Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks

The coupling of mobility and quality-of-service with security is a challenge that should be addressed in future wireless overlay systems. The mobility of a node can disrupt or even intermittently disconnect an ongoing real-time session because a secure handover must be performed to ensure continuous connectivity. The duration of the such interruptions is called disruption time or handover delay and can heavily affect the user satisfaction. The handover procedure needs to protect its integrity and confidentiality-otherwise, the packets may be rerouted to a malicious node and the legitimate handover may not be performed. The security procedure to ensure this should not lengthen significantly the handover delay to provide good quality real-time services. In this paper, we focus on the network-layer mobility, specifically, on Mobile Internet protocol version 6 (MIPv6) since it is the natural candidate for providing such mobility in future systems. To solve the problem of on-path attackers and prevent leakage of secrets, we propose a security architecture for MIPv6 based on leakage resilient-authenticated key establishment (LR-AKE) protocol and its cooperation with public key infrastructure. The proposed architecture prevents against on-path attackers which was not addressed in the specifications of MIPv6, and also provides robustness against leakage of secret values. Using analytical models, we evaluate MIPv6 handover delay for real-time services. We identify the crucial factors affecting the handover delay among transmission delays of MIPv6, security and LR-AKE messages, queueing delays and en/decryption delays.     

Vertical handoffs in wireless overlay networks

No single wireless network technology simultaneously provides a low latency, high bandwidth, wide area data service to a large number of mobile users. Wireless Overlay Networks - a hierarchical structure of room-size, building-size, and wide area data networks - solve the problem of providing network connectivity to a large number of mobile users in an efficient and scalable way. The specific topology of cells and the wide variety of network technologies that comprise wireless overlay networks present new problems that have not been encountered in previous cellular handoff systems. We have implemented a vertical handoff system that allows users to roam between cells in wireless overlay networks. Our goal is to provide a user with the best possible connectivity for as long as possible with a minimum of disruption during handoff. Results of our initial implementation show that the handoff latency is bounded by the discovery time, the amount of time before the mobile host discovers that it has moved into or out of a new wireless overlay. This discovery time is measured in seconds: large enough to disrupt reliable transport protocols such as TCP and introduce significant disruptions in continuous multimedia transmission. To efficiently support applications that cannot tolerate these disruptions, we present enhancements to the basic scheme that significantly reduce the discovery time without assuming any knowledge about specific channel characteristics. For handoffs between room-size and building-size overlays, these enhancements lead to a best-case handoff latency of approximately 170 ms with a 1.5% overhead in terms of network resources. For handoffs between building-size and wide-area data networks, the best-case handoff latency is approximately 800 ms with a similarly low overhead. This revised version was published online in June 2006 with corrections to the Cover Date.     

A flexible overlay architecture for mobile IPv6 multicast

The Internet has evolved from a wired infrastructure to a hybrid of wired and wireless domains. As network access is now provided with much of the last mile being a wireless mobile environment, delivering rich multimedia to users is now a necessity. However, despite the advent of new technology and standards such as Mobile Internet protocol version 6 (MIPv6), there is still an important dilemma over the choice of systems that either achieve high levels of performance or offer easier deployment. The very deployment of IPv6 is delayed for this reason; network providers continue to use legacy systems. The goal of this paper then is to offer insight into this issue by examining the case of data streaming to MIPv6 users through the use of multicast. By specifically considering the debate over network and application layer multicast, we examine a spectrum of possible alternatives and evaluate the potential of enhancing the functionality of access routers. The result is an overlay architecture that can bring the desired balance between deployment complexity and performance.     

Behavior-based mobility prediction for seamless handoffs in mobile wireless networks

The field of wireless networking has received unprecedented attention from the research community during the last decade due to its great potential to create new horizons for communicating beyond the Internet. Wireless LANs (WLANs) based on the IEEE 802.11 standard have become prevalent in public as well as residential areas, and their importance as an enabling technology will continue to grow for future pervasive computing applications. However, as their scale and complexity continue to grow, reducing handoff latency is particularly important. This paper presents the Behavior-based Mobility Prediction scheme to eliminate the scanning overhead incurred in IEEE 802.11 networks. This is achieved by considering not only location information but also group, time-of-day, and duration characteristics of mobile users. This captures short-term and periodic behavior of mobile users to provide accurate next-cell predictions. Our simulation study of a campus network and a municipal wireless network shows that the proposed method improves the next-cell prediction accuracy by 23~43% compared to location-only based schemes and reduces the average handoff delay down to 24~25 ms.     

Modeling and efficient handling of handoffs in integrated wireless mobile networks

We propose and analyze two handoff schemes without and with preemptive priority procedures for integrated wireless mobile networks. We categorize the service calls into four different types, namely, originating voice calls, originating data calls, voice handoff request calls, and data handoff request calls and we assume two separate queues for two handoff services. A number of channels in each cell are reserved exclusively for handoff request calls. Out of these channels, few are reserved exclusively for voice handoff request calls. The remaining channels are shared by both originating and handoff request calls. In the preemptive priority scheme, higher priority is given to voice handoff request calls over data handoff request calls and can preempt data service to the queue if, upon arrival, a voice handoff request finds no free channels. We model the system by a three-dimensional Markov chain and compute the system performance in terms of blocking probability of originating calls, forced termination probability of voice handoff request calls, and average transmission delay of data calls. It is observed that forced termination probability of voice handoff request calls can be decreased by increasing the number of reserved channels. On the other hand, as a data handoff request can be transferred from a queue of one base station to another, there is no packet loss of data handoff except for a negligibly small blocking probability.     

移动Ad Hoc网络基于IPv6的Internet接入技术研究

针对实现移动用户无线上网的需求，通过对移动AdHoc网络的体系结构和路由技术的研究，以及对移动IPv6协议的工作原理及其与IPv4特性的比较分析，提出了AdHoc网络基于IPv6的Intemet接入方法，并对其地址自动配置、路由发现、网关发现、协议转换和分组转换等关键技术进行了分析，同时针对这两种技术相结合存在的广播和多跳问题提出了改进方法，并对今后的工作进行了展望。     

A secure fast handover scheme based on AAA protocol in mobile IPv6 networks

In order to reduce the cost and decrease the delay caused by combining the AAA function while guaranteeing the fast handover performance, we bring out an enhanced secure fast handover scheme. Our research focuses on improving the security and reducing the delay during the handover process of mobile IPv6, the most important thing is to minimize the authentication latency in AAA processing. According to the scheme referred above, the performance evaluation is analyzed in terms of pedestrian and vehicle, and the results of simulation show that the proposed mechanism reduces the handoff and authentication latency evidently compared to the previous simple traditional combination modeling.     

移动IPv6网络的层次AAA方案研究

针对AAA和移动IPv6的融合问题，从整体结构、基础设施部署及性能问题开展研究，提出了新的解决方案，包括优化的层次AAA结构，引入了新实体RAAAS，合理部署AAA与移动基础设施使两者协同工作，并利用建立短期外地安全关联和上下文转移技术提高系统性能。对比IETF提出的方案，本方案具有高的安全性和好的性能。     

Monitoring emerging IPv6 wireless access networks

Foreseeing a future where IPv6 and mobile terminals play an important role in public access communication networks, this article introduces a monitoring system capable of identifying relevant traffic flows and tracking them while terminal equipment moves between network attachment points. The mobile flows are characterized and represented so that individual users and flows can perceive the quality of service they receive, and operators can have global traffic views of their heterogeneous access networks.     

关于移动IPv6技术的研究与探索

IPv6技术支持的128位大地址空间不但能彻底解决移动IPv4地址枯竭的问题,而且比目前的移动IPv4有着更大的优越性和更为完善的设计理念,它的出现使移动通信有了更加广阔的发展空间,但该技术目前仍处于理论研究和实践探索阶段,原因是移动IPv6技术还有很多实际问题有待解决.     

Handover management for mobile nodes in IPv6 networks

We analyze IPv6 handover over wireless LAN. Mobile IPv6 is designed to manage mobile nodes' movements between wireless IPv6 networks. Nevertheless, the active communications of a mobile node are interrupted until the handover completes. Therefore, several extensions to Mobile IPv6 have been proposed to reduce the handover latency and the number of lost packets. We describe two of them, hierarchical Mobile IPv6, which manages local movements into a domain, and fast handover protocol, which allows the use of layer 2 triggers to anticipate the handover. We expose the specific handover algorithms proposed by all these methods. We also evaluate the handover latency over IEEE 802.11b wireless LAN. We compare the layer 2 and layer 3 handover latency in the Mobile IPv6 case in order to show the saving of time expected by using anticipation. We conclude by showing how to adapt the IEEE 802.11b control frames to set up such anticipation.     

Research on IPv6 address configuration for wireless sensor networks

The paper proposes an IPv6 address configuration scheme for wireless sensor networks. In the scheme, one wireless sensor network is divided into multiple clusters and the scheme creates the IPv6 address formats for the cluster heads and the cluster members respectively. Based on the proposed IPv6 address format, the scheme proposes to adopt the division method of the hash function to allocate the IPv6 addresses for the cluster heads and cluster members and to utilize linear probing to deal with assigned address collision. From the perspectives of duplicate address detection cost, address configuration cost and address configuration delay time, the paper analyzes and compares the performances of Strong DAD, MANETConf and the proposed scheme. Analytical results demonstrate the effectiveness and efficiency of the proposed scheme. Copyright © 2010 John Wiley & Sons, Ltd.     

An IPv6 address configuration scheme for wireless sensor networks based on location information

The paper proposes an IPv6 address configuration scheme for wireless sensor networks based on sensor nodes’ location information. The scheme divides WSN into multiple clusters based on sensor nodes’ location information and proposes the IPv6 address structure for sensor nodes based on their location information. In the scheme, a cluster head combines the stateless configuration strategy and the stateful configuration strategy to assign the IPv6 addresses for the cluster members in the same cluster. In the stateless configuration strategy, a cluster head employs the hash division method to configure the IPv6 addresses for the cluster members and utilizes the linear probing method to solve the address collision, and the DAD for the IPv6 addresses assigned for the cluster members is only performed within the cluster where the cluster members locate. In addition, the IPv6 address configuration for the cluster members in the different clusters can be performed simultaneously, so the IPv6 address configuration delay time is shortened and the IPv6 address configuration cost is reduced. The paper analyzes the performance parameters of the proposed scheme, Strong DAD and MANETConf, including DAD cost, address configuration cost and address configuration delay time, and the analytical results show that the performance of the proposed scheme is better than Strong DAD and MANETConf.     

无线传感器网络上轻量化的IPv6协议栈

传感器网络集成了传感器、微机电系统和网络三大技术是当今的热门研究领域之一,在农业领域控制、城市管理、环境监测等领域有重要的实用价值,具有十分广泛的应用前景。IPv6作为下一代IP协议正在逐步替代IPv4。无线传感器网络和IPv6的结合是当前研究的热点。本文基于轻量化IPv6协议栈为目的,通过分析IPv6报文以及无线传感器网络的特点,采用理论分析合理地提出了WSN中IPv6协议栈核心功能的剪裁方案。在试验中使用压缩的IPv6地址进行通信,得出一种适应于无线传感器网络运行的IPv6协议剪裁方案。     

Mobility management for all-IP mobile networks: mobile IPv6 vs. proxy mobile IPv6 [architectures and protocols for mobility management in all-IP mobile networks]

Recently, a network-based mobility management protocol called Proxy Mobile IPv6 (PMIPv6) is being actively standardized by the IETF NETLMM working group, and is starting to attract considerable attention among the telecommunication and Internet communities. Unlike the various existing protocols for IP mobility management such as Mobile IPv6 (MIPv6), which are host-based approaches, a network-based approach such as PMIPv6 has salient features and is expected to expedite the real deployment of IP mobility management. In this article, starting by showing the validity of a network-based approach, we present qualitative and quantitative analyses of the representative host-based and network-based mobility management approaches (i.e., MIPv6 and PMIPv6), which highlight the main desirable features and key strengths of PMIPv6. Furthermore, a comprehensive comparison among the various existing well-known mobility support protocols is investigated. Although the development of PMIPv6 is at an early stage yet, it is strongly expected that PMIPv6 will be a promising candidate solution for realizing the next-generation all-IP mobile networks.     

NCOM: network coding based overlay multicast in wireless networks

Wireless Networks - The capacities of wireless networks are increasingly challenged by the traffic stresses generated by data-intensive applications. Multicast is a bandwidth-efficient solution to...     

A smart handover prediction system based on curve fitting model for Fast Mobile IPv6 in wireless networks

Seamless handover process is essential in order to provide efficient communication between mobile nodes in wireless local area networks. Despite the importance of a signal strength prediction model to provide seamless handovers, it is not embedded in standard mobility management protocols. In this article, we propose a smart handover prediction system based on curve fitting model to perform the handover (CHP) algorithm. The received signal strength indicator parameter, from scanning phase, is considered as an input to the CHP in order to provide a prediction technique for a mobile node to estimate the received signal strength value for the access points in the neighborhood and to select the best candidate access point from them in an intelligent way. We implemented the proposed approach and compared it with standard protocols and linear regression‐based handover prediction approach. Simulation results in complex wireless environments show that our CHP approach performs the best by predicting the received signal strength value with up to 800 ms in advance from real obtained value via scanning phase. Moreover, our CHP approach is the best in terms of layer 2 and overall handover latency, in comparison with standard protocols and linear regression approach, respectively. Copyright © 2012 John Wiley & Sons, Ltd.