Back to index
A Mobile Host Protocol Supporting Route Optimization and Authentication
Andrew Myles, David B. Johnson, and Charles Perkins
One-line summary: This paper describes a variant of mobile-IP
that supports authentication and security levels equal to today's internet
security, and a migration path for strong authentication for the happy day
that key-distribution and management protocols arrive in the internet.
- Mobile IP revisited: The infrastructure described
consists of the usual mobile hosts, home agents, local
agents (aka foreign agents), and cache agents (
which are used to provide route optimization). The protocol
spoken between these agents is called the Internet Mobile
Host Protocol (IMHP). The combination of a mobile host's
home address and care-of-address is known as a binding.
- Authentication: All updates to bindings must be
authenticated to thwart bad guys. The home agent and mobile
host have a manually configured shared key, so strong
authentication is trivially possible. Local agents give
mobile hosts temporary shared keys, so authenticated binding
revocations to old local agents are possible. Local agents
also authenticate visitor list entries by verifying that
the home agent has a binding indicating that the mobile
host is visiting that local agent. Local agents and cache agents
generate random numbers included in management requests to
home agents; home agents include this random number in replies.
Thus, only hosts directly between querying agents and the home
agent can play tricks, which is the same as the current internet.
- Binding management: Bindings in home agents, local
agents, and cache agents all time out, and must be refreshed
to remain valid. Also, lazy invalidation of cache agents'
bindings is performed when an old, invalid binding is detected.
Furthermore, binding notifications are sent back to previous
routers when the unoptimized dog-leg route is detected, in the
hope that the previous routers implement a cache agent.
Security and authentication for mobile hosts would be very, very good.
- This paper doesn't deal with privacy or end-to-end encryption.
It is true, however, that these issues are orthogonal to
the authentication issues in the paper.
Back to index