Tuomas Aura and Michael Roe
Microsoft Research
United Kingdom
Jari Arkko
Ericsson
Finland
In the Mobile IPv6 protocol, the mobile node sends binding updates to its correspondents to inform them about its current location. It is well-known that the origin of this location information must be authenticated. This paper discusses several threats created by location management that go beyond unauthentic location data. In particular, the attacker can redirect data to bomb third parties and induce unnecessary authentication. We introduce and analyze protection mechanisms with focus on ones that work for all Internet nodes and do not need a PKI or other infrastructure. Our threat analysis and assessment of defense mechanisms formed the basis for the design of a secure location management protocol for Mobile IPv6. Many of the same threats should be considered when designing any location management mechanism for open networks.
Keywords: mobile security, Mobile IPv6, binding update authentication, denial of service