Introduction to Internet Mobility Protocols
Table 5.5 Field name Type Length Challenge
Mobile IP Agent Advertisement Challenge extension Description 24 Length of challenge The challenge value issued by the FA
Table 5.6 Mobile foreign challenge extension Field name Type Length Challenge Description 132 Length of challenge The challenge from latest registration reply or from Mobile IP agent advertisement challenge extension of the latest agent advertisement by the FA
request. Since the challenge has a finite lifetime and can only be used once, the FA can be sure that the registration request is not replayed by illegitimate nodes later on. The details are as follows. According to RFC 3012, the FA includes the challenge within its periodic or solicited Mobile IP agent advertisement messages. The challenge is added inside a Mobile IP Agent Advertisement Challenge Extension as shown in Table 5.5. When the MN is ready to send a registration request towards the HA through the FA, the MN includes the latest challenge value inside a so-called mobile-foreign challenge extension and adds this extension to its registration request message. The format for the mobile-foreign challenge extension is shown in Table 5.6. Caveat: Key Establishment Almost all the security protection mechanisms mentioned above require the establishment of trust relationships and secret keys between the mobile node and mobility agents. We devote an entire chapter ( 8) to describing the use of AAA infrastructure for this trust establishment process for Mobile IP and hence will not go into the details here.
5.2 Shortcomings of Mobile IP Base Specification
Mobile IP specification has developed over many years of evolution. The IETF RFCs have been revised several times to cover issues that have been pointed out for Mobile IP operation. Furthermore, the specification for IPv4 is different from the specification for IPv6. We do not cover Mobile IPv6 specification in this text and refer the reader to the end of this chapter for more references on Mobile IPv6. Also, as mentioned above, the security procedures for Mobile IP may require interaction with AAA servers. The support for this interaction is being standardized outside the scope of Mobile IP base specification as will be described in 8.
AAA and Network Security for Mobile Access
Issues related to full mobility support are many and complicated and cannot be covered in a small text such as this. To name a few things that we do not cover in this chapter, we would mention interaction of mobile and VPN gateways, traversal of Mobile IP traffic through network address translation boxes and network mobility and refer the user to the end of the chapter and the related IETF work in the area. In the remainder of this section we will discuss many Mobile IP issues such as address, HA and key bootstrapping. We also briefly discuss the performance issues for Mobile IP, when handover latency can be an issue and cover the fast handover methods that have been suggested to alleviate these problems. In the rest of this chapter we describe some protocols that are complementary to Mobile IP in providing seamless mobility experience for moving users.
5.2.1 Mobile IP Bootstrapping Issues
The original design of Mobile IP assumed that, each mobile node would be assigned a fixed home address (HoA) tied to a pre-specified home agent. Since then experience has shown that these assumptions place several restrictions on the deployment of Mobile IP and for a variety of reasons that will be explained shortly, it may be more practical to perform the HoA and HA configuration dynamically. According to the ongoing standardization work in IETF [MIPBOOT], bootstrapping is defined as the process whereby the mobile node obtains enough information so that it can successfully register with a Mobile IP home agent. This information generally includes the mobile node s home IP address, the home agent address and the security credentials required to protect Mobile IP registration signaling. Depending on the amount of information the mobile node has available, the bootstrapping process may include any or all of the following:
