This invention relates in general to security protocols for authenticating networks offering connectivity to mobile nodes. The security protocols according to the present invention builds upon the AAA framework and uses the public key encryption as an authentication mechanism.
The growing dependence on instantaneous personal communication devices is creating huge demand for global wireless communication capabilities. The role of wireless has gone well beyond the traditional voice and paging mobile radio services of a few short years ago. The International Telecommunication Union (ITU) of the Internet Society, the recognized authority for worldwide data network standards, has recently published its International Mobile Telecommunications-2000 (IMT-2000) standard. The standard proposes so-called third generation (3G) and beyond (i.e., 3.5G, 4G etc.) data networks that include extensive mobile access by wireless, mobile nodes including cellular phones, personal digital assistants (PDAs), handheld computers, and the like. In the proposed third generation and beyond networks, mobile nodes are free to move and allowed to change their points of attachment from one network to another while maintaining access to network resources. For that purpose, such data networks must be designed to provide mobility support for facilitating addressing of roaming mobile nodes, dynamic rerouting of data packets to such roaming mobile nodes over the networks, and most importantly authentication between such roaming mobile nodes and their visited networks.
The Internet Engineering Task Force (IETF), an international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet, have proposed several standards for mobility support. These include proposed standards for IP Mobility Support such as IETF RFC 2002, also referred to as Mobile IP Version 4 (IPv4), and draft working document <draft-ietf-mobileip-ipv6-13> entitled “Mobility Support in IPv6,” also referred to as Mobile IP Version 6, both of which are incorporated herein by reference.
According to the protocol operations defined in Mobile IPv4 and IPv6, while maintaining access to network resources, a mobile node is allowed to move over networks and change its point of attachment from one network to another. This operation is referred to as “Layer 3 (L3) handoff” and should be distinguished from Layer 2 (L2) handoff in which a mobile node changes its link layer connection from one access point to another within the same network. An L3 handoff is necessarily accompanied by an L2 handoff but not vice versa. Mobile IPv4 and IPv6 provide mechanisms to be used for the L3 handoff operation. In both Mobile IPv4 and IPv6, the handoff operation begins with the process of locating a next agent or router for a mobile node to handoff to. In Mobile IPv4, this process is called “Agent Discovery,” in which a mobile node searches for mobility agents offering connectivity. Mobility agents advertise their presence periodically. By listening to the Agent Advertisement messages from nearby mobility agents, the mobile node can detect the agent to which it is currently connected or candidate agents to which it may be able to handoff. A mobile node may solicit Agent Advertisements from nearby mobility agents by broadcasting an Agent Solicitation. In Mobile IPv6, the same process is called “Neighbor Discovery” in which Routers offer connectivity through Router Advertisements. A mobile node may solicit Router Advertisements from nearby routers by broadcasting a Router Solicitation.
Of central importance in the L3 handoff operation is registration. A mobile node is always addressable by its “home address,” an IP address assigned to the mobile node by its home agent on the home link or chosen by the mobile node itself. While situated away from its home on a foreign link, however, a mobile node is configured with a care-of address which indicates the mobile node's current point of attachment to the Internet. In Mobile IPv4, the care-of address is the address of the foreign agent, and the mobile node operating away from home registers its care-of address with its home agent. The home agent that has received a registration request then intercepts packets destined for the mobile node and routes the packets to the mobile node's care-of address. In Mobile IPv6, a mobile node away from home sends a binding update request to its home router and a corresponding node in communication. The corresponding node that has received the binding update request then sends packets directly to the mobile node without routing them through the home router.
A crucial security issue arises when a mobile node is going to handoff from a first network to a second network. The second network has to be authenticated to the mobile node so that it does not get tricked into operating a malicious environment. For instance, fast handoffs, as a mobile node moves from one network to another, are crucial in providing good, continuous service to users. However, it has been pointed out that there may be rogue foreign agents or routers which try to deter a mobile node from achieving a fast handoff by sending bad Advertisement messages. An example of such a bad Advertisement message is one that contains false information that tricks the mobile node into believing that it is preferable to connect to the advertising foreign agent or router over others, yet it is not in reality. A mobile node lured to attempt to register with such a malicious agent or router would probably result in failing to register after a number of registration attempts. Even if a mobile node is successful registering with such a foreign agent or router, the mobile node may suffer poor connectivity or poor service.
Currently, there are numerous authentication mechanisms implemented and deployed for various access technologies. Examples include authentication of PPP and 802.11 networks. However, these approaches do not provide a universal solution because these are link-layer solutions and applicable only to specific access technologies. In this regard, a network-layer level solution is clearly preferable. A network-layer level solution should stand valid no matter what access technology is used in the link layer operating beneath it. Although being an L3 approach, IPSec authentication service cannot be a viable solution for authenticating a network and a mobile node to each other in the L3 handoff situation. IPSec authentication is predicated on a pre-existing security association between two entities. It cannot be assumed that a given foreign agent or router will have a security association with every mobile node that receives its Advertisements, or alternatively, a given mobile node will have a security association with every nearby foreign agent or router sending Advertisements.