characteristic that routing between nomadic device and the letter writer nodes that existed on the IPv6 web. All packages destined to the nomadic device place reference will be intercept by the place agent so burrow them to its Care-of reference. In instance of MIPv4 traffic between letter writer node and the nomadic device must travel through the place agent. But in instance of MIPv6 the letter writer node caches the Care-of reference by utilizing route optimisation MIPv6 and so transfers the packages straight to the nomadic device as it shown in the figure 1 [ 1 ] .
Figure- 1 Route Optimization in MIPv6
6.2 Mobile IPv6 Security Threats
Mobile IP v6 has been developed to supply mobility and security for IPv6 every bit same as MIPv4. MIPv6 introduce different security menaces as following [ 3 ] :
1. Menaces against Binding Updates sent to place agents: a aggressor might claim that a certain nomadic device is presently at a different location than it truly is. If the place agent accepts the information sent to it as is, the nomadic device might non acquire traffic destined to it, and other nodes might acquire traffic they did n’t desire.
2. Menaces against route optimisation with analogous nodes: A malicious nomadic device might lie about its place reference. A malicious nomadic device might direct a letter writer node adhering updates in which the place reference is set to the reference of another node, the victim. If the letter writer node accepted this forged binding update, so communications between the letter writer node and the victim would be disrupted, because packages that the letter writer node intended to direct to the victim would be sent to the incorrect care-of reference. This is a menace to confidentiality every bit good as handiness, because an aggressor might airt packages meant for another node to itself in order to larn the content of those packages. A malicious nomadic device might lie about its care-of reference. A malicious nomadic device might direct a letter writer node adhering updates in which the care-of reference is set to the reference of a victim node or an reference within a victim web. If the letter writer node accepted this forged binding update, so the malicious Mobile could flim-flam the letter writer into directing informations to the victim node or the victim web ; the letter writer ‘s answers to messages sent by the malicious Mobile will be sent to the victim host or web. This could be used to do a distributed denial of service onslaught ; the malicious Mobile could flim-flam a big figure of waiters so that they all send a big sum of informations to the same victim node or web.
A malicious node might besides direct a big figure of invalid binding updates to a victim letter writer node. If each invalid binding update took a important sum of resources ( such as CPU ) to procedure before it could be recognized as shut-in, so it might be possible to do a denial of service onslaught by directing the letter writer so may invalid adhering updates that it has no resources left for other undertakings.
An aggressor might besides play back an old binding update. An aggressor might try to interrupt a nomadic device ‘s communications by play backing a binding update that the node had sent before. If the old binding update was accepted, packages destined for the nomadic node would be sent to its old location and non its current location.
3. Menaces where MIPv6 letter writer node functionality is used to establish contemplation onslaughts against other parties. The Home Address Option can be used to direct response traffic against a node whose IP reference appears in the option, without giving a possibility for immersion filtering to catch the bad “ return reference ” .
4. Menaces where the tunnels between the nomadic device and the place agent are attacked to do it look like the nomadic node is directing traffic while it is non.
5. Menaces where IPv6 Routing Header — which is employed in MIPv6 — is used to besiege IP-address based regulations in firewalls or to reflect traffic from other nodes. The generalization of the Routing Header allows the sort of use that opens exposures, even if the use that MIPv6 needs is safe.
6. The security mechanisms of MIPv6 may besides be attacked themselves, e.g. in order to coerce the participants to put to death expensive cryptanalytic operations or apportion memory for the intent of maintaining province.
Most of the above menaces are concerned with denial of service. Some of the menaces besides open up possibilities for man-in-the-middle, highjacking, and caricature onslaughts.
6.3 Procuring the Binding Update:
MIPv6 is a host routing protocol, developed to modify the normal routing for a specific host. As it changes the manner of directing packages to the host [ 4 ] . The adhering update state a letter writer node of the new care-of reference, a letter writer node authenticate the binding update and verifying that it doesnaa‚¬a„?t from the manipulated node. In order to successfully authenticate the update the nomadic device and the letter writer node need to set up security association and portion secret key.
IPSec in conveyance manner is used between place agent and its nomadic device in order to procure the MIPv6 message such as adhering update.
Mobile IP is used to keep communications while the IP reference is altering. Mobile IPv6 is much optimized and deployable than Mobile IPv4, like direct communicating between the letter writer node and nomadic device, even though Mobile IPv6 is still uncompleted ; the issues have been with the security of the protocol.