Working mechanism and security of Mobile IPv6 technology

We have briefly introduced the composition of Mobile IPv6 technology, including its structure and related architecture. Now we will give an explanation of the working principles and security issues of Mobile IPv6 technology. In terms of its working principles, most of them follow the specifications of the IPv6 protocol.

How mobile IPv6 works

A mobile node always wants to address the node through its home address, regardless of whether the node is connected to the home link. Therefore, we analyze the basic working principles of Mobile IPv6 in two situations.

When a mobile node is connected to a home link

When a mobile node is in its hometown, data packets sent to the home address are routed to the home link of the mobile node using the traditional Internet routing mechanism, it works in the same way as any fixed host or router.

When a mobile node leaves the home link and connects to a remote link

When a mobile node is moved to another location, the process is as follows.

A. Use the automatic address configuration method defined by mobile IPv6 technology to obtain the forwarding address on the overseas link.

B. the mobile node notifies the home site proxy of its forwarding address. The ing between the forwarding address and the home address of a mobile node is called "binding ". A mobile node notifies its forwarding address to the home site proxy HA in the hometown network by binding the registration process ).

C. If the operation security can be ensured, the mobile node also notifies several peer nodes of its forwarding address.

D. the data packets sent from the peer node of the forwarding address of the mobile node are routed to the local network of the mobile node, just like those sent from the mobile IPv4 address, from there, the home site proxy will send them through the tunnel to the transfer address of the mobile node.

E. the packet sent from the peer node that knows the forwarding address of a mobile node can be sent directly to the mobile node using the mobile IPv6 technology. The Routing Header uses the forwarding address of the mobile node as an intermediate destination address.

F. In the opposite direction, data packets sent from a mobile node are directly routed to their destination using a special mechanism. However, when entry Direction Filtering exists, the mobile node can send the data packet to the hometown proxy through a tunnel. The source address of the tunnel is the transfer address of the mobile node.

Security of Mobile IPv6

Mobile IPv6 provides many security features. The protection includes binding update protection to home proxies and end nodes, mobile prefix discovery protection, and data packet transmission mechanism used by mobile IPv6 technology. However, Mobile IP addresses must face the security threats inherent in all wireless networks. In addition, the Mobile IPv6 protocol defines the Signaling Mechanism between a mobile node, a hometown proxy, and a peer node. In addition, it realizes triangular routing optimization and introduces new security threats. Currently, mobile IPv6 may suffer from denial-of-service attacks, replay attacks, and information theft attacks.

For replay attacks, mobile IPv6 adds a serial number to the registration message and introduces a time random number Nonce in the protocol message ). The home site proxy and peer node can determine whether the registered message is a replay attack by comparing the two registered message serial numbers and combining the Nonce hash value. If the message serial number does not match, or the Nonce hash value is incorrect, it is visible as an expired registration message and will not be processed.

An IPsec Security Alliance can be established between a mobile node and a local proxy to protect signaling messages and business traffic. Because the ownership address of the mobile node and the home proxy are known, you can configure security alliances for the mobile node and home proxy in advance, and then use IPsec AH and ESP to establish a security tunnel, provides data source authentication, integrity check, data encryption, and replay attack protection.

The Mobile IPv6 technology defines the round-trip routing process RRP, Return Route ability Procedure ). The management key is bound to implement control signaling protection between the mobile node and the peer node.