SUBRAMANYAM V ET AL: “Security in mobile systems” Reliable Distributed Systems, 1998, Proceedings, Seventeenth IEEE Symposium on West Lafayette, Ind., USA 20–23 Oct. 1998, Los Alamitos, Calif., USA, IEEE Comput. Soc, US, Oct. 20, 1998 (1998–10–20), pages 407–412, XP010319125 ISBN: 0-8186-9218-9, discusses requirements for mobility in a network and the expansion of existing security schemes. For users, it can be important to have round-the-clock access to information in a network, even when they are mobile, for example, a doctor who constantly needs to monitor the health of a patient. Communication in such cases typically takes place over wireless connections and it is difficult to guarantee security during the exchange of messages. Typical objectives for secure computing in the past were the archiving of confidentiality, integrity, availability, legitimacy and accountability.
Quality of Service (QoS) mechanisms guarantee service characteristics, such as the end-to-end run time, etc., in networks that support mobile Internet communication. In these networks, the mechanisms are exposed to the threat of what are called “Denial of Service” (DoS) attacks aimed at reducing the availability of services for legitimized users. A threat resides in the fact that QoS signaling mechanisms are used to activate mobile nodes for queries to a network, which is equivalent to a reservation of resources. If the network cannot effectively check the “credibility” of QoS queries, for example by querying the origin and authorization of an query from a mobile node, the performance of the network can be reduced due to bogus QoS queries. A mobile radio terminal leaves, for example, its home network and switches to a network with HMIPv6 interface and an AAA architecture. In the process, it is assumed that a security association (SA) always exists between the mobility anchor point (MAP) and each access router (AR), between the local AAA server (AAAL) and each access router (AR), between the MAP and the AAAL, and between one access router and the other access routers. Once a mobile radio terminal has successfully registered, its authentication and authorization information (AA) is stored in a local AAA server (AAAL) and its identity is known to the MAP and to the access router (AR) with which the mobile radio terminal first registered. Thereafter, the mobile radio terminal can move between the coverage areas of the access routers (AR) without any interruption to a communication. In order to optimize the intra-domain handover, the waiting time (latency) for the registration with the individual access routers must be minimized as far as possible.
Generally, DoS attacks prevent or block normal usage or administration of communication facilities (or other services). In most cases denial-of-service (DoS) attacks have a specific objective. Thus, for example, DoS attacks can cause the collapse or shutdown of the entire network or a degradation of performance by overloading the network with a high number of transmitted bogus messages. All mobile radio terminals in an access network can send QoS queries to all nodes along the communication path in order to reserve resources. This means that attackers, too, can send QoS queries in the access network. For this reason an access device, such as, say, an access router, must check the “credibility” of a QoS query from a mobile radio terminal before it processes the query further. If an access device does this with the aid of the local AAA server prior to the start of the reservation process, there is a significant waiting time for the re-registration process. When a mobile radio terminal switches from the coverage area of one access router to the coverage area of a different access router in the access network (intra-domain handover), no interruptions should ensue between mobile radio terminal and access network. While the mobile radio terminal maintains the connection to the first access router, it initiates a new registration process with a further access router by sending binding update (BU) messages. If no check is made beforehand to verify whether the mobile radio terminal is a registered user in the access network, attackers can overload the access network therewith, for example by wasting computing capacity with queries concerning authentication and authorization or by reserving resources for bogus queries, etc.