1. Field of the Invention
The present invention relates to a method, a mobile node and a correspondent node, for supporting anonymity of the mobile node while in a session with the correspondent node.
2. Description of the Related Art
Mobile IP version 4 (Mobile IPv4, Mobile IP, MIPv4 or MIP) and the current version of Mobile IPv6 (MIPv6) are built to provide mobility to a host or Mobile Node (MN). The other nodes, usually referred to as Correspondent Nodes (CN), are usually seen as fixed hosts. Reference is now made to FIG. 1, which shows a MIPv6 network architecture as suggested by the current MIPv6 specification found in an Internet Engineering Task Force (IETF)'s Request For Comment (RFC) number 3775. As can be seen in FIG. 1, an IP network 100 comprises a MN 110 in communication with a CN 120 on a link that provides a direct path 122. The direct path 122 is unlikely to be composed of only one direct physical connection, but rather represents a series of links between routing equipments transparently enabling the communication therebetween. The way the series of links is used to transport traffic between the MN 110 and the CN 120 is irrelevant as long as IP communication therebetween can be established.
The MN 110 has a permanently assigned, 128-bit home address valid in its home network 127, which home address is allocated upon initialization of the MN 110 in the home network 127. The home address comprises a subnet prefix, which is 64-bit long, and an interface identifier, which is also 64-bit long. The allocation mechanism is well-known in the prior art. The MN 110 is further in communication with a Home Agent (HA) 130 located in its home network 127. Among other functionalities, the HA 130 keeps record of a foreign address of the MN 110 valid outside the home network 127. The foreign address is called Care-of-Address (CoA) in the context of MIPv6, and also comprises 128 bits. The CoA assigned to the MN 110 changes in time as the MN 110 moves from one network to another. The record kept by the HA 130, referred to as binding in the context of MIPv6, ties the CoA to the home address. A Binding Cache Entry (BCE) comprising the home address and the CoA of the mobile node is also kept in the CN 120 for the purpose of reaching the MN 110. The HA 130 is also responsible for routing traffic received at the home address to the MN 110. The traffic received is forwarded by the HA 120 on a link 125 toward the MN 110. All traffic sent on the link 125, in accordance with MIPv6, is encrypted to ensure, among other things, confidentiality of credentials periodically exchanged between the MN 110 and the HA 130.
The following lines summarize how the MIPv6 concept applies in a typical situation. For example, the MN 110 is in bidirectional IP session, with the CN 120 on the direct path 122. When the MN 110 moves from a first home network to a visited network, as illustrated by an arrow 135 on FIG. 1, the MN 110 acquires a first CoA. This modification in addressing state of the MN 110 must be advertised to the CN 120. In order to advertise the acquisition of its first CoA, the MN 110 sends a first BU, comprising the HoA, the first CoA and a 64-bit sequence number (SQN), to the CN 120 on the direct path 122. The CN 120, upon reception of the first BU creates a BCE for the session, where it stores the HoA, the first CoA and the SQN. The CN 120 then sends a first BA to the MN 110. Reception of the first BA at the MN 110 indicates a successful completion of the advertisement of the modification of the addressing state.
When the MN 110, while the session is still ongoing, moves to a second visited network, it acquires a second CoA and sends to the CN 120 a second BU carrying the second CoA. The second BU also comprises the HoA and a new SQN, whose value is monotonically increased over the earlier SQN. The CN 120 recognizes the BCE for the session by use of the HoA. The CN 120 updates the BCE by overwriting the first CoA with the second CoA and by overwriting the SQN with the newly received SQN. The CN 120 refuses the second BU if it comprises a SQN that is not monotonically increased over the sequence value previously stored in the BCE. The SQN is meant to provide a protection against a malicious node that might want to overtake the session by sending a BU with the HoA of the MN 110 and a different CoA for the malicious node. The malicious node might not send the proper SQN and thereby be detected. However, the protection offered by the SQN is marginal at best: a malicious node may send any number of false BUs with various SQN values until one BU is accepted and responded with a BA.
Another problem with the aforementioned method of informing the CN 120 of movements of the MN 110 is that the HoA and the various CoA values assigned to the MN 110 are disclosed on the direct path 122 carrying the various BU messages. A malicious node located on this path would be able to identify the MN 110 and to trace in real time its movements across the Internet. This type of activity would constitute a serious violation of the privacy of the MN 110.
There would be clear advantages of having a method, a mobile node and a correspondent node for providing a capability for the correspondent node to avoid disclosing an identity of the mobile node to any third party and to avoid an attack from a node pretending to be the legitimate mobile node.