The present invention relates generally to the Mobile Internet Protocol for providing Internet access to mobile nodes (e.g., mobile terminals) and, more particularly, to enhanced cryptographically generated addresses for secure route optimization in the Mobile Internet Protocol (MIP).
The Internet provides access to information resources worldwide. Users typically gain access to the Internet from a fixed station located in the home, office, school, or other location. Laptop computers and other portable computing devices provide a first step toward mobile Internet access by allowing the user to connect to the Internet through any connection point offered by the user's service provider. Some service providers, such as America Online (AOL), offer nationwide and/or worldwide access networks for their subscribers. However, laptop computers do not provide true mobile Internet access because the laptop's connection to the Internet during any given session is fixed. True mobile access would allow the user to move freely and change the point of connection to the Internet without disrupting service.
The Mobile Internet Protocol (Mobile IP or MIP) allows a mobile node (MN), such as a cellular phone, smart phone, personal digital assistant, laptop computer, or similar device, to access the Internet via a mobile communication network. Mobile IPv4 (MIPv4) is described in the Internet Engineering Task Force (IETF) Request For Comments (RFC) 3344. Mobile IPv6 (MIPv6) is described in IETF RFC 3775. The Mobile IP protocol solves the problem of host mobility by using two IP addresses for a mobile node: a fixed home address (HoA) that remains the same regardless of the location of the MN and a “care of” address (CoA) that changes depending on the location of the MN. The home address (HoA) is associated with a home agent (HA) in the MN's home network that provides mobility services. When a MN is away from its home network, the MN sends a binding update (BU) to its HA to bind the current care of address (CoA) to the home address (HoA). A tunneling protocol can be used to establish a link between the HA and the care of address (CoA). The HA then forwards packets for the MN to the care of address (CoA), thereby allowing the MN to roam freely within a mobile communication network and to change its point of connection to the Internet without disruption of service.
MIPv6 currently defines two modes of operation: bi-directional tunneling and route optimization (RO). Bi-directional tunneling requires all data packets sent to or from the MN to be routed through the HA. The bi-directional tunneling mode is inherently inefficient, particularly when the MN and the correspondent node (CN) are located near one another compared to the HA. Route optimization avoids some of the inefficiencies of bi-directional tunneling by allowing data packets to be sent directly between the MN and CN. While route optimization offers advantages over bi-directional tunneling in terms of reduced messaging overhead and reduced bandwidth requirements, it is not very secure and opens the door to numerous security threats. More particularly, the lack of pre-shared information between the MN and the CN makes security in route optimization a difficult challenge. MIPv6 adopts the return routability (RR) mechanism, which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works have attempted to solve the multiple security issues in RR but either their design is flawed or they rely on unrealistic assumptions.
Accordingly, it would be advantageous to provide a secure route optimization procedure that eliminates or reduces the security threats.