1. Field of the Invention
The present invention relates generally to authenticating address ownership in a mobile communication system and, more particularly, to authenticating address ownership using a Care-of Address (CoA) binding protocol of a mobile Internet Protocol version 6 (IPv6) host.
2. Description of the Related Art
Address ownership refers to a procedure of proving a host having an IPv6 address to be an authorized or legitimate user of the IPv6 address which is not maliciously altered or tampered.
Particularly, a problem on the IPv6 address ownership becomes weaker to hosts, such as mobile IPv6 hosts that make use of a care-of address (CoA) while moving between networks. In order to prove ownership of an IPv6 address of the mobile IPv6 host, an additional message exchange and an overhead are required between a home agent (HA) and a correspondent node (CN).
When the mobile IPv6 host moves from a home network to a foreign network, it obtains a network prefix of the foreign network through a router solicitation (RS) message and a router advertisement (RA) message. In order to create the CoA through address auto-configuration and resolve a triangle route problem being questionable in a mobile IPv4, the mobile IPv6 host registers, i.e., binding-updates, the CoA with the HA and the CN. When the CoA is registered, the mobile IPv6 host can directly communicate data with the CN without a function of data tunneling of the HA.
In a procedure where a mobile node moves to a foreign link to bind a CoA and performs communication, when a mobile node (MN) communicating with an arbitrary correspondent node (CN) moves from its own home network to an arbitrary foreign link (FL), the MN transmits a router solicitation (RS) message to the FL. The FL then transmits a router advertisement (RA) message to the MN. The MN obtains a network prefix of the FL from the RA message, and creates a CoA to be used in the FL through address auto-configuration.
Then, the MN transmits a binding update message to the HA to inform it that it has moved to the FL.
When the HA receives the binding update message from the MN informing it that the CoA is allocated from the FL as the MN moves to the FL, the HA stores the CoA contained in the binding update message received from the MN together with a home address of the MN, and transmits a binding acknowledgment message to the MN informing it that a binding of the CoA to the MN has been carried out normally.
Then, the HA tunnels data transmitted from the MN to the CN before the MN binds the CoA to the CN, and tunnels data transmitted from the CN to the MN.
Next, the MN transmits a binding update message to the CN in order to perform a binding update of the CoA.
The CN receives the binding update message from the MN to perform the binding update, and then transmits a binding acknowledgment message to the MN.
As a result, both the MN receiving the binding acknowledgment message from the CN and the CN form a tunnel therebetween, and transceive the data through the formed tunnel.
However, when a malicious mobile IPv6 host binds a wrong CoA to the CN while the MN creates the CoA and registers it with the HA, an authorized IPv6 host having a home network address which the malicious IPv6 host is disguising can not communicate with the CN.
This is because the mobile IPv6 host fails to prove ownership of its own IPv6 address used in the process of registering the CoA with the HA and the CN.