KSII The first International Conference on Internet (ICONI) 2009, December 2009 Copyright ⓒ 2009 KSII
173
Secure 6LoWPAN Mobility Support Scheme Employing PMIPv6 Sang-Ho Na1, Eui-Nam Huh1, Aymen Al-Saffar1,Seung-Teak Lee2 and Hyun-Ho Choi2 1 Department of Computer Engineering, KyungHee University (Global Campus) Youngin, Gyeonggi-do, South Korea [e-mail: {shna,johnhuh}@khu.ac.kr,
[email protected]] 2 Department of IT Convergence Infrastructure, National Information Society Agency NIA bldg. 77, Mugyo-Dong, Jung-Gu, Seoul, Korea [e-mail: {leest, hhchoi}@nia.or.kr] *Presenter : Hyun-Ho Choi
Abstract In the USN environment, mobility support is an indispensable condition where USN is an integrated network with various infrastructures. Therefore, 6LoWPAN need to support movement of mobile sensor nodes inter subnet and PMIPv6 Domain is able to manage the 6LoWPAN mobile sensor nodes independently. We put our focus on a point of similarity to control mobile node in PMIPv6 that the MAG manage mobility of the MN by MN-ID and the 6LoWPAN nodes have their unique ID in their domain. For the above mentioned reason, we propose mobility support scheme employing PMIPv6 for 6LoWPAN mobile node. Beside, our scheme can deal with the Sybil attack by checking the signaling message during handover. Keywords: Proxy Moblie IPv6, 6LoWPAN, Mobility Support, Sybil Attack
1. Introduction For the USN (Ubiquitous Sensor Network), many researches are going on to implement USN, now the USN is coming true. Sensor Network is a core technology of USN, they consist of sensor nodes which allows them to be easily embedded into materials or deployed on a large monitoring area. One of the major challenges for wireless sensor networks is to find out a suitable authentication scheme due to the constraints of computational capacity, power and storage size. The Broadband Convergence Network (BcN) of USN is a combined network with many infrastructure network like IP network, sensor network, and wireless network. Each network has independent interface and can communicate with the other network. For example, user in PMIPv6 domain can control and manage sensor
nodes in 6LoWPAN. And providing support for mobile node movements is one of the main researches for next generation network as Mobile IPv6, Proxy Mobile IPv6. Mobile IPv6 (MIPv6), which is a host-based mobility management protocol, is one of the most representative efforts and proposed by the IETF as the main protocol for mobility management at the IP layer. However, although MIPv6 is a well-known mature standard for IPv6 mobility, it has some well known weakness such as handover latency, packet loss and signaling overhead. Besides, the MIPv6 requires protocol stack modification of the Mobile Node (MN) to support IP mobility. Recently, a network-based mobility management protocol, which is called the Proxy Mobile IPv6 (PMIPv6), is being standardized by the IETF NetLMM WG. Unlike the MIPv6, new entity like Mobile Access Gateway (MAG), Localized
This research was supported by NIA(National Information Society Agency), KOREA under the KOREN Program
174
Na et al.: Secure 6LoWPAN Mobility Support Scheme Employing PMIPv6
mobility Anchor (LMA) in PMIP6 allows the serving network to control the mobility management on behalf of an MN, so the MN do not need to do anything for any mobility-related signaling. Then, we think up about that a user in PMIPv6 domain able to control a mobile sensor node in sensor network. A mobile sensor node handover is performed within a localized PAN. During the handover, how can PMIPv6 network support that? As you recall, a host of MIPv6 should process mobility-related signaling, for this reason, PMIPv6 is appeared with solution. This reflects that handover for 6LoWPAN mobile senor node need to be performed independently from sensor network. MAG in PMIPv6 domain manages a mobile node handover by using MN-ID. Also, all sensor nodes have unique ID in local domain. We focus on this sense and propose 6LoWPAN mobility support in PMIPv6. Also, security threats in PMIPv6 domain are similar to the one of sensor network. Because MAG is designed to manage a MN with MN-ID, an attacker can masquerade as certificated MN, steal a session and intends to bring about signaling without handover. Therefore, in this paper, we present secure handover scheme that expanded to the 6LoWPAN mobile nodes by employing PMIPv6. The remainder of this paper is organized as follow: In Section 2, we describe a PMIPv6 protocol and vulnerability of PMIPv6 domain, especially the relationship about between MN and MAG. Then in section 3, we propose secure handover scheme to support mobility for the 6LoWPAN mobile node where the handover is performed independently of 6LoWPAN. Finally, we conclude discussion with future work in section 4.
2. Related Work 2.1 Proxy Mobile IPv6 Protocol PMIPv6 is organized as Fig.2. In PMIPv6, it is possible to support mobility for IPv6 nodes without host involvement. The mobile access
gateway (MAG) manages the mobility signaling for an MN on behalf of the MN [2, 3, and 4]. In order words, the MAG sends the proxy binding update (PBU) message on behalf of the MN when the MN moves in local domain.
Fig.1 PMIPv6 Network The local mobility anchor (LMA) perform similar to the home agent (HA) in MIPv6 and is responsible for maintaining the MN’s reachability by using public binding update message from the mobile access gateway. Thus, MN does not need the MIPv6 stack in the PMIPv6 domain. However during a handover, the authentication process causes not only handover latency and but also the on-the-fly packet loss. In addition, packets ordering problem would be settled [5, 6, 7, 8, and 10]. 2.2 Proxy Mobile IPv6 Protocol Security According to RFC5312 [1] which is a standization document of PMIPv6, in PMIPv6 domain, LMA and MAG are certificated entity and the signaling messages such as PBU and PBA exchanged between the mobile access gateway and the local mobility anchor are protected using IPsec and using the established security association between them. Signaling messages should be protected by ESP in transport mode with mandatory integrity protection but confidentiality protection is not required. Between the mobile access gateway and the local mobility anchor, IKEv2 is used to setup security associations for protecting the proxy binding update and proxy binding acknowledgment message. Any of the authentication schemes can be used for mutual authentication. But, RFC5213 describe that the mobile node is not involved in creating security associations
KSII The first International Conference on Internet (ICONI) 2009, December 2009
for protecting the signaling messages or sending binding updates. Then, they mentioned that sending a query to the policy store such as by using AAA infrastructure is possible to certificate the mobile node. Therefore, we need to protect the signaling message or sending binding updates and these vulnerable messages can be eavesdropped by an attacker. Then an attacker can use that information to penetrate PMIPv6 domain and modify the messages for malevolent purpose. 2.3 Security Threats in PMIPv6 It is divided into three sections by interface MN-MAG, MAG-LMA and LMA-CN, where CN is a corresponding node in out of PMIPv6 domain. In this section, we discuss about vulnerability of PMIPv6. In this paper, we focus on the section, between the mobile node and the mobile access gateway, of the vulnerability for the security analysis while the mobile node performs handover. In the MN-MAG section, the MAG should constantly monitor the mobile node’s movement and MN must be attached safely after the access authentication, the network ensures, the mobile using any of the address configuration mechanisms permitted by the network for that mobile nod. But, attackers intend to waste network resource by modify the binding update message to bring about the signaling and pretending as if the mobile node performs handover. Also, they eavesdrop on the channel and redirection packets to where they want.
175
subnet, the mobile access gateway receives a request message (MN attach in Fig.2) to attach the mobile access gateway from the mobile node. Then, the mobile access gateway require to do the process of the access authentication ,sending AAA query to Policy Server (PS), but the mobile access gateway cannot know that the mobile node already have registered for other neighbor mobile access gateway and whether the certificated mobile node really move or not. 2.4 Mobility Support of 6LoWPAN in PMIPv6 It is a difficult task using advanced protocol like the mobile IPv6 to support mobility of a 6LoWPAN mobile node. Because of restriction of sensor node’s resource. But, note that, mobility of sensor network is significant research theme. In [4], they design mobility support scheme for 6LoWPAN sensor nodes. A PAN coordinator cannot recognize the mobile node’s movements. In this case, that paper suppose it is impossible to apply the proxy mobile IPv6 to 6LoWPAN. To overcome, they propose expanded messages structure for mobility support to notify movement of a mobile node to the PAN coordinator. Fig.3 describes the process and messages.
Fig.3 Inter-PAN Mobility Support
Fig.2 Handover process in PMIPv6 Fig.2 shows the handover process in PMIPv6 domain. When the mobile node moves to other
In short, PMIPv6 protocol is designed for mobility support of a mobile node independently of the host. But, the proxy mobile IPv6 faces some problems that handover latency, packets ordering problem and vulnerability of security [9, 11] during a handover. Therefore, in this paper, we propose secure handover scheme and expand the scheme into 6LoWPAN mobility support in PMIPv6 without
176
Na et al.: Secure 6LoWPAN Mobility Support Scheme Employing PMIPv6
modifying messages of 6LoWPAN and keeping up features of sensor network.
3. PROPOSED SCHEME Note that, we focus on the mobile access gateway in PMIPv6 manage the mobile node by the mobile node ID (MN-ID), in addition all nodes in sensor network have a unique ID as address. For this reason, the mobile sensor node of 6LoWPAN has similar features to the mobile nod in PMIPv6 domain. Also, they have vulnerability of security by masquerade attacks like Sybil attack in sensor network. First, we describe a 6LoWPAN network in PMIPv6 domain. 3.1 6LoWPAN in PMIPv6 Domain Fig.4 shows an organization of 6LoWPAN network in PMIPv6 domain. We assume that PMIPv6 domain and 6LoWPAN network have independent authentication mechanism. In Fig.4, 6lw_MAG is a general mobile access gateway but we call 6lw_MAG as a matter of convenience. The 6LoWPAN is cluster-based sensor network and each cluster head (CH) gather all sensing data in cluster and send the data to the 6lw_MAG. 6lw_MAG makes a table of sensor node list as the mobile access gateway has a MN-ID list for serving network in PMIPv6 protocol. According to the RFC5312, LMA can trust MAG by using mutual authentication but, the specific authentication scheme is not included in this paper. The specific of a secure handover scheme in PMIPv6 domain is noted in section 3.2 and then we present expanded 6LoWPAN mobility in section 3.3.
Fig. 4 6LoWPAN Network in PMIPv6 Domain
3.2 6LoWPAN Mobility Support in PMIPv6 3.2.1 Initial attachment of 6LoWPAN Mobile Node
Fig.5 6LoWPAN Mobile Node Registration We already have proposed ID-based authentication scheme for wireless sensor network [12]. As mentioned in previous work, when a sensor node moves other cluster, it should be authenticated by a new cluster head (nCH) using temporal information received from a previous cluster head (pCH). So, whenever new nodes join the cluster, CH updates own cluster’s trust member node list. We present 6LoWPAN mobility has precondition that sensor network have authentication scheme for a mobile node and a cluster head has a member node list. In this paper, we do not mention specific authentication scheme, but authentication for a 6LoWPAN node must be done by 6LoWPAN using any mechanisms [12, 13, and 14]. After authentication in 6LoWPAN, the certificated CH sends update message to the 6lw_MAG and a PS in PMIPv6 creates the mobile sensor node’s profile. The registration process is showed in Fig. 5 and details are as follows: a. A mobile node performs handover to other cluster. b. A mobile node is authenticated by the nCH. c. The nCH updates his member node list and sends update message to 6lw_MAG. d. A 6lw_MAG gets mobile node’s profile from the PS. e. A 6lw_MAG sends binding update message to LMA. f. Setup a Tunnel and communication using the Tunnel. The network entities in PMIPv6 have no part in any process of 6LoWPAN but, 6lw_MAG is able to support the 6LoWPAN mobility by using
KSII The first International Conference on Internet (ICONI) 2009, December 2009
same process in PMIPv6. 3.2.2 Handover scheme for 6LoWPAN Mobile Node The detail processes in Fig.6 a. While a mobile node move to other cluster, the mobile node notify to the pCH. b. The pCH updates node list and the mobile requests authentication to the nCH. c. The 6lw_MAG notify mobile node’s movement to the LMA (PBU and PBA). ①
d. The 6lw_MAG creates timer t and wait for nCH’s update message. ② e. After authentication, the nCH updates node list. ③ f. Binding Update (PBU/PBA). g. Setup a Tunnel and communicate using the Tunnel.
Fig.6 Hand-over Support for 6lw_MN The LMA is possible to check security of the handover message using the step ①~③ and if the needs are not satisfied, then the 6lw_MAG in PMIPv6 removes the mobile node profile then request to update node list to the cluster heads and the PS. 3.3 Security Analysis During a handover, the mobile access gateway don’t know whether the certificated mobile node really move or not and can’t be assured of the signaling is from a certificated mobile node. The attack scenario is as follow(Fig.4): Scenario: A 6lw_MN is in the cluster1, but an attacker in cluster2 masquerade as the certificated 6lw_MN and tries to attach to the 6lw_MAG of cluster2. 6lw_MAG do not know
177
he is an attacker and sends AAA query to the PS. If an attacker has right information, he would get the session of MN. In above scenario, supporting handover of 6lw_MN requires two things. The first is an authentication process in 6LoWPAN independently of PMIPv6 domain. Compare with PMIPv6, the MAG manages the MN by MN-ID and authentication of the MN is a precondition. That’s why the 6lw_MAG need not to have part in authentication process of 6lw_MN. Second, in the view of 6lw_MAGs, the confidentiality of the signaling for handover is ensured by security mechanism. Because the MN’s signaling is not protected until the MN is cerificated. The authentication of the 6lw_MN is irrelevancy to the subject in this paper. As mentioned, we can use any authentication mechanism. Then, we proposed the 3 steps (①~③ in 3.2.2 section) for checking the signaling from the 6lw_MN. Until the timer t finish, if the 6lw_MN does not receive message from the 6lw_MN, the 6lw_MAG remove the 6lw_MN-ID on the serving list and notifies to the CH. Then the 6lw_MN need to be cetificated again in 6LoWPAN. All process must be satisfied while the 6lw_MN is moving to another sub network. Using the proposed scheme helps to filter out the trying of attackers.
4. Conclusion In the USN environment, mobility support is an indispensable condition where USN is an integrated network with various infrastructures. Therefore, we propose mobility support scheme employing PMIPv6 for 6LoWPAN mobile node. Beside, our scheme can check whether the mobile node is certificated or not for secure mobility support by the process(①~③ in Fig.6) We will polish our scheme and enpand to more specific authentication mechanism. And we will analized not only the performance , but also security by using simulation like ns2 in future works.
References [1] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., Patil, B.: Proxy Mobile IPv6, RFC 5213
178
Na et al.: Secure 6LoWPAN Mobility Support Scheme Employing PMIPv6
[2] Lee, J.-H., Chung, T.-M., Gundavelli, S.: “A Comparative Signaling Cost Analysis of Hierarchical Mobile IPv6 and Proxy Mobile IPv6.” In: Proceedings of IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC 2008) (September 2008) [3] Sungkuen Lee, Youchan Jeon, Taehyoung Lim, Jinwoo Park, "An Enhanced Handoff Support Based on Network-based Mobility Management Protocol," The journal of Korea Information and Communications Society, vol.34 No.1, pp.1-9, 2009. 1 [4] JinHo Kim, HyeChan Lee, ChoongSeon Hong, “A Mechanism for Supporting 6LoWPAN Node Mobility based on Proxy Mobile IPv6”, the proceeding of The Korean Institute of Information Scientists and Engineers, pp. 470~475, vol.35, No.1, 2008. 6 [5] Ju-Eun Kang, Dong-Won Kum, Yang Li, You-Ze Cho, “Seamless Handover Scheme for Proxy Mobile IPv6”, IEEE International Conference on Wireless & Mobile Computing, Networking & Communication, pp.410~414, 2008 [6] HyunGon Kim, ByeongKyun Oh, “Secure and Low Latency Handoff Scheme for Proxy Mobile IPv6”, Proceedings of the International Conference on Mobile Technology, Applications, and Systems, 2008 [7] Seung-il Hyeon, Youn-Hee Han, Ki-Sik Kong, Myung-Ki Shin, Sangjin Jeong, "Handover performance Evaluation for proxy mobile IPv6", Conference Proceeding, Korea Institute of Information Scientists and Engineers, vol. 34, No. 2(D), pp 317~322. 2007. [8] Soo-Duek Kim, Jong-Hyouk Lee, Tai-Myoung Chung, “Secure Fast Handover Scheme of Proxy Mobile IPv6”, Conference Proceeding, Korea Society For Internet Information, pp. 17~20, 2009.5
[9] C. Vogt, J. Kempf, "Security Threats to Network-Based Localized Mobility Management (NetLMM, "IETF RFC4832, April 2007. [10] Jianfeng Guan, HuaChun Zhou, Weisi Xiao Zhiwei Yan, Yajuan Qin, Hongke Zhang, “Implementation and analysis of network-based mobility management protocol in WLAN environments”, Proceedings of the International Conference on Mobile Technology, Applications, and Systems, 2008 [11] HyunGon Kim, JaeHyeon Seo, ByeongKyun Oh, TaeNam Ahn, JinHyung Kim, “Security Threats Analysis for Network-based Mobile IPv6”, The journal of THE INSTITUTE OF ELECTRONICS ENGINEERS OF KOREA, pp. 137~147, 2007. 10 [12] Sang-Ho Na, Kyu-Jin Kim, Mohammad Mehedi Hassan, Eui-Nam Huh, “Identity-Based Secure Protocol Scheme for Wireless Sensor Network”, International Conference on Computer Sciences and Convergence Information Technology, 2009. 11 [13] Nahar Sultana, Ki-moon Choi, Eui-nam Huh, "Mobility Support Secure Coverage Protocol for Monitoring Applications Using Wireless Sensor Networks," Computational Science and its Applications, International Conference, pp. 174~183, 2008 International Conference on Computational Sciences and Its Applications, 2008. [14] Kil-Woong Jang and Byung-Soon Kim, “A Balanced Deployment Algorithm for Mobile Sensor Networks”, Computational Science and Its Applications - ICCSA 2006, pp.671~680, 2006. 5