1. Field of the Invention
The invention is related to mobile communications systems. More specifically, it relates to location privacy and route optimization for mobile communication based on the Mobile Internet Protocol (Mobile IP) or similar protocols.
2. Description of the Related Art
The invention is described for the example of the Mobile Internet protocol Version 6 (Mobile IPv6). It is, however, also applicable to other protocols defining equivalent entities corresponding to the described entities of the Mobile IP.
Mobile IPv6 currently defines two modes of operation: bi-directional tunnelling and route optimization. While the former mode requires all data packets to be routed over the home agent of the sending mobile node, the latter utilizes the direct path between mobile node and correspondent.
If a Mobile Node (MN) moves between subnets, it must change its IP address to a topologically correct one. The reason is the hierarchical routing structure of the Internet, i.e. the IP addresses do not only serve identification purposes, but also contain location information. However, since connections on higher layers such as TCP are defined with the IP addresses (and port) of the communicating nodes, the connection breaks if one of the nodes changes its IP address, e.g. due to movement.
Mobile IPv6 [D. Johnson, C. Perkins, J. Arkko, “Mobility Support in IPv6”, IETF RFC 3775, June 2004] is a layer 3 mobility protocol that enables Mobile Nodes (MNs) to move between subnets in a transparent manner for higher layers, i.e. without breaking higher layer connections. To this end, a MN uses two IP addresses: a Care-of-Address (CoA) and a Home Address (HoA). The MN's higher layers use the HoA for communication with the Correspondent Node (CN). This address does not change and serves the purpose of identification of the MN. Topologically, it belongs to the Home Network (HN) of the MN. In contrast, the CoA changes on every movement resulting in a subnet change and is used as the locator for the routing infrastructure. Topologically, it belongs to the network the MN is currently visiting. One out of a set of Home Agents (HA) located on the home link maintains a mapping of the MN's CoA to MN's HoA and redirects incoming traffic for the MN to its current location. Fur the purpose of redundancy and load balancing, a set of HAs may be used instead of a single HA.
Mobile IPv6 currently defines two modes of operation: bi-directional tunnelling and route optimization. If bi-directional tunnelling is used, data packets sent by the CN and addressed to the HoA of the MN are intercepted by the HA in the home network and tunnelled to the CoA of the MN. Data packets sent by the MN are reverse tunnelled to the HA which decapsulates the packets and sends them to the CN. For this operation, only the HA must be informed about the CoA of the MN. Therefore, the MN sends Binding Update (BU) messages to the HA. These messages are sent over an IPsec security association and thus are authenticated. Since the CN is not aware of the CoA of the MN, it cannot derive the location of the MN and thus location privacy is provided. However, if the MN is far away from the home network and the CN is close to the MN, the communication path is unnecessarily long, resulting in inefficient routing and high packet delays.
Note that different types of location privacy can be distinguished. The one this invention aims at is hiding the MN's location (and thus CoA) to the CN. Other types are hiding the location to eavesdroppers or preventing tracking of the MN's location.
The route optimization mode can prevent the described inefficiency by using the direct path between CN and MN. Therefore, the MN sends BU messages to the CN, which then is able to directly tunnel packets to the MN (actually, a type 2 routing header is used instead of an IP-in-IP tunnel). Of course, the CN has to support Mobile IPv6 route optimization. To authenticate the BU message, the MN and the CN perform a so-called return routability procedure, which tests the reachability of the MN at the HoA and CoA and generates a shared session key. However, since the CN learns the CoA of the MN by means of the BU message, it can derive its location, i.e. location privacy is not provided.
A mechanism that provides both location privacy and route optimization is certainly desirable, since interactive applications such as VoIP require short packet delays. Various approaches can be used to achieve this goal, some of them designed for other purposes. However, all of them introduce new infrastructure components (or require changes to existing components) in the visited networks. If the current visited network does not provide such components, location privacy and route optimization is not available, meaning that privacy-protected interactive communication may not be possible. A global deployment of such new components, i.e. in each access network, may take long time or may even never be accomplished. Other solutions only provide location privacy in one direction, i.e. location information is revealed only to at least one of the nodes if both communication partners are mobile. Some other solutions have scalability issues when deployed in large scale. A solution is desired that does not require the introduction of new or modified components in the visited network, works also when both communication partners are mobile and does scale well with respect to deployment. This invention describes such a solution.
Approaches that introduce new infrastructure components are Hierarchical Mobile IPv6 (HMIP), Access Router Encapsulation Caches (AREC), Optimized Route Caches (ORC), Global Home Agent to Home Agent Protocol (GlobalHAHA), WO03041358, WO2004010668 and US2005041675. These approaches are briefly described in the following.
HMIP [Hesham Soliman, Claude Catelluccia, Karim El Malki, Ludovic Bellier, “Hierarchical Mobile IPv6 mobility management (HMIPv6)”, IETF Internet Draft draft-ietf-mipshop-hmipv6-04.txt, December 2004] was developed to reduce the latency and signalling overhead occurring due to BU messages sent to a HA (potentially being far away). Therefore, a local mobility handling is proposed by introducing a hierarchy of Mobility Anchor Points (MAP) in the visited network. The MN only needs to register its CoA with the local MAP. An additional CoA, the so-called Regional CoA (RCoA), is obtained from the MAP's subnet and used by the MAP to hide the MN's mobility within the MAP's region from the HA (or the CN in case of route optimization). Since the HA or the CN still knows the RCoA, full location privacy support is not given. However, because the geographical region that can be derived from the RCoA is larger than the region that can be derived from the actual CoA, this can be regarded as limited location privacy support.
AREC [WO2004055993] [G. Krishnamurthi, H. Chaskar, R. Siren, “Providing End-to-End Location Privacy in IP-based Mobile Communication”, IEEE WCNC, March 2004] requires modifications in every Access Router (AR) of every visited network. Assuming that binding information is provided to the current ARs of the CN and MN, respectively, data packets can be tunnelled between both ARs without involvement of an HA, the CN or the MN. This way, the direct, i.e. shortest, route between MN and CN is used and location privacy is supported. A very similar approach is presented in WO2004010668.
ORC [Ryuji Wakikawa, “Optimized Route Cache Protocol (ORC)”, Internet Draft draft-wakikawa-nemo-orc-01.txt, October 2004] was developed for route optimization in mobile networks (NEMO) and requires modifications to edge routers of visited networks, including the provision of binding information. The MN tunnels data packets to the edge router of the CN's current network (assuming that the CN is mobile) and the CN can tunnel data packets to the edge router of the MN's current visited network. To be able to tunnel the packets to the edge routers, each node needs to know the IP address of the correspondent edge router, which again reveals location information about the correspondent MN.
GlobalHAHA [P. Thubert, R. Wakikawa, V. Devarapalli, “Global HA to HA protocol”, IETF Internet Draft draft-thubert-nemo-global-haha-00, October 2004] distributes HAs in the Internet that are usually bound to the home link by letting multiple HAs advertise routes to the home network prefix from different topological locations. A MN can bind to the closest HA, which serves as proxy HA, resulting in an optimized route. Location privacy is given if bi-directional tunnelling is used. However, if every visited network advertise routes to all other networks (all being home networks for some MNs), routing scalability issues may arise, since the address hierarchy is not given anymore. Also, the distributed home network must manually be configured as such. An secure on-demand configuration is not supported.
In WO03041358 so-called Location Privacy Agents (LPA) and Location Privacy Servers (LPS) are introduced in every network. The MN sends a location privacy request message to its LPA, which then selects an LPA that is close to the CN. The address of this LPA is then given to the MN, which then sends a BU message to this LPA. Hence, the approach is similar to the ORC approach: since the LPA is close to CN's network, it knows the location of CN to some extend, which breaks location privacy support if the CN is mobile.
In US2005041675 and WO2004043010 location privacy is achieved by cryptographically modified prefixes of IP addresses. Since the prefix is usually used by a router to route IP packets, this approach requires the modification of all routers in the Internet.
In WO03044626, multicast addresses are used as CoA. Since they do not include any location information, location privacy support is given even in route optimization mode. However, this solution does not scale with the number of MNs, since a large-scale deployment would result in a flat routing in the Internet.