A Mobile Host Protocol Supporting Route Optimization and Authentication

One-line summary: This paper describes a variant of mobile-IP that supports authentication and security levels equal to today's internet security, and a migration path for strong authentication for the happy day that key-distribution and management protocols arrive in the internet.

Overview/Main Points

• Mobile IP revisited: The infrastructure described consists of the usual mobile hosts, home agents, local agents (aka foreign agents), and cache agents ( which are used to provide route optimization). The protocol spoken between these agents is called the Internet Mobile Host Protocol (IMHP). The combination of a mobile host's home address and care-of-address is known as a binding.
• Authentication: All updates to bindings must be authenticated to thwart bad guys. The home agent and mobile host have a manually configured shared key, so strong authentication is trivially possible. Local agents give mobile hosts temporary shared keys, so authenticated binding revocations to old local agents are possible. Local agents also authenticate visitor list entries by verifying that the home agent has a binding indicating that the mobile host is visiting that local agent. Local agents and cache agents generate random numbers included in management requests to home agents; home agents include this random number in replies. Thus, only hosts directly between querying agents and the home agent can play tricks, which is the same as the current internet.
• Binding management: Bindings in home agents, local agents, and cache agents all time out, and must be refreshed to remain valid. Also, lazy invalidation of cache agents' bindings is performed when an old, invalid binding is detected. Furthermore, binding notifications are sent back to previous routers when the unoptimized dog-leg route is detected, in the hope that the previous routers implement a cache agent.

Relevance

Flaws

• This paper doesn't deal with privacy or end-to-end encryption. It is true, however, that these issues are orthogonal to the authentication issues in the paper.