EVALUATION OF OPTIMIZATION SCHEMES IN MOBILE IPV6

IJIC1S 10112 No 2 JULY 2012

EVALUATION OF OPTIMIZATION SCHEMES IN MOBILE IPV6

S K Hussein

Business Technology Department Canadian International College [C I C] Cairo - Egypt

Abstract As the use of IP version 4 has elJhll1dcd many lesions have been learned from its lise Improvements that are necessmy few IP to remain thedominalll protocol in the coming years have been solidified info a proposal called IP version 6 (IPv6) The most significant change to the protocol is in the size of the address space in each packet Where version 4 had only 32 bits for each IP addresses version 6 has 128 bits This expansion solves the problem of the lackofavailable address space already plaguing the internet A dditio 11 0 lZv recall that the reaSOl1 that mobile IPv4 foreign agent care-oaddressing exists is to reduce the number ofextra IF nllmbers needed to support Mobile IF With foreign agent care-ofaddressing everv lI10bile node conlJected to a single foreign agent uses the foreign agents address jor it sown care-oaddress With Mobile IPF6 address space is no longer

an issue so the use ofthe foreign agent is eliminated (lnd packets arc ahvays directly tunneled to the mobile node itself Many approaches have been evolved in improving the routing handoffs and

Security in Mobile IPv6 This paper introduces sOllle of recent schemes that provide better peliormance than the existing Mobile IPv6 protocol

Keywords Mobile IP Triangle ROllting Problem ROllte Optimization BujJering- Tunnelling Security

AbbreviatioltsCorrespondcnt Node (CN) Cagte-(f-Address (CoA) Foreign Agent (FA) Home address (Ha) Home Agent (HA) Internet Service Provider (ISP) Mobile Node (MN) ROllte Optimization (RO) Border Router (BR)Retllrll ROllt-abilitv (RR) Security Association (SA)

Encapsulation Security Payload (ESP) Security Parameter Index (SPI) IIternet Protocol Security (IPSec)

1 Introduction

Nlobile IPv4 is an open standard defined by the Internet Engineering Tltlsk Force (IETF) RFC 2002 that allows users keep the same IP address stay connected and maintltlin ongoing applications While

roaming between networks given that any media that can support IP can support Mobile IP Efforts were made to enhance the standard protocol and to be able to achieve data transmission within the wireless infrastmcture However in trying to achieve this goal ma1JY problems have emerged and still proposals to solve them are evolving [1] The key feature ofMobile IP design is that all required functionalities for processing and managing mobility information are embedded in well-defined entities the Home Agent (HA) Foreign Agent (FA) and Mobile Nodes (MN) The Mobile Node is a host or router thltlt can change its location from one link to another without changing its IP address or intermpting existing services The Home Agent is a router with an interface on a Mobile Nodes home link that intercepts packets destined for the home address it tunnels packets to the mobile nodes 1110st recently reported Care-of-Address The Foreign Agent is a router on a Mobile Nodes visited network that provides routing services to the Mobile Node while it is registered [2-4J

39

lillssei 11(1ll1alioll O(Optimizatiol Schemes [I Mobile [pv6

2 Triangle routing definition

Triangle Routing Problem is considered as one of the problems facirlg the implementation of Mobile IPWhen a Correspondent Node (CN) sends traffics to Mobile Node (MN) the following sequence must be done

1 Packets first get the Home Agent (HA) 2 Home Agent encapsulates these packets and tunnels them to the Foreign Agent (FA) 3 The Foreign Agent de-tunnels the packets and delivers them (0 the Mobile Node

As shown in figure 1 the route taken by these packets is triangle in nature and the most extreme case of routing can be observed when the Correspondent Node and Mobile Node are in the same

subnet [5-6]

--_--_- I-_---_D_a_t_agJ__al_Il_f__N_-(_~N____ __ ~-~~~~~~]

Datagram MN-CN 3L Datagram MN-eN Tunneled datagram

Figure 1 Illustration of the triangle routing problem in mohi Ie IPv4

3 Route Optimization

Route Optimization is an extension proposed to the basic Mobile II protocol [7-8] Here messages from the correspondent node are routed directly to the mobile nodes care-of address without having to go through the home agent Route Optimization provides fOllr main operations These are

1 Updating binding caches 2 Managing smooth handoffs between foreign age1Jts 3 Acquiring registration keys for smooth handoffs 4 Using special tunnels

31 Updating binding caches

Binding caches are maintained by correspondent nodes for associating the home address of a mobile node with its care-of address A binding cache entry also has an associated lifetime after which the entry has to be deleted from the cache If the correspondent node has no binding cache entry for a mobile node it sends the message addressed to the mobile nodes home address When the home agent intercepts this message it encapsulates it and sends it to the mobile nodes care-of address It then sends a Binding Update message to the C01Tcspondcllt node informing it of the current mobility binding

32 Managing smooth handoffs between foreign agents

When a mobile node registers with a new foreign agent the basic Jlobilc IP does not specify a method to inform the previous foreign agent Thus the datagrams in flight which had already

40

lJICiS Vol 12 No 2 JULY20J2

tunneled to the old care-of address of the mobile node are lost This problem is solved in Route Optimization by introducing smooth handoffs Smooth hando ff provides a way 10 notify the previous foreign agent of the mobile nodes new mobility binding If a foreign agent supports smooth handoffs it indiCates this in its Agent Advertisement message When the mobile node moves to a newlocation it requests the new f()reign agent to inform its previous foreign agent hout the new location as part of the registration procedure The new foreign agent then constructs a Binding Update message and sends it to the previous foreign agent of the mobile node Thus if the previous foreign agent receives packets from a correspondent node having an out-of-date binding it forwards the packet to the mobile nodes care-of address It then sends a Binding Warning message to the mobile nodes home agent The home agent in turn sends a Binding Update message to the correspondent node This notification also allows datagrams sent by correspoildent nodes having out-of-date binding cache entries to be forwarded to the current care-of address Finally this notification allows any resources coilsumed by the mobile node at the previous foreign agent to be released irnl1H(li(1tclyinstead of waiting for the registration lifetime to expire

33 Acquiring registration keys for smooth han doffs

Formanaging smooth handoffs mobile nodes need to communicate with the previous foreign agent Thisconununication needs to be done securely as any careful foreign agent should require assurance that it is getting authentic halidoffinformation and not armnging to forward in-flight datagrams to a bogus destination For this purpose a registration key is established between a foreign agent and a mobile node during theregistration process The following methods for establishing registration keys have been proposed in the order of declining preference

If the home agent and the foreign agent share a security association the home agent can choose the registration key If the foreign agent has a public key it can again use the home agent to supply the registration key

bull If the mobile node includes its public key in its Registration Request the foreign agent can choose the new registration key

bull The mobile node and its foreign agent can execute the Diffie-Hellman key exchange protocol as part of the registration protocol

This registration key is used to form a security association between the mobile node and the foreign agent

34 Using special tunnels

When a foreign agent receives a tunneled datagram for vhich it has no visitor list entry it concludes that the node sending the tunneled datagram has an out-of-date binding cache entry for the mobile node If the foreign agent has a binding cache entry for the mobile node it should re-tunnel the datagram to the care-of address indicated in its binding cache entry On the other hand when a foreign agent receives a datagram fora mobile node for which it has no visitor list or binding cache entIy itconstmcts a special tU1111el datagram The special tunnel datagram is constructed by encapsulating the datagram and mlttking the outer destination address equal to the inner destination address This allows the home agent to see the address of the node that tunneled the datagram and prevent sending it to the same node This avoids a possible routing l(lp that might have occurred if

the foreign agent crashed and lost its state information

41

fillsseill rmllallnll OfOptilllizalioll Schemes 111 Mobile Ipv6

In recent literature many protocols have becn invented to solve the Trimgle Routing Problem in Mobile IPv4 that was done by using a route optimization as an optiCnal protocol that should be added In Mobile IPv6 the route optimization protocol is already embedded and not optional In this paper we introduce some recent optimization schemes used with Mobile IPv6 to clarify the effect of using different schemes in improving the routing handolI and Security in Mobile IPv6

4 Mobile IPv4 versus Mobile IPv6

The design of Mobile IP support in IPv6 (Mobile IPv6) represents a natural combination of the experiences gained from the development of Mobile IP support in JPv4 (Mobile IPv4) together with the opportunities provided by the design Hnd deployment of a new version of IP itself (IPv6) and the new protocol features offered bylPv6Mobile IPv6 thus shares many features with Mobile IPv4but the protocol is now fully integrated into TPand provides many improvemcnts over Mobile IPv4 This section summarizes the major differences between Mobile IPv4 and Mobile IPv6

Support for what is known in Mobile IPv4 as Route Optimizition is now builtin as a fundamental part of the protocol rather than being added on as an optional set of extensions that may not be supported by all nodes as in Mobile IPv4 This integration of Route Optimization functionality allows direct routing from any correspondent node to any mobile node without needing to pass through the mobile nodes hOl11e networkand be forwarded by its home agent and thus eliminates the problem of triangle Touting present in the base Mobile IPv4 protocol The Mobile IPv4 registration functioll(llity and the Mobile IPv4 Route Optimization functionality are performed by a single protocol rather than two separate (and different) protocols

Support is also integrated into Mobile IPv6 -- and into II6 itself -- for allowing mobile nodes and Mobile IP to coexist efficiently with routers that perform ingress filtering Amobilenode now uses its care-of address as the source address allowing the packets to pass normally through ingress filtering routers The home address of the mobile node is carried in the packet in a home address destination option allowing the use of fhe care-of address in the packet to be transparent above the IP layer The ability to correctly process a home address option in a received packet is required in all IPv6 nodes whether mohile or stationary whether host or router The use of the care-of address as the source address in each packets IP header also simplifies routing of multicast packets sent by a mobile node With Mobile lPv4 the mobile node had to tunnel Jllulticastpackets to its home agent in order to transparently use its home address asthe source of the multicast packets With Mohile IPv6 the usc of the home address option allows the home address to be used but still be cOlnpalible with multicast routing that may be based on the packets source address There is no longer any need to deploy special routers as foreign agents as used in Mobile IPv4 In Mobile IPv6 mobile nodes make use of IPv6 [catillcs such as Neighbor Discovery [9] and Address Auto configuration [10] to operate in (my location away from home without any special support required from its local r()uter So foreign agents do not exist in MIPv6 Unlike Mobile IPv4 Mobile IPv6 utilizes IP Security (IPSec) for all security requirements (sender authentication data integrity protection and replay protection) for Binding Updates (which serve the role of both registration and Route Optimization in Mobile IPv4) Mobile IPv4 relies on its own security mechanisms for these functions based on statically configured mobility security associations

42

lJlClS 10112 No2 JULY 2012

The movement detection mechanism in Mobile IPv6 provides bi-directional confirmation of a mobile nodes ability to communicate with its default router in its CutTent location (packets that the router sends are reaching the mobile node and IKlckets that the mobile node sends are reaching the router) This confirmation provides a detection of the black hole situation that may exist in some wireless environments where the link to the router does not work equally well in both directions such as when the mobile node has moved out of good wireless transmission range from the router The mobile node may then attempt to find a new router and begin using a new care-of address if its link to its current router is not working well In contrast in Mobile IPv4 only the forward direction (packets from the router are reaching the mobile node) is confinned allowing the black bole condition to persist Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 Routing header rather than IP encapsulation whereas Mobile IPv4 must use encapsulation for all packets The use of a Routing header requires less additional header bytes to be added to the packet reducing the overhead of Mobile IP packet delivery To avoid modifying the packet in flight however packets intercepted and tunneled by a mobile nodes home agent in Mobile IPv6 must still use encapsulation for deJivelY to the mobile node While a mobile node is away fro111 home its home agent intercepts any packets for the mobile node that arrive at the home network using IPv6 Neighbor Discovery rather than Address Resolution Protocol (ARP) as is used in Mobile Pv4Th~ use of Neighbor Discovery improves the robustness of the protocol and simplifies implementation of Mobile IPdue to the ability to not be conce111ed with any particular link layer as is requiredinARP

5 Vulnerabilities in Mobile IPV6 51 Home Address Option

When the Home Address Option (HAO) is used the attacker can lise it when he attacks by Denial of Service HAO provides the method to bide the attackers current 10catiol1 An attacker chooses a victim and another addressable IPv6 nodes or node rellectors He configures IPv6 packet headers source address and the destination address as his original address and reflector address respectively And then in HAO he puts victims address and sends the packet The receiver reflector processes the packets and gets to know the packet has HAO so he exchanges the source address with HAO The reflectorthiilks the packet he has received is sent from victim so he sends the packet to the victim Thevictim receives the packet whose source address is reflectors and he doesnt know the attackers

address the original sender Therefore the reflector receives useless packets and these packets consume the network resources These packets can disturb the reflector in communication To solve this problem Internet protocol Security ( TPScc) is used When a correspondent node receives a packet with Home address option it process that option only if there exist binding information of IPSec SA (Security Association)

52 Routing Header

When send packets to the mobile node a routing header is used to suppOli the transparent communication for the upper layers Also the routing header is used for source routing it is possible to choose ISP dynamically in traffic engineering or multi-homing environment However the type 0 routing header which is defined in Mobile IPv6 has a prohlem the IClUting header can be processed in both of hosts and router and it can contain several addresses so it can be used by reflection attack To solve this problem it is recommended (0 usc new type of Destination option new extended header or routing header instead of using the ordinaiy routing header

43

illlsslin lmllolion O(Oplimizatio17 Scllemes 111 Mobile ipv6

53 Binding Updates

When a mobile node sends a binding update message an attacker call obta in the information about the mobile nodes current location and send a packet which has different address with the mobile node to the mobile nodes home agent Once a home agent receives the packet the mobile node cannot receive the packets from its home agent The mobile node also uses the binding update to attack a host It can send binding update message to its correspondent nodes with the false Care-of Address (victims address) Once the correspondent nodes receive this packet it sends packets to the false Care~of Address not to the mobile node [9] A mobile node can send a lot of binding update messages at once The correspondent node receives the meaningless packets and before it recognizes that the messages are invalid it may consume its resources and call not process the meaningful packets An attacker may replay the old binding update message This replay attack leads the packets to the former location of mobile node so the mobile node cannot receive its packets To protectthese attacks a mobile node uses IPsec ESP (Encapsulation Security Payload) when it sends binding update message to its hon1e agent When a mobile node sends binding update message to its correspondent node it may uses RR(Return Routability) to checkif the home address and the Care-of address are reachable

6 Previous Optimization Schemes

There have been attempts to address the routc optimization and associated handoff in Mobile IPv6 This section introduces some of recent attempts dedicated for enhancing the route handoff and security in Mobile IPv6

61 Optimization by Global Dynamic Home Agent Discovery 611 Introduction

Data communication on the next-gcneration Illtemet can be lt1chieved by unicast multicast and anycast Vnicast functions by point-to-point datagram COmllll1ll1elt1tinn between a source and 11 destination node sending the datagram to the one recipient identified by the unicast address Multicast works by point-to-multipoint datagram coml1luuicatiotl between a single source and one or more destination nodes transmitting one copy of a datagram to a group of members to reach all recipients identified by the multicast group address Anycast the new IPv6 protocol operates by point-to-point datagram communication between a single source and its nearest destination node Choosing the nearest node based on the network topology is called network anycast The metrics of network anycast are cost number of router hops and calculated distance By contrast the metrics of the application anycast include available server capacity measured response times and number of active connections and so on Anycasting has many merits in a mobile network inclUding resource reduction simplified configuration network resiliency an(lload blt11ancinl [11]

The Dynamic Home Agent Address Discovery (DHAAD) in [12J is an anycast application DHAAD usesanycasttechnology to achieve loading balance of home agents Multi-HAs must all be assigned the same subnet in the protocol as illustrated in Fig 2 These HAs are gathered in the same link in the DHAAD protocol architecture When the MN sends (l binding update to the HA it transmits an ICMP Home Agent Address Discovery Request Message with an tnycast IP tddress in the destination section of the IP header One HA in the local link receives and replies to the IeMP Home Agent Address Discovery Reply message including the HAs ullicastlP list When the MN receives the ICMPs reply it sends a binding update to a selected home agent with the HAs unicast IPThen the

44

JICIS Vo1l2 No 2 JULY 2012

hQmeagent employs Proxy Neighbor Discovery to intercept any IPv6 packetsaddresSydto the MNs home address on the home link

1 ICIVIP Home Agent Address Discovery Request

2 ICIVIP Home AgeJlt Addless Discovery Reply III-shy

3 binding update Figure 2 Dynamic Home Agent Address Discovery

612 Anycast mobile IPv6 The network anycast spans an anycast group into the all-distributed HA and border router on the global mobile IPv6 As a multicast network demands that all routers SUppOlt multicast so an anycast netwoik needs all seIvers and routers to support allycast All border routers support anycastenabling

datagram to be transmitted to the nearest HA The eN can connect to the mobile nodes nearest HA or even directly to the mobile node in the complete anycast mobile IPv6 framework because the fuobilenode and HA are both anycast route destinations All border routers in an anycast mobile IPv6 network can analyze the destination allycast IP in the datagrams header and forward the packet to the related interfaces Then the datagram is sent to the mobile node or a home agent through the anycast route Thus the HA is not mandatory in an anycast mobile IPv() framework because datagram can be sent directly to the mobile node directly However anycast ronting is defined as less variant routing meaning that routing tables are not frequently exchanged In MolJilc IPv6 the mobile node always moves but the router near the correspondent nodes routing t(lhledoes ilot have the present record of

MNs anycast IP The HA must still ensure that the packet has been fOlwarded to the mobile node correctly Additionally the mobile node also needs the HA during MN handoff The MN sends a

binding update to the HA when i l moves to another base station range Then the HA tunnel the streaming to the new MN location Although Mobile IPv6 has a routing optimization procedure for sending binding updates to the correspondent node directly the return rout-ability (RR) must be accomplished first The return rout-ability procedure must he also executed through the HA The Mobile IPv6 Home-Agents anycast is defined in [13] An MN can identify an HA using Mobile IPv6 Home Agentsanycastdiscovery by discovering the interface identifier field See Figure 3

n hits I 21-nhils 7 hits

5ubnct prefix middot Ill I 1 10 III _ 1 I 1[a flycnst-In

Figure 3 Anycast IP format middot

4S

HllsselI ErI lllalOIl O Optimization Scitenles III Mobile Ipv6

613 Results and middotperformance evaluation

An anycast network is the optimal scheme foranycast mobile IPv6 frarnework that supports the neatest route in the correspondent node mobile node and home agent Anycast enhance the network perfonnanceby reduCing the route distance However this enhancement cannot be achieved quickly Allahycast network needs border routers with modern firmware sllpporting anycast The routers forwarding perfonnance degrades slightly when using an anycast network Furthennore an anycast

networks routing table occupies more memory space than that of a Illulticast network GDHAD by network anycastsimplifies anycast mobile IPv6 network estabLishment To let the mobile and corryspondent nodes search the suitable home agent the Global Dynamic Home Agent Discovery

(GDHAD) scheme is employed to find the new home agent to reduce the route distance between mobile node and the HAGDHAD includes two phases registration and transmis~ion Inregistration the MN discovers its nearestHA and sends a binding update message In transmission the new HA relays datagram to the mobile or correspondent node The simulation results were obtained using the most popularsimulation tool NS2 Fig 4 shows the simulation model There are two home agents (HA) three border routers (BR) and eight based stations (BS) in the simulation scenario Firstthe

mobile node will register to the nearest HA And the correspondillg node floods User Data-gram Protocol ( UDP) streaming to mobile node per second Mobile node moves to the next domain per 50 second beginning after 5 second The total bandwidth consumption and the average end-to-end delay when the mobile node hands off were measured Four scenarios were compared (Table 1) in the simulation as follows First a_l1o_ro used the anycast protocol without route optimization Second U_I10_ro employed the unicast protocol without route optimization like the DHAAD mechanism in a Inobile IPv6 network Third llJO adopted the unicast protocol with route optimization This scenario is exactIy like mobile IPv6 operation Fourth anycast protocol was used with route optimization

H H

-1C) ~-- -middotmiddotmiddotmiddot

-~ -~~ ~

Omiddotmiddotc5middotmiddotmiddotmiddotcfgt us - ~ bull

----~--~----

Figure 4 Simulation model

Table 1 The differences of four schemes

scbeute 3_ u_ u Ploposed _~____~_-n_ ___C_-~_~~1-O- C--J_~_ 10 scilel11e c-~_1- 1 middot_-c1_

anycast V ~ ~ v protocol

u nicast v protocol lrou te V optiUtilZshy

atiOll

46

IjICIS von No 2 JULY202

r------------~---------~~- ~~-~-~---~ ~ ---____~__n

~ 900

k 800 c --- shy 700sectwg 6 00

~ 500

sect 400

(J 300

=5 2 00

~ 100

II 0 o 20 60 80 100 120 160 180

tinle (second)

Figure 5 The comparisons ofbandwidth Consumption

i

L-____---------------~-------__------~ ----------

Figure 6 The comparison of end-to-end deJay

From FigureS and Figure 6the comparative results show cletlrly that as expected mobile IPv6 using unicast without route optimization mechanismhas the maximum total bandwidth consumption The

anycast protocol is better than unicast Mobile IPv6 supportingroute optimization is better than Mobile IPv6 withoutsupportroute optimization The proposed schelile has the best performance

62 Route Optimization Security in Mobile lPv6 Wireless Nehvolks

Route Optimization (RO) is standard in Mobile IPv6 (MIPv ll ) to route packets between Mobile Node (MN) and Correspondent Node (CN) using shortest possible path An enhanced security algorithm is developed on top of MIPv6 RO to secure data This algorithm is able to detect and prevent the

attacker from modifying the data with using an encryption algorithm by cost of little bit increase but tolerable delay

62JRoute optimization Scheme

In this scheme after the establislul1ent of RO MN and eN ccilllmunicate directly The attacker is located on the pathhetween MN and eN andmodifies the data sendingfrom MN to CN When MN is sending packets it copy and save some packet randomly with putting the flag to inform CN to return these packets back Therefore MN is able to compare these two packets (saved before and came back from CN) and check whether are same or not If packets are not same based on the data MN can decide to use encryption to protectthe data If attacker change the flag that means the MN will not receive the selected packet fonn eN or will receive unselected packet the MN will start encryption

47

Issei foIalioll ifOplimizatioll Schemes III Mobife pv6

The encryption key can be sent to CN or CNs during RR procedure l 14] Due to complication and problem in using IPsec and encryption methods in RO encryption is used only if an attacker is found which is suitable for delay sensitive applications Buffering the pnckets by MN is randomly it is

conclucied fast transmission and because of the necessarily of CN to return back the selected packet is not leading to increase the network traffic on the large networks A Mobile IPv6 Test-bed with IPSec and Route Optimization areenabled to examine the performance of this security method~ IPSec is enabled Oil HA andMN to avoid forged messages The Test-bed is composed ofhardware software andnetwork analysis tools tocapture and monitor the packet flow and content of data The attackeris programmed using middleware and applies on the Test-bed to show how it can affect on the packet and how this method can prevent it This attacker is able to modify the packet from andto the eN The implemented network Test-bed consists of four computers Tvo of them assume the roles ofthe eN and MN respectively one Home Agent and one Router are configured as IPv6 capable router PC~based software router implementation is used instead of commercial IPv6 routerin orderto have more flexibility andpossible(olUn middleware program The design and architecture of the proposed scheme are shown in Fig 7

bull

Figure 7 Test bed Design ~l1d Architectllre

622 Result and Performance Evaluation

100

I 200

j

Figure 8 Packet Flow on Conventional find Proposed Method

0 -1~ ~-11 20 Time

Figure 9Perfonnance Comparison of the Conventional and Proposed Method

tI c E

2 aJ

100

80

60

40

20 - -~

bull -- ---- _ shy 1-shy ~ - -- ~ -

L-A-21lII ~-~~-~- -~-~

- middot-Ideal Perfonngtlnce

bull Conventional Method

ilt Pwposed Methode

48

lJlels VolJ2 No2 JULY 2012

From Figure 8 and Figure 9 the results show that how attacker can modify the packets and this method prevents it as well as performance of the security proposed method and packet flow The performance evaluation of the proposed method in comparison with the conventional method gives advantages of safe communication in terms of data security in Route Optimization Mobile IPv6 networks

63 Tunnel Restraint to Prevent Out-of-Order Packets for Route Optimization in Proxy Mobile IPv6

Route optimization (RO) developed for Proxy Mobile IPv6 (PMIPv6) aims at reducing the packet transmission cost However the RO procedure may causeout-of-order packets the tunnel restraint scheme isproposed to minimize out-of-order packets during a mobile node (MN)s handover by utilizing a developed estimation function that calculates an amount of out-of-order packets in the RO procedure [15]

631 IntroductiOll

The basic specification ofPMIPv6 [16] introduces two types of proxy mobility agents local mobility anchor (LMA) and mobility access gateway (MAG) The LMA maintains all mobility information for MNs have been registered in a PMIPv6 domain whereas the MAG is responsible forregisteringMNs to the LMAas it detects attachment events of MNs in its access network Because any mobility

support functionality is not required to theMNs mobility management functionillities are only required in the LMA and the MAG The LMA is also a topological anchor point for the registered MNs in the PMIPv6 domain s9 that all traffic ftom and to theMNs is controlled and forwarded at the LMANote that a bi-directional tunnel ie PMIPv6 tunnelbetween the LMA and the MAG is established for packet forwarding service to MNs attached to the MAG All traffic from and to an MN will always traverse via the LMA irrespective of the actual location of the correspondent node (CN) of the MN This routing path increases the tunneling management cost as well as the packet transmission cost if an optimal (short) routing path middotbetween the MN and the CN exists The sub-optimal routing path caused in the basic specification of PMIPv6 [16] also increases a failure probability of LMA due to the concentrated load at the LMA For instance as the number of MNs in the PMIPv6 domain or the traffic rate of MNs increases the LMA which isa single operation point will be overloaded [1718] To optimize a routing path in PMIPv6 a proposed route optimization (RO) procedure where a pair of MAGs makes an optimal routing path for attached communicating nodes to reduce the packet transmission and tunneling management costs However the introducedRO procedure could lead to an out-of-order packets problem that causes a retransmission mechanism of the TCP layer so that an overall network performance is decreased

figure 10 Architecture model for PMIPv6

49

I I middot

Hllsseil Eaillation qrOptimizatioll Schemes [1 Mobile [p16

Figure 10 shows the architecture model for PMIPv6 wherein two different PMIPv6 domains are presented

632 The Tunnel Restraint Scheme

The tunnel restraint scheme [19] has the following procedure (1) When MAG2 receives the Proxy Binding acknowledge (PBAck) message for MNl sent from LMA1 MAG2 restrains the tunnel creation action while it stores packets sent from MNl ie buffering packets (2) MAG2 waits the Ro Report Ack message for MNl from LMAI that indicates the RO tunnel is ready to establish between MAG2and MAG4 (3) SimilartoMAG2 LMA2 also buffers packets to MNl until it receives the RO Report message sent from LMAl and (4) MAG2 and LMA2send the buffered packets from and to MN2 via optional and non-optional path respectively

The tunnel restraint scheme requires that all MAGs and LMAs maintain the buffer queues for MNs That is one buffer per MN is maintained raiher than maintaining one buffer per stream or session that provides compatibilitymiddot with the mobility management structures

633 Results and Performance Evaluation

The tunnel restraint scheme has been evaluated by varying the value of Out of Order Time Period (OTP) the number ofconununication nodes the traffic rate and the handover rate [Figure 10 to

Figure [13] The goal of this evaluation is to present the impact of out-of-order packets the performance factor and the efficiency of the tunnel restraint scheme compared with the basic RO scheme

~ Iamp~~~~__~__~i__~__~--J 3- 4 5 e 7 8 9 10

The packet sending rateat MN

FiguielOAmount of out-of-order

The value of OTP

Figure 11 Amount of out-of-orderpackets asa function of OT

Figure12 Amount of out-of-order

50

4 S 8 10 12 14 IS 18 20

The number of MNs

Figure 13 Amount of buffered packets at proxy mobility agents as a function of number of MNs

IJfClS Vo1l2 No2 JULY 2012

The implementation procedure developed for enhancing the transmission performance causes the outshyof-order packets problem Such out-ofmiddotorder packets invoke the congestion collapse in the TCP layer andgive a worse impact onthe performance To address this problem the tunnel restraint scheme is used to minimizes the arrival of out-of-order packets to the MN In the tunnel restraint scheme the buffering techniques at the proxy mobility agents are adoptedto minimize the arrival of out-of-order packets to theMN The proxy mobility agents taking part in the ROprocedure buffer the packets for the MN until they establish the RO humel between them The conducted perfonnance evaluation results show that the traffic rate and the time period of out-of-order packets mainly have effects on the outof-order packets problem and demonstrate that the tunnel restraint scheme enhances the performance of PMIPv6 RO by minimizing the number of out-of-order packets

64 Secure Route Optimization Protocol (SROP)

It is an end to end authentication and key establishment protocol Each node in the network is assigned a tag value which is a unique bit pattern representing the public key But this isnot used for

communication because of itsmiddot varying size A node can have more than one tag value These tag values can be either public or unpublished The public tag values are stored to Domain name System ( DNS) [19] Each tag value is associated with an address which is a 128 bit cryptographicalhash of tag value It is computationally hard to find a node that produces matching address So address collision is very low Localized address is a 32-bit localized representation ofthe tag value Localized address values are selected randomly by each node Collisions may easily occur but can be neglected as it is used in the local scope Localized addresses can be used as an address in the FTP command ()r in the socket call Purpose of localized address is to facilitate the use of tag values in the existing

protocols like ipv4 and APIs It introduces a new namespace to overcome the drawbacks of the current IP address namespace and Domain Name namespace Address assigned to a host that is calculated from the tag value separates the identity of the host from the location information that the IP address carries This new namespace fills the gap between the IP addresses and the DNS names by separating the IP addresses from the upper layer bindings It is a protocol for discovering and authenticating the bindings between public keys and IP addresses Above layers are based on tag values but not on IP addresses Binding of tag values to IP addresses is done dynamically SROP makes mobility transparent to the applications Its main purpose is to provide authentication during the connection establishment and also to provide security association This protocol is used to authenticate the connection Italso establishes security associations for a secure connection with ESP bydeveloping a SROP initial exchange

641 SROP Initial Exchange

The initiator initiates the initial exchange by sending the packet II This packet contains the address of the initiator and the address of the responder is optional The second packet Rl sent by the responder starts the actual exchange It contains cryptographic challenge that has to be answered by the initiator to start the exchange It also consists of initial Diffie Hellman parameters and a signature Then initiator sends the packet 12 answering the question given by the responder It also consists of the needed Diffie Hellman parameters and the signature Then respohder completes the exchange by signing the packet R2The purpose of question in packet Rl is to protect the responder from attacks~ It does not protect from an attacker ifhe uses fixed addresses The first 3 packets implement a standard Diffie Hellman exchange The responder sends public DH key and its public authentication key ie tag value of responder Data packets start to flow after the packet R2

51

Husseill Evaluatioll OrOptimizatioll Schemes III Mobile Ipl6

642 End node Mobility

The actual payload traffic is protected with ESP and hence the ESP SPI acts as an index to the right host-to-host context When a node moves to another address it notifies its peer ofthe new address by sending an SROP UPDATE packet containing a LOCATOR parameter This packet is acknowledged

by the peer To ensure reliability UPDATE packet is sent again the peer can authenticate the contents of the UPDATE packet based on the signature and keyed hash of the packet The peeris not able to send the packets to these new addresses before it can reliably and securely update the set of addresses that they associate with the sending host Also mobility may change the path characteristics in such a way that reordering occurs and packets fall outside the (Encapsulating Security Payload (ESP) anti replay window for the security association that requires rekeying

643 Results and performance analysis of SROP bull Theperformartce of SROPcan be assessed on the Round Trip Time (RTT) and Binding Cost (BC) RTT is defined as the elapsed time for transmitting data over a closedpath Furthermore in the circumstance of frequent handover the overhead Of processing in nodes in Mobile IP will be even higher than that in SROP In Return Routability (RR) to defend the messages from eavesdropping attack and time shifting attack the key and state have a short life time Binding update for a MNs middot

frequent IP address changing has heavy processing cost SROP relies on SAs and nodes do not need to do any extra computation when a MN is moving from one sub network toanother until it requires the readdress with re-keying in the SA It is obvious that SROP requires less processingin binding update Another new feature of SROP is its support for multi homing which is lacked in the current Mobile IP By using the Update packet the MN can notify the CN with more thart one interface Figure14 and Figure 15 show the tiine versus the drop in packets and bandwidth respectively for both the basic route optimization scheme and the SROP scheme Red and green line shows the results of basic Route Optimization protocol and Secure Route optimization protocol respectively

Figure 14 Time versus drop in packets

As a result of implementation of SROP protocol versus the Normal Mobile IPv6 protocol ithas been found that the security and efficiency are improved in SROP when compared to Route Optimization irt Mobile IPv6 In SROPwithout modifying the upper layer protocol it can still offer excellertt features in mobility management by adopting the improved binding update process and the strengthened secUrity

52

IJICfS Vo1l2 No2 JULY 2012

Figure 15 Time versus Bandwidth

7 Performance Comparison of previous Optimization Schemes

Conventional Mobile IPv6scheme allows transparent interoperation between Mobile Nodes and their Correspondent Nodes All datagrams for a Mobile Node are directly routed from the Correspondent Node to the Mobile Node The optimization schemes introduced three optimization aspects to optimise the conventional Mobile IPv6The first aspeCt is shortening the routing path between MN and CN The second aspect is minimizing the hand off latency and the third aspect is using a high level of security policy Each of the previous optimisation schemes verify one or two optimisation aspects but still partially vulnerable to the third aspect In the previously mentioned scheme Global Dynamic Home Agent Discovery the routing path is optimized and thehandoff latency is minimised but still the security policy is not optimal Also this scheme adds some more additional cost by using the border routers with amodem finnware and also a large memory size is required for routing table the second scheme Route Optimization Security in MIPv6 in this scheme the routing path is optimized a new security policy is applied to over come the difficulty ofIPSec but that may cause more delay In the third scheme Tunnel Restraint the routing path isoptimizedthe rate of congestion of out of order packets is decreased and the handoff delay is reduced but still the security is facing a problem Also the buffering the Local Mobility Anchor [LMA ] and the Mobility Access Gateway [MAG will increase the total cost Finally in the last scheme Secure Route Optimization the routing path is optimizedand a high security policy is used that may increase the delay during hand off

Conclusion and Future Work

Inthis paper we introduced the definition and the operation in Mobile IPv6 protocol Global Dynamic Home Agent Discovery on Mobile IPv6 A Route Optimization Security in Mobile IPv6 Tunnel

Restraint and Secure Route Optimization were proposed as recent researches that optimize routing handoff and security protocols in nonnal Mobile IPv6

As future work a new cost wise scheme should be introduced to optimize the conventional Mobile IPv6 scheme by increasing the level of authentication and decreasing the amount of traffic over the network reducing the handoff delay and at the same time shortening the routing path between the Mobile Nodes and the Conespondent Nodes

53

L

Husseill Evaluation OfOptimization Schemes In Mobile fpv6

References

Clint Smith and Daniel Collins 3G Wireless Networks McGraw-Hill United States 2002 2 Abbes Jamal pour The Wireless Mobile Internet John Wiley amp Sons Ltd England 2003 3 Philip J and Nesser II Survey of IPV4 Addresses in Currently Deployed IETF standards

Internet-drafts draft-ietf-ngtrans-ipv4 survey-Oltext work on progress August 2001 4 Seong Gon Choi Rami Mukhtar Jun Kyun Choi and Moshe Zukerman Efficient Marcro

Mobility Management for GPRS IPNetworks Optical Internet research center (OIRC) Korea May 2002

5 William Stallings Wireless Communications and Networks prentice Hall New Jersey United States 2002

6 Toni Janevski Traffic Analysis and Design of WirIess IP Netowrks Artech House Inc Boston London 2003

7 Sherif Kamel Hussein Iman Saroit Ismail S H Ahmed(2006)Triangle Routing Problem in Mobile lpn INFOS 2006 25~27 March Proceedings of the FourthInternational Conference on InfOlmatics and Systems Confer~nceJlallCairoUniversity Cairo Egypt2006

middot8 Sherifmiddot Kamel Hussein Iman Saroit Ismail S H Ahmed (2006) Solving the Triangle Routing Problem in Mobile lpn Informatics Journal Faculty of Computers and Information Cairo University published issue June 2006

9 Byungjoo Park Sunguk Lee Haniph Latchman A Fast Neighbor Discovery and DAD Scheme for Fast Handover in Mobile IPv6 etworks Proceedings of the rnternational Conference on Networking International Conference on Systems and International Conference on Mobile Communications and LearningTechnologies (ICNICONSMCL06)2006 IEEE

1 OChristophe Jelger Thomas Noel Proactive Address Autoconfiguration and Prefix Continuity in IPv6 Hybrid Ad Hoc Networks 2005 IEEE

11 Yunmiddot Sheng Yen Chia -- Chang Hsu and Han -- Chieh Chao Globil DynamicHome agent Discovery on Mobile IPv6Qepartment of Electrical Engineering National Dong Hwa University Hvalion Taiwan2005

12 Johnson D Perkins c and Arkko J Mobility Support in IPv6 RFC 3775 June 2004 n Hagillo J and Ettikan K An analysis ofIPv6 anycast Internet Draft ltdraft-ietf-ipngwg-ipv6shy

anycast-analysis-02txt gt June 282003 14 Abbas Mehdizadehmiddot SKhatun Borhanuddin M Ali RSA Raja Abdullah and Gopakumar

Kurup Route Optimization Security in Mobile IPv6 Wireless Networks CSICC 2008 cels 6 pp 15J--159 2008

15 Jong-Hyouk Leemiddot Yeong-Deok Kimmiddot Dongwoo Lee Tunnel Restraint to Prevent Out-of-Order Packets for Route Optimization in Proxy Mobile IPv6 Wireless Pers Commun (2011) 60547shy558 DOL 1O1007s11277-011-0308-5

16 Gundavelli S Leung K Devarapalli V Chowdhury K amp Patil B (2008) Proxy mobile IPv6 RFC 5213

17 Lee J-H Pack S You I amp Chung T-M (2009) Enabling a paging mechanism in networkshybased localized mobility management networks Journal oflnternet Technology 10(5)463--472

18 Lee J-H amp Chung T-M (2010) How much do we gain by introducing route optimization in proxy mobile IPv6 networks Annals of Telecommunications 65(5--6) 233--246

19 DKavitha 1 DrKESreenivasa Murthy SZahoor III Huq3 A Secure Route Optimization Protocol in Mobile IPV6 ll-IJCSNS International Journal of Computer Science and Network Security VOL 9 No3 March 200927

54