http://www.siemensjobcam.com/global-mobile-internet-services/
Secure authentication mechanism in the mobile version of Internet Protocol 6
Secure authentication mechanism for Internet Protocol version Mobile 6
Mojtaba Sadeghi, Hamid Reza Naji, Tawfik Zeki
Department of Computer Engineering
University Islamic Azad
Dubai, United Arab Emirates
June 2009
Summary
This paper presents a secure authentication method for mobile IPv6. By default IPsec is used to protect the signaling messages between the mobile node and other agents in mobile IPv6 networks. Mobile IPv6 message transactions include binding updates and messages of appreciation also. We propose a new mechanism to secure Mobile IPv6 signaling between mobile nodes and other agents. The proposed method consists of a message authentication mobile IPv6 management option and cookies that can be added to the existing protocols to ensure IPV6. We also research an architecture for integrating mobility authentication signaling. This architecture is implemented and evaluated. In Mobile IPv4 protocol and some authentication protocols for Mobile IPv6, there are some difficulties meet time requirements. Shows the latency can be reduced between the IPv6 mobile node, agent of the Interior and Correspondent Node to the creation of a cookie file maintenance identification of the mobile node.
1.Introduction
Security mechanism and a protocol depends on the reliability and the Internet routing infrastructure. The working protocol between the mobile nodes and any node on the Internet that have no connection or relative to past, and we also assume that there is no specific global security infrastructure. When Mobile IPv6 was developed the technology incorporated made it possible for users to change their points of connection to the Internet while still using the same IP connection established earlier. But, authentication and authorization, which are very important functions in wireless networks, were not considered in the design and creation. Therefore, this paper investigates the integration of MIPv6 and authentication architectures and systems integration is also developed. The mechanism described in this document is a simplified version of the current Mobile IPv6 protocol. We focus on mandatory update messages sent by the mobile node to its correspondents. The authentication service is in fact more important protection and services inspection in wireless networks. Safe design of mobile networks is a critical stage of development and the establishment of a system network infrastructure. While a wireless system provides the economic, convenience and efficiency, must also be protected to prevent an attack from theft and damage data and information. A safe and secure wireless network can ensure that your data transmissions are not intercepted, abuse, misuse by third parties unknown. Without wireless security networks are vulnerable to many types of problems, including:
"Information theft
Corruption or modification illegal data
"Interception of interaction, transaction and communication
Executives abuse-data networks and resources
The establishment of a secure wireless network and average professional implementation of a framework of authentication, encryption and key management protocols [1]. We focus authentication with IPV6 in this document. As a description, authentication is a process of verifying that a device or user that is trying to access the network Wireless should be allowed on the network. Encryption and key management is the processes and techniques become more complex and control data to a user authorized or device that receives data can not use it.
2. IPv6 Review
Based on concerns recently by the lack of Internet addresses and the desire to provide greater functionality for modern mobile devices, an upgrade from the old version and current Internet Protocol (IP), called IPv4, is established. This new version, called IP version 6 (IPv6), resolves the weaknesses of IPv4 design issues and made Internet revolution in recent years. The length of the IPv6 addresses are 128 bits. The first 64 bits are used for the prefix link. What is assigned to each link and is advertised through routers on that link. The second 64 bit address belongs to the interface identifier. There are different areas of IPv6 addresses networks. The different fields of application can be diagnostic patterns observed some of the prefix bits of the address.
We call the IPv6 most important areas as follows:
– Local connection: An address with a link-local scope can only be used to communicate link within the node. Packages with the directions of this link is not
taken out of the link. The first 64 bits of this address is fixed and you like this: 1111111010 0. . – Local Site
The first 10 bits 54 bits Procedure. link-local addresses are as unique addresses within a site. The size of a site is defined by the site administrator. It may be a small home network with two or three customers, or even a university network with nodes of hundreds of people. The first 64-bit site-local addresses appear below: 1,111,111,011 0. . . – Subnet ID
The 16 subnet bits are used to differentiate the sites and the first 10 bits 38 Procedure bits last 16 bits. Protocol transitions are not easy and the transition from IPv4 to IPv6 is no exception. Protocol transitions are usually employed by the facility and configuring the new protocol on all nodes in the network and verify that all nodes and router operations work properly. While this may be possible in a SME organization, the challenge of making a quick transition protocol in a large organization is difficult. Moreover, given the scope of the Internet, the rapid transition from IPv4 to IPv6 protocol is a question impossible. IPv6 designers recognize that the transition from IPv4 to IPv6 will take years and could be organizations or hosts within organizations that continue to use IPv4 indefinitely [1]. IPv6 solves the network address protocol limitations By replacing the current IPv4 addresses IPv4 32-bit 128-bit addresses. The various elements were considered in the design of IPv6. One of this consideration is anticipating future market needs. We can guess that the future of Internet markets would be based on improved security, high performance, and mobility [7]. Another area of success of IPv6 design is the way of the transition from IPv4 Internet. This kind of transition means with different software, hardware, protocol and problems infrastructure. Fortunately, IPv6 has been developed to work with the IPv4 network protocol as well. By creating a tunnel IPv6 packets to transfer or the creation of a tunnel for the transfer of other protocol packets, IPv6 support without fundamental changes. When a mobile node is far from home agent he is, he sends information about its current location to the principal agent. Any node that is to initiate interaction and communication with a mobile node uses the source address of the mobile node for this communication and the sending of parcels. The home agent intercepts these packets and tunnels using packets to the mobile node management attention. In fact using the Mobile IPv6 network management attention. However, support for route optimization for direct connection between the mobile node and correspondent node, the correspondent node using IPv6 encapsulation IP header. Mobile IPv6 technology allows a mobile node moving within the Internet infrastructure, without losing an established connection of age. This means for one mobile node to be reachable at any time by a Correspondent Node must have an address that does not change. In fact, this address belongs to the subnet of the home network. In Mobile IPv6 this address is called address your home or Hoa. If the mobile node will be available on your home network, all the packages you want to get there, you can reach through the usual form of routing. In this situation, the principal agent is topologically correct for the mobile node. But if the mobile node moves to another subnet, you must update addresses a care topologically this address belongs to the new network. From now on Mobile Node is not accessible through its HoA as well. Home Agent is responsible for receiving all packets destined to the mobile node, mobile every time is in another node in the visited network. Whenever the master agent receives a packet that would establish a tunnel the mobile node's current care of the management. This shows that the mobile node must update its Home Agent about your current address regular care. It means Home Agent will send any packet destined to the mobile node's home address, to its current Care visited network addresses. These packets are sent through a tunnel to the Mobile Node. It should be noted that the tunnel is initiated from the Chief Agent and end at the mobile node. Mobile IPv6 operates as transparent the upper layers and applications. Whenever the mobile node wants to send a packet to the Correspondent Node can be sent directly to the address is.
3. Mobile IPv6 Security
3.1. Data encryption and authentication protocol
A solution for ensuring that unauthorized users or systems that do not have access to your wireless network and mobile is to encrypt your data and files. The famous and basic encryption method, WEP (Wired Equivalent Privacy), unfortunately was completely weak and transient. WEP key technology works in a shared or password to prevent unauthorized access. Anyone find the WEP key or password even stronger and misuse can join the wireless network. There is no mechanism or technique for automatically changing the WEP key, and some tools that may have occurred very quickly crack WEP key, even less than 60 seconds! This means not have much time for an attacker to access a WEP-encrypted key wireless networking. We can say the procedure RADIUS server is receiving requests the end user, then user authentication, and finally, provide the NAS, plus all the information so it can deliver its services. This protocol Authentication provides a centralized security system for controlling access to network resources. Lightweight Directory Access Protocol or another protocol called LDAP authentication which defines organized and accessed information. Since we know that an authentication protocol is a set of rules for communication between server and clients. Through LDAP implementation, the network administrator can control which users and customers easier with centralized and secure user information [12]. There are other authentication mechanisms for mobile customers, the combination of RADIUS, EAP, and LDAP is the most common and available on its use in business today. Each component has associated open source software is freely available for network administrators to download, configure and use. Thus, with the hardware, the installation of an authentication system is inexpensive [15].
3.2. Kidnapping and theft of IPv6 networks mobile
The first difficulty of IP networks is that it is difficult to know where the information actually comes from. An attack called IP spoofing is used of this weakness. Since the IP source address of a packet has no influence on the delivery capacity, which can be changed easily. The attack – called spoofing – makes a packet coming from a machine seem to come from somewhere else entirely. It is obvious that the IP address is not reliable based at all, because everyone can claim him is the owner of this IP address. Even after the authentication step, with everything that is not secure against session hijacking. This means that after identification of a person, we can not sure it will be the same person for the rest of that session. That's why all sources of data are authenticated during transmission. However, most LAN networks of networks in the world are based on Ethernet or wirelessly. This type of network are usually cheap, available worldwide, easily understood and rapidly expanding. But doing that spying is easy in these networks, since any node can read all the packets transmitted through the LAN. Formally, each network card only listens and responds to the packets that belong to it specifically, but it is difficult to ask these devices listen to all packets during transmission cables. The first recommendation for all IP mobile networks is to use encryption and data authentication. But there are still problems with that. We consider all encryption keys are exchanged during parties communicating. As a rule, the encryption keys used for encryption algorithms to encrypt and decrypt data.
3.3. Mobile node and MAC address authentication
A care ordered of management is a management attention that obtained by the mobile node as a local IP address. This IP address dynamically acquire, can be through a DHCP server or through a foreign agent. After assigning a routable IP address to MN, the mobile node is now able to establish and communicate directly with its home agent, foreign agent neglected. By implementing this method, mobility has decapsulation. Sometimes mobile node uses the mobile Node ID option to communicate and allow the master agent to start using the available authentication infrastructure. One more step difficult for an attacker is to find the MAC address of wireless LAN [7]. Many of the systems and rely on a false MAC address as a router or an authorized wireless client. The attacker can launch denial of service attacks by passing the access control mechanisms in mobile telephony. MAC addresses have been used as single layer 2 network identifier in IPv6 mobile networks. As we know the MAC address is unique in the world for all network-based devices. Organizationally Unique Identifiers (OUI) assigned to all manufacturers of hardware products in particular the manufacturing network. In general, a MAC address client or a mobile node is used as an authentication parameter or a unique identifier to the security level of authentication. When an attacker changes MAC address to continue using the wireless card to the transport layer 2 intended effect, the transmission and reception from the same source MAC. All use protocol 802.11 network MAC addresses to be changed, with support from the manufacturer [6]. Linux users can change their MAC address with a command or C programming the program. But Windows users are able to change your MAC address, setting the properties of LAN card drivers. Should we worry that a attacker may choose to change the MAC address for different reasons [15]. The Mobile IPv6 protocol enables a mobile node to move from one network to another network without the need change your old address IPv6. Because a mobile node is always routable and directed by its home agent, which is the mobile node's IPv6 address. When a mobile Node is far from your home network, messages can be sent through the mobile node address home. Normally, the movement of a mobile node is completely invisible for transport and another layer protocols.
3.4. Mobile IPv6 Accounting
Mobile IPV6 accounting can be divided into four processes: measurement, pricing, charging and billing. In fact, the measurement must process would be to measure and collect resource use information that relates to a single customer "service. Also the pricing task would process of determining a cost per unit. Then the charging process to reconcile the price data to the use of resources for an amount of money we have called post. This charge has paid by the customer. And, of course, informs the process of billing customers about billing information [7]. In fact accounting in the mobile network: the act of keeping records for use by all users of the source. The primary objective would be invoiced for any user, but for security reasons is necessary to know each user login and logout time, web sites visited, the amount of loading and unloading, etc.
4. New Facility
4.1. Mobility message authentication with a cookie file
This section defines a new mechanism for message authentication mobility option that can be used to secure messages BU and Binding Recognition in Mobile IPv6 networks. This mechanism is capable of use with IPsec or preferably as a new mechanism to authenticate the mobile node in communication with the home agent or foreign agent to BU and Binding Acknowledgement messages when IPsec infrastructure we have in our network. The simulation is based Mobile IPv6 in the implementation of Mobile IPv6 in Network Simulator 2 (NS2). Overall implementation is based on place of residence, the correspondent node and mobile agents. In fact agent base station implements the base functionality of agent and foreign agent. This agent will create the area of broadcasting. This zone will be established in every second. Mobile IPV6 agent is the listing and registration with home agent and foreign agent based on the protocol. The waiting time of registration for mobile IPv6 protocol has been for one second. This means that every second record update will happen. For the simulation, we developed a simulation of the IPv6 mobile network, which considers the delay and payload. Also for the simulation of the authentication code in C + +-based agent will create a cookie file as a file identity. Based on our assumption the mobile node has registered with the agent before leaving home is a subnet. The mobile node as a personal computer has some specific details that can save a cookie to a file and then encrypt the file [10]. Top of agents should include this option in the BA if it received this option in the appropriate drive Business Home Agent and has a mobility security association shared-key basis on [Mobile Node 2].
4.2. Care of New Management and BU
After detecting a mobile node has moved the network, allowing access new CoA to the network, but you should inform your Home Agent with respect to the new location of the mobile node. Is a major concern in mobility that each time a mobile node lost its connection with your router for the last time until you inform your agent about home its new location, all messages sent will be lost and will not be able to send any package to any correspondent nodes. In reality, a mobile node registers its new care of address to its HA by sending a binding update message. Then the master agent does not give this update to address binding and recognition that time is able to tunnel packets to home address Mobile Node (HOA) to the mobile node to the new location. In the last step, the mobile node informs all nodes of your correspondent, your new location and can be achieved with this new care directions. What a half after being registered, the mobile node sends a BU to all NC to inform its new location. Indeed, there is an additional procedure to monitor the bus are sent to all CNS. This called Return Routability (RR) test.
4.3. WAP Infrastructure cookies
WAP protocol is a service element that sits between the Internet and mobile networks in the service layer. The layer includes services of different service enablers for mobile nodes and mobile applications. The WAP protocol functions as a secure tunnel from the mobile node to the service layer. All IP packets from a mobile node is transported through three layers of mobile networks: connectivity layer, control layer and service layer.
4.4. Design and Implementation
Mobile IPv6 authentication is based primarily on functions as a standard protocol IPv6 and IPv6 neighbor discovery, and [1]. Clearly, the latency can significantly impact over the next In IPv6 mobility components [13]:
• Movement detection time (DT): The time for the detection and establishment of mobile node, when moving to a new location. For example, the discovery of a new router.
• Care IPV6 configuration time address-(ta):
The time between the creation of movement and configuration of a globally routable IPv6 address. Duplicate address detection test is biased this time [2].
• Context settling time (tc): The time between the creation of a routable address and care setting state's proper context.
• Binding time of registration (tr): The time between sending a signal to the mandatory update principal agent of receiving a BU recognized.
• The route optimization time (a): The time elapsed since the registration of new addresses Attention to complete route optimization with correspondent nodes. This time includes the time of return routability procedure, if any, should be calculated before an upgrade union is sent by the mobile node to a correspondent node [8].
In fact, total setup delay mobile IPv6 (t) can be defined as sum of these latency times as follows:
Formula 1: TH = TD + tr + ta + tc + a
4.4.1. Time Motion Detection
The movement detection time (DT) is the sum of two separate latency: first Instead, link switching delay (TL2) which is the time delay with respect to the re-association of the sub-access point wireless network and the Second, management IPv6 link local configuration delay (TLL), which is the time between the first mobile node meets a new link by receiving advertising on their all neighboring nodes. This means that the time of motion detection can be defined as:
Formula 2: TD-I = + TL2
4.4.2. Caring for Time Setting Address
As mentioned on the setup time CoA (ta) is a point of departure time from the time of receipt of a Router Advertisement to the detection of duplicate addresses and updating the routing table complete. For IPv6 stateless address auto-configuration ta delays are included below:
Formula 3: TA = + + + TDAD TAddConf TPRE TRoutUpdt
Meanwhile TPRE is defined as:
Treaty seeking – TrtSol (if the router advertisement is requested)
TrtAdInterval / 2 (if cyclical ad router)
TAddConf is the real-time Mobile Node has to set the address, as well as to create a unique and routable IPv6 address worldwide. The time auto-address configuration state, such as DHCPv6 Care management can be defined as:
Formula 4: TAddConf TDHCPaddReq = + + TDHCPaddResp TRoutUpdat
TDHCPaddResp TDHCPaddReq fact and shall represent the delay caused by the state transmission configuration of a management position through a DHCP server in IPv6 mobile networks [9].
4.4.3. Care Management Time Record
Time attendance record of addresses or tr is defined as the transmission delay caused in the registration of the Mobile Service Directorate of the node with principal agent.
Formula 5: tr = RTMN-HA + + BUproc BAproc
5. Create code to perform authentication MPV6
On the File menu, select New and then click Project. Click Visual C + + under Project Types, and then we click Mobile Web Application under Templates.
"In the next step, add the following code to the Web.config file:
mode = "Forms"> <Authentication
loginUrl="login.aspx" <forms timeout="60" path="/">
credentials < passwordFormat = "Delete">
password = "password" /> User>
</ Credentials>
</ Shapes>
</> Authentication
<authorization>
<Deny Users = "?" />
</ Authorization>
To add a Mobile IPv6 Authentication Web Form that we must perform these steps:
First, click Add New Item from the Project menu and click Login.aspx Mobile Web Form and the latter type in the Name box.
We create the following controls in the controls section of Mobile IP
Tool Box: Close this tableExpand this table
Control Type
Control Name
Text Control
Label
Label1
User Name Type
TextBox
txtUserName
Label
Label2
Enter your password
TextBox
txtPassword
Command
cmdLogin
Sign in
Label
Error
Now you can click the Login page and open the code-behind.
Then you need to add the following code in the page:
private void cmdLogin_Clk (Obj sender, args event)
(
if (IsAuthenticated (txtUsername.Text, txtPassword.Text))
(
MobileIPAuthentication.RedirectFromLogin (txtPassword.Text, true);
)
more
(
Error.Text = "Check the credentials";
)
)
Private IsAuthenticated (String user, String password)
(/ / O call to the cookie file that was created for authentication /
if (FormsAuthentication.Authenticate (user, password))
(
return true;
)
more
(
return false;
)
)
We can add a Label control on the page, and change the text of the Label control to
"Mobile IPv6 authenticated!"
6. Delay calculation and analysis
6.1. Authentication Delay Calculation
In this section, calculate and analyze quantitatively the time of the different phases of the authentication on security and system performance Cookie authentication protocol based on IPsec identity and some hypotheses, which is the first step of the work to create a relationship between safety and quality of service [3]. Furthermore, the effect on the safety of mobility, authentication mechanism in the delay also affects the authentication, the cost, the number of message exchange, call drop and [etc 2]. Data encryption / decryption at each router contains several latencies of security operations. We believe a mobile network IPSec router at each take the same time. This lsec latency is evaluated with the following equation:
Formula 7: lsec Dpacket =
R
Spacket where is the data packet size (bits) and R is the router encryption / decryption processing capacity (in bit / s). In our Department 1Mbit/Sec I guess is normal as a router. The authentication delay time is defined as the time from when the mobile node sends an authentication application to the time when the mobile node receives the authentication response. The problem is during this period, the data can be transmitted, which can interrupt or even disconnect connections. Therefore, the call drop increases with increasing delay time authentication [2]. The labor cost is defined as authentication signal processing and cost for cryptography. The total number of messages from the mobile node, Node Foreign Principal and agent may be large if the distance between them is long [14]. Please note, the technique of mobility and trafficking mechanisms that authentication will often different scenarios, because the authentication will be initiated whenever a mobile node to establish a communication session.
Symbol
Description
TTR
Airtime Mobile Node
Your
Weather Update link
Ta
Recognition send / receive time
Ted
Encryption / Decryption Time
Tr
Registration Time
T
Authentication request service and waiting time
Th
Home Update Agent time
Table 1
Formula 8:
Tsum TU + TTR = Ted + + + Ta + Th Ts + Tr
6.2. Latency Analyze and our mechanism
Practice of Mobile IPv6 is likely to occur when you deploy a private network through the Internet. This means that this situation Foreign Agents may suggest that belongs to a subnet that another wants to offer mobility services. For any accounting and billing, the foreign agent must track the use of their services by mobile nodes. We simulate the authentication protocol Mobile IPv6 mode. Actually the main reason for the simulation is the representation with the cheapest authentication method of computation. A cookie based authentication is used between the mobile node and the Home Agent. The second partnership established between Foreign Agent and Home Agent. With the expansion of wireless security protocols and growth of internets, all networks are trying to securely extend their wireless networks in public infrastructure-structure is called a Virtual Private Network or VPN. Cookie authentication of identity functionality consists of two phases: In the first phase, the mobile node and home agent involved in the establishment of communication and the second phase, the agent home and foreign agent will contact you to send / receive the cookie file that belong to the mobile node IPv6. The main difference between these two phases is that Phase 1 will on the same subnet and, of course, is faster and easier to complete, but phase 2 should establish a communication between two different subnet. In phase 2 is recommended establish a tunnel for safety. The cookie file attributes that include MAC address, user name, password and may additional information defined by the encryption algorithm and authentication mechanism. Based on the assumption of maximum authentication message size would be 4096 bytes or 4 KB, the transmission delay 40 milliseconds is considered, and we assume 4 Mbps for our mobile network capacity. IP also setup latency is about 20ms Local Site and in different subnets this latency would be around 160-200 ms in the standard Cisco. On average 180 msec is considered.
Formula 9: IPconf-LATN-local = 20 ms,
Formula 10: IPconf-global LATN = 180 Msec
There is an additional factor must be considered. There are additional bytes for each packet of data sent to control errors and routing information. The actual numbers of these codes depends on packet size and protocol used in mobile networks. In general, a typical package Data received will be around 90% and 10% or a little part of overhead. In order to send 4096 bytes of data about 4506 bytes would actually to be transmitted.
In a router with 16 megabits / sec transfer rate equals 2MB/Sec. Our cookie file with 4506 byte would take time about 0.0023 seconds to send, if the DC source can send the file and also the receiver can process as fast and no lost packets to be forwarded. In 802.11X protocol the router are advertised every second. This implies, at best a mobile node may wait about 0 seconds and the worst may wait 1 second for advertising next to the router and join him. 0.5 Sec assume for all cases as expected average, each time a mobile node wants to find and order a router to join new subnet.
Formula 11: file size (Kbytes)
Time Taken = ——————————— + Router delay (Sec)
Speed bandwidth (KB / sec)
Action
In IPsec (Sec)
Cookie ID (Sec)
Result
1 Exchange
0
0
For the first research and Second
exchange of both are the same
2nd Exchange
(Formula 11) =
4506b
2,000,000 b / sec
+ 0.5 = 0.5023sec
0.5023
0.5023
Initial binding update (Formula 10) + Router Delay
0.6800
—
Update link is a necessity in IPsec
Reply to Update (Formula 10)
0.1800
—
Ask the Principal Agent (Delays router, 10)
0.5 +0.5 +0.18 = 1.1800
–
1.1800
In our mechanism concern MN HA
Sending cookie file of HA to CN (Formula 11) =
4506b
2,000,000 b / sec
+ 0.5 = 0.5023sec
–
0.5023
HA will send the cookie file created CN ID
Shipping / Receiving Recognition
Formula 11:
0.5 0.5 = 1 section
1.0000
–
In IPsec transaction Recognition should be updated
Encryption / decryption of tunnel
Formula7:
= = Lsec Dpacket
R
4065Byte = 0.0325Sec
125,000 bytes / sec
—
0.0325
should encrypt files and cookies
deciphered by security reasons
Care Management
Formula 9:
Msec IPconf-LATN-local = 20
0.0200
0.0200
Assign new IPv6 address to MN
HA Update
(Formula 11) =
4506b
2,000,000 b / sec
+ 0.5 = 0.5023sec
0.5023
0.0023
HA MIPv6 already had ID, but in full IPsec
information should be updated
Total Time (Formula 
2.8846 Sec 2.2394 Sec
Table 2: The computing time
Save time: 2.8846 to 2.2394 = 0.6452 Sec Efficiency in time savings: 22%
7. Conclusion
We have described authentication Secure Mobile IPv6 mechanism and used in the standard protocol such as IPSec. Techniques in mobile IP networks, some features are unconventional because everyone working protocols and without any global infrastructure to security challenges. The quantitative analysis and design of authentication Mobile IPv6 with respect to the IPSec create more problems about authentication in wireless networks IPV6. Total time on our course with IPSec 4KB width amd file 2MB/Sec band router is 2.8846 Sec But in our identification mechanism decreases 2.2394Sec Cookie. This means savings of time and efficiency 0.6452 Sec would .
Note that we consider latency for encryption / decryption through a tunnel from HA to CN, and obviously it takes time and cost our mechanism [11]. We believe without a security, any protocol and the mechanism of mobility in the infrastructure will not get a positive response. As a result shows the encryption / decryption time for the cookie file of identification is 0.0325 Sec, which this time will be higher for larger files. This time has been calculated and referred to the IPsec protocol, because although it is highly recommended for IPSec, but not a must [5]. The only downside to Cookie authentication mechanism could be the creation of cookie files to store authentication server. We ignore these small files, since as we mentioned the file size cookie is 4KB. Task schedule also can be configured for disk cleanup monthly, weekly or daily. You can delete these files from non-useful storage avoid confusion and conflict.
References:
[1] Song Li Wang, Mei, Jun-Song, an effective system of hierarchical authentication in mobile IPv6 networks, School of Electronic Engineering, the Journal of China Universities of Posts and Telecommunications. China, in October 2008.
[2 Blondie] C., O. Casals, Ll. Cerdà, N. Van den Wijngaert, G. Willems, P. De Cleyn, "Comparison of low-latency performance IP Mobile, Engineering Journal INRIA, Sophia Antipolis, pp., March 2008.
[3] Zhou Huachun?, †, and Qin Zhang Hongke Yaju, an authentication method Proxy Mobile IPv6 and performance analysis of the Institute of Electronic Information Engineering, Beijing Jiaotong University, September 2008
[4 Calhoun] P. T. Johansson, C. Perkins, T. Hiller: Diameter Mobile IPv4 Application, IETF RFC 4004, August 2008.
[5] D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, A. Yegin: Protocol for the Conduct of authentication for network access, IETF draft, December 2007.
[6] MS Bargh, Hulsebosch RJ, EH Eertink, A. Prasad: Fast authentication methods for handovers between IEEE 802.11 wireless LANs, ACM Press, September 2004.
[7] Glass S., T. Hiller, S. Jacobs, C. and Perkins. Mobile IP authentication, authorization and accounting requirements. RFC2977, October 2000.
Narten [8] T., E. Nordmark, W. Simpson, "Neighbor Discovery for IP version 6 (IPv6)", IETF RFC2461, August 2005.
[9] K. Chowdhury, A. Yegin: MIP6-a bootstrapping via DHCPv6 for the integrated scenario, IETF draft, June 2006.
[10] J. Chen and KJR Liu. Joint Source Channel Coding multi-stream and optical network adapter design for video over IP. IEEE Transactions on multimedia, 4 (1) :3-22, March 2002.
[11] Da Wei, Liu Yanheng, Xuegang Yu, Xiaodong Li: Research of Mobile IPv6 application based on Diameter Protocol, IEEE Computer Society, 2006.
[Funk 12] P. S. Blake Wilson: EAP Tunneled TLS Authentication Protocol Version 1 IETF draft, March 2006.
[13] A. Diab, A. Mitschele-Thiel, "Mobile Transfer minimize latency intellectual property ", 2nd International Working Conference on performance modeling and evaluation of heterogeneous networks (HET-NET Journal, United Kingdom, July 2006.
[14] Grecas CF, SI Maniatis, and IS Venieris. Towards the introduction of asymmetric cryptography. In Proceedings. Sixth IEEE Symposium on Computer and Communications, 2001, July 2001.
[15] JC Chen, YP Wang: Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience, IEEE Radio Communications, December 2005.
About the Author
Mojtaba Sadeghi
Master of Computer Engineering, Software
IAU University
Dubai,UAE
Global Mobile 1, http://globalmobile1.goadn.com.