Printer Friendly

Security-effective local-lighted authentication mechanism in NEMO-based fast Proxy Mobile IPv6 Networks.

1 INTRODUCTION

Owing to the rapid development of wireless network technology, Internet is getting more mobile and the smart phone, a mobile device is becoming ubiquitous telecommunication environment such as web browsing, Internet telephone, visual telephony, other multimedia, etc. MNN (Mobile Network Node: like vehicle, train, airplane, ship, etc.) also accesses to the Internet whenever and from wherever possible. It is accessed not from fixed spaces alone but under movement. So, there is an increase in the intention to receive various and abundant Internet services by them the mobile network telecommunication devices. In addition, users wish to be provided with secure and seamless communication even under movement.

Therefore, IETF (Internet Engineering Task Force) which is developing the Internet standard proposes the network class solution called as NEMO (NEtwork MObility) [1]. This enables the network to move among other external networks to maintain a continuous network connection through the expansion of MIPv6 (Mobile IPv6) [2]. But, NEMO inherited the disadvantage of handoff latency from MIPv6. Further, the method of processing AAA (Authorization, Authentication, and Accounting) in mobile technology network has not been defined. This implies that the upper network or lower network does not satisfy the stability and security. Therefore, the research for enhancing effectiveness accompanied by mobility is required, as secure authentication and fast handoff are accomplished.

This paper proposes SK-[L.sup.2]AM (Symmetric Key-Based Local-Lighted Authentication Mechanism) which is less burden some for the mobile device. Light and local authentication was completed based on wire/wireless integrated network environment where NEMO supports mobility and network-based PMIPv6 (Proxy Mobile IPv6). Calculation cost and authentication delay factor is also considered in the proposed SK-[L.sup.2]AM. This has the following characteristics as. (1) Calculation cost is low. As SK-[L.sup.2]AM is the light weight security mechanism which uses only symmetric cryptosystem and hash function [3] to solve the problem of high calculation cost of PKI (Public Key Infrastructure). (2) As SK-[L.sup.2]AM provides local authentication, authentication delay gets reduced and load of HAAA (Home AAA) server declines as MR (Mobile Router) and LAAA (Local AAA) do not share the session key in advance. (3) SK-[L.sup.2]AM satisfies the security requirement by creating a session key, such as replay attack resistance, stolen-verifier attack resistance and mutual authentication to prevent server spoofing attack.

Besides, to reduce handoff delay under movement within a domain and among domains, it is extended so that the neighboring link layer address and the neighboring router information are easily processed. This is done by applying ND (Neighbor Discovery) protocol [4] in MAG (Mobile Access Gateway) at prior handoff and by supporting the advantages of FPMIPv6 (Fast Handoffs for PMIPv6). In addition, AX-FPMIPv6 (Authentication eXtension of Fast Handoff for PMIPv6) which integrated SK-[L.sup.2]AM and X-FPMIPv6 by applying piggybacks method to reduce of telecommunication overhead is suggested. The AX-FPMIPv6 technique proposed in this paper shows that it is better than the existing scheme in authentication and handoff delay in the performance analysis.

The rest of this paper is composed as following. In chapter 2, security, handoff and integrated network architecture where PMIPv6 and NEMO are described. In chapter 3, the movement procedure of the proposed AX-FPMIPv6 authentication mechanism is explained in detail. Security analysis is evaluated in chapter 4 and AX-FPMIPv6 technique is evaluated based on performance evaluation measures in chapter 5. The research results are summarized in chapter 6.

2 RELATED WORKS

2.1 Secure Authentication

Many researches on handoff at movement in MIP (Mobile IP) environment as well as related to authentication using AAA are underway. This is to reduce the threat on the mobile network environment through secure authentication. Researches on AAA authentication are mostly concentrated on host mobility environment [5][6]. IETF proposes AAA model [7][8][9] and Diameter protocol [10] to solve problems when network is requested of roaming in external network from mobile node. As in AAA model Fig.1, there are 4 SA (Security Association) relationships in MIPv6. These SA means two network entities share several secret information with each other. When MR moves in domains, MR should provide several authentication information before it accesses resources from the domain.

[FIGURE 1 OMITTED]

But as in Fig.1, direct security connection between MR and LAAA is insufficient and any information can be shared in advance between MR and LAAA which requires roaming and traditional authentication mechanism as one of technological problems. LAAA should resend information to HAAA (Home AAA) server of MR and wait for the response when there is no information for LAAA to confirm the authentication information. So, authentication becomes ineffective. Further, if MR often roams in different domains then, the authentication loads of MR get increased and it becomes more serious when the distance between the external network and the home network grows apart. NEMO does not specify how to process AAA in a mobile network and only a few of the researches have considered AAA authentication in NEMO environment. Fathi et al. [11] uses AAA model to deal with the security problems in NEMO. Here, the author proposes LR-AKE (Leakage-Resilient Authenticated Key Exchange) [12] system. It is based on the concept of PKI (Public Key Infrastructure). PKI can be used to prevent attacks in general but in this method calculation cost is excessive. This is shown in Wang et al. [13] that LR-AKE system is vulnerable to client and server impersonation attack. Chuang et al. [14] proposes local authentication concept to reduce the authentication delay. But, MR still requests for authentication from the AAA server again, when it moves initially to a new domain. Also, as it only supports local mobility, it should be registered as it enters a new domain for global mobility. Fig.1 is a security association diagram of AAA model under PMIPv6.

This paper proposes fast and Local-Lighted Authentication Mechanism which maintains security associations (SAs) specified in Fig.1 but it has low authentication delay and calculation cost based on AAA authentication model. This only uses symmetric cryptosystem and hash function.

2.2 Network Architecture

[FIGURE 2 OMITTED]

Wireless network has at least one or more MR which is responsible for maintaining MNNs sessions. Besides, a domain should have several MAGs and one or more LAAA servers. When a wireless network enters into a new domain, MR should execute the first authentication procedure before it accesses to the new network. Network phase often gets changed when the MNNs accesses, cuts and executes handoff. It is a very important task of a wireless communication to maintain effective secure group communication. The network architecture displayed in Fig.1 can support all kinds of group key management systems of mobile communication network [15][16][17]. If a roaming agreement is made then, it should be noted that HAAA and LAAA servers share several secret information in advance to facilitate authentication procedure. This is based on AAA security model (SA4 in Fig.1). Further, LAAA and MAGs also share common secret information such as GK (Group Key) (SA3 in Fig.1). That is why LAAA and MAGs have security association.

This paper does not support overlapped mobile communication network, but it can be extended to overlapped network easily. Fig.2 shows the network architecture which combines AAA model under NEMO and PMIPv6.

2.3 Fast handoff in PMIPv6

As NEMO was extended from MIPv6, it inherited the disadvantage of long handoff delay. To solve this, many approaches [18][19][20] attempted to improve the long handoff delay of MIPv6. These systems also still possess certain disadvantages. For example, while Malki [18] proposes LLH (Low Latency Handoff) based on the prior registration method, MNN may cause transmission failure due to HER (HA Error Registration) problem under Ping-Pong movement. RFC 4068 [19] and RFC 4260 [20] propose FMIPv6 (Fast Handoff Mobile IPv6) system in order to improve handoff performances of MIPv6. FMIPv6 depends on AR (Access Router) for handoff but there is no guarantee that MN is connected to AR every time. While supporting fast handoff among domains if access between the expected MN and AR fails then, access should be tried again. This can lead to long handoff latency. That is why FMIPv6 uses simple 2 layer trigger. Also, MN requires protocol stack to process signaling for MN in MIPv6. This causes technological difficulties for supporting MIPv6 to limited MN, excessive resource, battery problem, etc. and they are turning out to be a hindrance for commercialization of terminals which supports MIPv6.

Therefore, NetLMN (Network-based Localized Mobility Management) WG of IETF standardized PMIPv6 as the network-based mobility management protocol. This guarantees service continuity under movement without MN modification by managing network for the MN's IP mobility to solve MIPv6 problems [21]. This implies that the MN may not have any capability for providing mobility service in PMIPv6. But for all the packets that are delivered to MN in PMIPv6 through LMA (Local Mobility Anchor), the packet bottleneck problem arises in LMA. There is a problem that continuity is not guaranteed in movement among PMIP6 domains as local movement was considered from the initial stage. So, while IETF proposed various methods such as Giaretta [22] method which supports mobility among the domains through hierarchical interface of MIPv6-PMIPv6 in order to support global mobility in NetLMN WG.Na's method [23] supports global mobility by defining additional signaling message among PMIPv6 domains, etc. The method of supporting handoff among domains through MIPv6-PMIPv6 interface has a problem that is the MN should have MIPv6 protocol stack and Na method causes handoff latency due to additional signaling message.

Therefore this paper proposes X-FPMIPv6 (eXtension & Fast Handoff for PMIPv6). This is extended and improved to support fast handoff by applying ND protocol in MAG and acquiring neighboring link layer address and neighboring router information (i.e., including LMAs[parallel]MAGs and network prefix information) through prior handoff preparation procedures to support global mobility and also to apply fast handoff at handoffs among domains.

3 SECURITY-EFFECTIVE FAST AUTHENTICATION MECHANISIM FOR NEMO

3.1. Symmetric Key-based Local-Lighted Authentication Mechanism (SK-[L.sup.2]AM)

In this section, SK-[L.sup.2]AM based on AAA model is explained. There are 3 kinds of procedures for operating SK-[L.sup.2]AM such as home registration, the first registration in a domain and then, re-authentication registration. MR should be registered in the HAAA server before accessing into an external network. When MR first comes into an external network, SK-[L.sup.2]AM performs the first authentication procedure. When MR moves within the same domain, SK-[L.sup.2]AM executes fast re-authentication. And X-FPMIPv6 is extended and improved with fast handoff technique in order to support handoff latency reduction within domains.

3.1.1 Home registration procedure

MR should be executed by the home registration procedure before connecting MR into network. This registration can be made just by the security channel or by the manual work done by people. Let's assume there is security channel between MR and AAA based on Diameter protocol in AAA model and Diameter protocol which is explained above. The reason for security association between MR and. If there is no security association between MR and HAAA then, the system can execute Diffie-Hellman system to establish security channel. Fig.3 shows the home registration procedure.

[FIGURE 3 OMITTED]

(1) MR [right arrow] LMA: MR sends unique MRID/MAC address ([MAC.sub.MR]) of MR to LMA.

(2) LMA [right arrow] HAAA: LMA forwards the message to HAAA server.

(3) After receiving MAC address of MR, HAAA calculate the secret values of G = H([chi] [parallel] [MAC.sub.MR]).H() is collision-free one-way hash function and a secret value which shares between HAAA and LAAA secretly.

(4) HAAA [right arrow] LMA: HAAA server sends the parameters of G and [Y.sub.service] to LMA. HAAA indicates all access rights, [X.sub.service] and [Y.sub.service], a set of access rights which MR can access. (i.e., [Y.sub.service] [subset or equal to] [X.sub.service])

(5) LMA [right arrow] MR: LMA forwards parameters of G and [Y.sub.service] to MR.

(6) MR stores parameters of G and [Y.sub.service].

3.1.2 The first authentication procedure in a domain

When MR enters into a new network, MR executes the first authentication procedure. As MR often moves to other domains in a wireless communication network, it should perform the re-authentication operation. Generally, the authentication information of MR should be confirmed from the HAAA server. If a domain is far from the home domain then, it will take a long time for authentication. Therefore, an effective authentication mechanism is required. The system proposed here provides a local authentication mechanism (Namely, it can authenticate in local without including a remote server) and it can facilitate a mutual authentication between MR and LAAA server. The first authentication procedure is shown in Fig.4 as listed in the following.

[FIGURE 4 OMITTED]

(1) MR creates random value [R.sub.1] and the authentication information ([R.sub.1] [parallel] [Y.sub.service]). MR uses a symmetric key G to encrypt authentication information and then, calculates message digest (H([E.sub.G]([M.sub.1]) [parallel] [MAC.sub.MR])) for message integrity.

(2) MR [right arrow] [MAG.sub.1]: MR transmits an authentication request. Here [MAC.sub.MR] and encrypted M1([E.sub.G]([R.sub.1] [parallel] [Y.sub.service])) Message Digest are included.

(3) [MAG.sub.1] [right arrow] [LAAA.sub.1]: [MAG.sub.1] forwards the message to [LAAA.sub.1] server.

(4) [LAAA.sub.1] verifies MR: firstly, [LAAA.sub.1] server checks the message digest for detecting the message modification attack. If hash value (H([E.sub.G]([M.sub.1]) [parallel] [MAC.sub.MR]) does not correspond to the message digest then, [LAAA.sub.1] rejects the request of authentication. Through this, denial of server attack can be eliminated. Then, [LAAA.sub.1] generates symmetric key G with H([chi] [parallel] [MAC.sub.MR]) and decrypts the encrypted message. Here, the [chi] is shared secret value between HAAA and [LAAA.sub.1] which have set a pre-shared secret value [chi] since HAAA and LAAA have a secure roaming agreement. Then, [LAAA.sub.1] gets [R.sub.1] and [Y.sub.service]. After this [LAAA.sub.1] checks the accessing right of MR (i.e., [Y.sub.service]). If it does not have an accessing right to the resource then, LAAA1 will deny the request else, LAAA1 will generate the random number [R.sub.2] and key K = H(GK [parallel] [MAC.sub.MR]). Here, the random number and key will be used in the fast reauthentication phase. Lastly, LAAA1 server prepares the authentication reply [M.sub.2] as ([R.sub.1] [parallel] [R.sub.2] [parallel] K [parallel] [Z.sub.service]), calculate the message digest (H([E.sub.G]([M.sub.2]) [parallel] [MAC.sub.LAAA1]) and generates the session key SK between MR and [LAAA.sub.1] as H([R.sub.1] [parallel] [R.sub.2]). Here, [Z.sub.service] represents the access right which [LAAA.sub.1] server allowed. (i.e., [Y.sub.service] [subset or equal to] [Y.sub.service])

(5) [LAAA.sub.1] [right arrow] [MAG.sub.1]: [LAAA.sub.1] server sends the encrypted authentication reply [E.sub.G]([M.sub.2]), [MAC.sub.LAAA1], and (H([E.sub.G]([M.sub.1]) [parallel] [MAC.sub.LAAA1]s)) to [MAG.sub.1].

(6) [MAG.sub.1] [right arrow] MR: [MAG.sub.1] forwards this message to MR.

(7) MR verifies LAAA1 server. MR checks the message digest (H([E.sub.G]([M.sub.2]) [parallel] [MAC.sub.LAAA1])) to detect the message modification attack, uses G key to decrypt the encrypted message to obtain [R.sub.1], [R.sub.2], K and [Z.sub.service] and checks the random number R1 for avoiding the replay attack. Based on [Z.sub.service], MR decides which MAGs it will be associated with. It stores the key K, generate the session key SK with [LAAA.sub.1] server.

(8) MR [right arrow] [LAAA.sub.1]: MR forwards encrypted messages including [E.sub.SK]([R.sub.2]) to [LAAA.sub.1].

(9) [LAAA.sub.1] decrypts the message when it receives the encrypted message and checks the random number.

3.1.3 Fast re-authentication procedure in the same domain

When MR moves within the same domain from the existing MAG to another MAG, it should receive confirmation again. As in Fig.5, MAGs executes fast re-authentication procedure. The re-authentication procedure is as following.

(1) When MR receives ADV (ADVertisement) message including MAC address of [LAAA.sub.1] from [MAG.sub.1], it can check whether such a domain entered previously or not. If MAC address of [LAAA.sub.1] is held already then, MR is moving within the same domain. MR executes the fast re-authentication procedure, generates random number, and encrypts the authentication information [M.sub.3]([R.sub.3] [parallel] [Y.sub.service]) using the symmetric key K(H(GK [parallel] [MAC.sub.MR])) generated in the first authentication procedure. If MAC address of [LAAA.sub.1] is not held then, MR is sure to move into a new domain, and it should execute the first authentication procedure.

(2) MR [right arrow] [MAG.sub.2]: MR transmits the message digest (H([E.sub.K]([M.sub.3]) [parallel] [MAC.sub.MR])) and encrypted [M.sub.3]([E.sub.K]([M.sub.3])), [MAC.sub.MR] to [MAG.sub.1], and [MAG.sub.1] forwards the message to [MAG.sub.2].

(3) When [MAG.sub.2] received the request of encrypted authentication, it first checks the message digest for message integrity. If hash value of [MAC.sub.MR] does not correspond to the message digest then, MAG stops authentication processing procedure. MAG then, calculates K(H(GK [parallel] [MAC.sub.MR]) value and encrypts the message. Here, GK is the group key which is shared in advance by [LAAA.sub.1] server and MAGs within domain. If encrypted message decrypts successfully then, MR is deemed valid. [MAG.sub.2] verifies the access right of MR and gets random number [R.sub.3]. As a result, MAG generates random number [R.sub.4], prepares authentication replay [M.sub.4] with ([R.sub.3] [parallel] [R.sub.4] [parallel] [Z.sub.service]) and it calculates a new session key SK with H([R.sub.3] [parallel] [R.sub.4]) between message digest (H([E.sub.K]([M.sub.4]) [parallel] [MAC.sub.MR])) and MR.

(4) [MAG.sub.2] [right arrow] MR: [MAG.sub.2] sends the reply ([E.sub.K]([M.sub.4]) and [MAC.sub.MAG2], H([E.sub.K]([M.sub.4]) [parallel] [MAC.sub.MAG2])) to MR.

(5) When MR receives the reply, MR checks message digest (H([E.sub.K]([M.sub.4]) [parallel] [MAC.sub.MAG2])) and uses K key to decrypt the encrypted message. If the message digest is right and decrypting works are successful then, the reply will be recognized to be trustful else MR ignores the reply message. Then, MR checks [R.sub.3] and [Z.sub.service], obtains [R.sub.4] and generates a new session key SK.

(6) MR [right arrow] [MAG.sub.2]: MR transmits the encrypted message including [E.sub.SK]([R.sub.4]) to [MAG.sub.2].

(7) When [MAG.sub.2] received an encrypted message, it decrypts the message and checks the random number.

In the first authentication and fast reauthentication procedures, SK-[L.sup.2]AM provides local authentication. In the first authentication procedure, MR uses G key to generate in the home registration procedure to achieve local authentication. LAAA server substitutes HAAA server to execute the authentication procedure. That is why G key can be calculated from the secret value [chi] which is shared by LAAA server and HAAA server. Similarly, in the fast reauthentication procedure, MR uses K key which is achieved from LAAA server in the first authentication procedure. As K key is generated between external network LAAA server and MAGs, MAG executes authentication procedure instead of LAAA server to reduce authentication latency.

In key management, cost of symmetric cryptosystem proposed in this paper is very low. Although it is based on symmetric cryptosystem, all entities need to save a few of the parameters (i.e., in case of HAAA and LAAA, secret value [chi] and access right of MR). This is the reason for the LAAA to calculate symmetric G key to generated by H([chi] [parallel] [MAC.sub.MR]) on time rather than finding the applicable G symmetric key through key management in the first authentication procedure.

[FIGURE 5 OMITTED]

3.1.4 Authentication Procedure under Movement among Domains

MR should be checked again to move into another domain. The authentication procedure during movement among the domains is as follows.

(1) When MR receives ADV message from [MAG.sub.2] including MAC address of related [LAAA.sub.1] server, it can check whether the applicable domain was visited in the past or not. If MAC address of [LAAA.sub.1] is held already then, MR is moving within the same domain. If MAC address of [LAAA.sub.1] is not held then, MR is sure to move into a new domain, and it should execute the first authentication procedure. During that instance, MR executes authentication procedure. It generates the random number [R.sub.5], and authentication information ([R.sub.5] [parallel] [Y.sub.service]) and calculates message digest (H([E.sub.G]([M.sub.5]) [parallel] [MAC.sub.LAAA1] [parallel] [MAC.sub.MR])) using symmetric key K(H(GK [parallel] [MAC.sub.MR])) to generates in the previous procedure to decrypt authentication information.

(2) MR [right arrow] MAG3: MR transmits MACMR the encrypted message digest (H([E.sub.G]([M.sub.5]) [parallel] [MAC.sub.LAAA1] [parallel] [MAC.sub.MR])) and [M.sub.5]([E.sub.K]([M.sub.5])), [MAC.sub.LAAA1] [parallel] [MAC.sub.MR] to [MAG.sub.3].

(3) [MAG.sub.3] [right arrow] [LAAA.sub.2]: [MAG.sub.3] forwards the encrypted message to [LAAA.sub.2] server.

(4) [LAAA.sub.2] verifies MR: [LAAA.sub.2] server first checks the message digest to detect the message modification attack. If the hash value (H([E.sub.G]([M.sub.1) [parallel] [MAC.sub.LAAA1] [parallel] [MAC.sub.MR]) is not same with message digest then, [LAAA.sub.2] rejects the authentication request. Through this, the denial of server attack can be removed.

(5) [LAAA.sub.2] [right arrow] [LAAA.sub.1]: [LAAA.sub.2] checks the applicable address if the address of [LAAA.sub.1] notified by [MAG.sub.3] is not its address and requests for the confirmation of group key and access right by delivering [LAAA.sub.1] of the applicable address.

(6) [LAAA.sub.1] checks MR: firstly, [LAAA.sub.1] server checks the message digest to detect the message modification attack. If the hash value of [MAC.sub.LAAA1] [parallel] [MAC.sub.MR] does not correspond to the message digest then, [LAAA.sub.1] stops authentication procedure process else, [LAAA.sub.1] generates symmetric G key with H([chi] [parallel] [MAC.sub.MR]) and calculates the encrypted message. As there is agreement of security roaming between [LAAA.sub.2] and [LAAA.sub.1], it established a pre-shared secret value [chi] (SA4 of Fig.1), [chi] is a shared secure value between [LAAA.sub.2] server and [LAAA.sub.1]. It is presumed to have the same rights between domains where the applicable roaming is made. After that [LAAA.sub.1] checks ([Y.sub.service]), the accessing right of MR. If it does not have an accessing right to the resources then, [LAAA.sub.1] rejects the request else, [LAAA.sub.1] confirms the request.

(7) [LAAA.sub.1] [right arrow] [LAAA.sub.2]: If MR has the access right of MR ([Y.sub.service]) then; [LAAA.sub.1] delivers G values and the access right of MR ([Y.sub.service]) to [LAAA.sub.2] through ReplyRTN.

(8) After the confirmation of [LAAA.sub.2] for the access right: [LAAA.sub.2] receives G and the access right ([Y.sub.service]), and then, decrypts the encrypted message with symmetric G key to receive from [LMAA.sub.1]. [LAAA.sub.2] generates the random number [R.sub.6] and key K = H(GK [parallel] [MAC.sub.MR]). Here, the random number and key is used in the authentication stage. It should be noted that GK is the SA3 group key in the domain (Fig.1). Lastly, [LAAA.sub.2] server prepares authentication reply [M.sub.6] in ([R.sub.5] [parallel] [R.sub.6] [parallel] K [parallel] [Z.sub.service]), computes message digest (H([E.sub.G]([M.sub.6]) [parallel] [MAC.sub.LAAA2]), and generates session key SK between MR and [LAAA.sub.2] server with H([R.sub.5] [parallel] [R.sub.6]).

(9) [LAAA.sub.2]--MAG3: [LAAA.sub.2] delivers [E.sub.G]([M.sub.5]), [MAC.sub.LAAA2], H([E.sub.G]([M.sub.6]) [parallel] [MAC.sub.LAAA2) message to [MAG.sub.3].

(10) [MAG.sub.3] [right arrow] MR: [MAG.sub.3] delivers this message to MR.

(11) MR confirms [LAAA.sub.2] server. MR confirms the message digest (H([E.sub.G]([M.sub.2]) [parallel] [MAC.sub.LAAA2])) to detect Message alteration attack. It uses G key to decode the encrypted message to get [R.sub.5] [??] [R.sub.6], K, [Z.sub.service] and it confirms the random number [R.sub.5] to avoid playback attack. MR decides which MAGs it would be associated with based on [Z.sub.service]. MR saves K key along with [LAAA.sub.2] server and it creates session key SK.

(12) MR [right arrow] [LAAA.sub.2]: MR forwards the encrypted messages including [E.sub.SK]([R.sub.6]) to [LAAA.sub.2].

(13) [LAAA.sub.2] encrypts the message when received of the encrypted message and checks the random number.

3.2 eXtension & Fast Proxy Mobile IPv6 (X-FPMIPv6)

This paper proposes X-FPMIPv6 which is extended and improved from PMIPv6. This is done to enable fast handoff process by achieving neighboring L2 layer and neighboring router information (Namely, including LMAs [parallel] MAGs and network prefix information).

[FIGURE 6 OMITTED]

3.2.1 Fast handoff in the same domain

Fig.6 shows the procedure of X-FPMIPv6 proposed when MR moves within the same domain. Especially, X-FPMIPv6 added two L2 trigger (prior L2 trigger, p-LT(pre-Link Trigger) and start L2 trigger, s-LT(start-Link Trigger) for the execution of pre-handoff procedure in advance, and also to reduce the handoff latency and provide secure handoff. p-LT operation starts when the signal strength received from MAG is lower than the threshold designated in advance in MR. This is to extend the concept of "DeuceScan" [22] and to avoid the performance decrease due to Ping-Pong effect of X-FPMIPv6 when MR gets apart from the previous MAG. The start of s-LT means that MR started the procedure of handoff in advance. In Fig.6, 1~5 stages are to execute pre-handoff procedure and 6~10 stages are handoff. X-FPMIPv6 uses two triggers for interaction between L2 and L3. The two triggers of p-LT and s-LT provide more accurate information to reduce the possibility of handoff failure.

(1) [MAG.sub.1] transmits NB-ADV (NeighBor-ADVertisement) message to MR periodically. The message includes the candidate list of LMAs [parallel] MAGs (including network prefix of MAGs) such that MR can select suitable new MAGs.

(2) If p-LT starts operation then, MR generates PCoA as it has the potential MAGs to candidate and transmits FBU (Fast Binding Update) message through [MAG.sub.1] of LMA.

(3) LMA starts fast handoff procedure by sending HI (Handoff Initial) to all the candidates MAGs ([MAG.sub.2]). The candidate [MAG.sub.2] stored in the proxy neighbor cache of PCoA and in case of MAGs in the same domain, tunneling create between LMA1 and candidate [MAG.sub.2].

(4) [MAG.sub.2] transmits HAck (Handoff Acknowledgment) message to [LMA.sub.1].

(5, 6) [LMA.sub.1] uses FBAck (Fast Binding Acknowledgement) message as notices for informing pre-procedures are completed to [MAG.sub.2] and MR. At this stage, MR achieves multi-PCoAs (On-link Care-of-Addresses) at the same time.

(7) And then, as s-LT L2 handoff begins, MR selects the actual target [MAG.sub.2] and sends handoff start (HO_START) message to [LMA.sub.1].

(8) After receiving HO_START message, [LMA.sub.1] starts forwarding all packets which are sent to the selected [MAG.sub.2] forwarded to MR and [MAG.sub.2] saves packets by buffering.

(9) When MR completes handoff,

(10) MR informs its completion of handoff by sending RA (Route Advertisement) message to MAG.

(11) Then, [MAG.sub.2] deletes Proxy Neighbor Cache for new PCoA of MR and downloads the message which was buffered after saving PCoA in a binding cache.

To summarize this, X-FPMIPv6 supports network layer handoff procedure and uses many triggers L2 to avoid HER problems. Further, as it completed its movement search and pre-handoff procedure, the proposed X-FPMIPv6 reduces handoff latency. After pre-handoff procedure, MR has many PCoAs simultaneously. So, even if MR makes a wrong handoff decision, it can be connected to new MAG immediately if handoff arises.

3.2.2 Fast handoff among domains

PMIPv6 does not support global mobility. But this paper improved the advantages of fast handoff method and realized handoff procedure among the domains by the application of fast PMIPv6. 1~5 stages are to execute pre-handoff procedures and 6~10 stages are real handoff procedure.

(1) MAG1 transmits NB-ADV message to MR periodically. Message is the candidate list of LMAs [parallel] MAGs (including network prefix of MAGs) to enable MR to choose a new access GW (MAGs).

(2) If p-LT starts operation then, MR creates PCoA as it has the potential MAG's candidate list ([LMA.sub.1] [parallel] [MAG.sub.2], [LMA.sub.2] [parallel] [MAG.sub.3]) and transmits FBU message through [MAG.sub.1] of LMA.

(3) After [LMA.sub.1] received FBU message from MAG1, if the candidate MAGs([MAG.sub.2] and [MAG.sub.3]) is new PCoAs then, it stores in Proxy Neighbor Cache of each MAGs, and establishes creates fast handoff procedure by sending HI message else the MAGs in the same domain, two-way tunneling between [LMA.sub.2] and candidate [MAG.sub.3] creates by sending HI message simultaneously.

(4) [MAG.sub.2], [MAG.sub.3], [LMA.sub.2] which received HI message delivers HAck message to [LMA.sub.1].

(5) [LMA.sub.1] uses FBAck message as notices for informing pre-procedures that are completed to MR, [MAG.sub.2], [MAG.sub.3], and LMA2. At this stage, MR obtains many at the same time.

(6) And then, as s-LT L2 handoff begins, MR selects the actual target [MAG.sub.3]. MR selects [MAG.sub.3] as the actual target and sends handoff start (HO_START) message to [LMA.sub.1].

(7) After receiving HO_START message, [LMA.sub.1] starts forwarding all the packets which are sent to the chosen [MAG.sub.3] which forwarded to MR. [MAG.sub.3] saves packets by buffering.

(8) When MR completes these works,

(9) MR informs its completion of handoff by sending RA message to MAG.

(10) Then [MAG.sub.3] deletes Proxy Neighbor Cache for new PCoA of MR. It downloads the message which was buffered after saving PCoA in the binding cache.

To summarize fast handoff in global mobility, the pre-handoff is prepared by detecting the neighboring MAGs and in case of moving MAGs in the same domains; the fast handoff procedure is executed. But if not MAGs in the same domain, X-FPMIPv6 reduces handoff latency even under global mobility as it completes pre-handoff by delivering HI simultaneously to candidate MAGs of other domains and LMAs to which they belong.

3.3 Integrated Operation of SK-[L.sup.2]AM and X-FPMIPv6 (AX-FPMIPv6)

As AX-FPMIPv6 aims at the reduction of handoff latency in domain changing regardless of local mobility by MR, it should integrate with proper authentication systems. If the authentication procedure is executed in home domain then, the design of AX-FPMIPv6 should be discarded. In fact, SK-[L.sup.2]AM operates along with X-FPMIPv6 while supporting local authentication.

In this section, AX-FPMIPv6 reinforces security in local and it reduces handoff latency with light/fast SK-[L.sup.2]AM and signaling overload as it describes, how fast the authentication procedure is performed under mobile environment. This supports fast re-authentication procedure where MR supports local mobility in the same domain while X-FPMIPv6 operates in integration. Fig.7 comprises of pre-handoff and real handoff procedure which represents the integration of handoff and authentication operation in the same domain.

[FIGURE 7 OMITTED]

When MR sends FBU message to pMAG(previous MAG) of MR, authentication message (AUTH) is transmitted by Piggybacks method and [MAC.sub.MR] and M([R.sub.3] [parallel] [Y.sub.service] [parallel] H([R.sub.3] [parallel] [MAC.sub.MR]))which is expressed in Fig.7 are included. And if MR is proved to be effective at this time then, nMAG(new MAG) transmits authentication reply message (AUTH_REP) by Piggybacks method as a reply of HAck/FBAck for the MR. Moreover, [MAC.sub.MAG] and EK([R.sub.3] [parallel] [R.sub.4] [parallel] [Z.sub.service] [parallel] H([R.sub.4] [parallel] [MAC.sub.MAG2])) are included in the message, reduction of signaling overload and secure/seamless communication is possible as SK-[L.sup.2]AM and X-FPMIPv6 are operating in integration.

Fig.8 comprises of pre-handoff and real handoff procedure. This represents authentication and integration in handoff among domains. During movement among domains, AX-FPMIPv6 where signaling and authentication message (AUTH) is integrated is as shown in Fig.7 and it operates using Piggybacks method. But if it is not MAG which is currently accessed but nMAG of a new domain then, HI and AUTH are delivered to the nMAG and nLAAA(new LAAA) respectively. As for the fast reply for them, pLMA(previous LMA) and pMAG transmit FBAck and (AUTH REP) to pLMA. This reduces handoff latency and signaling overload and provides safe and secure/seamless communication by the operation of SK-[L.sup.2]AM and X-FPMIPv6 with the integration of authentication and signaling even under handoff among domains, even in movement among domains like movement within the same domain.

[FIGURE 8 OMITTED]

4 SECURITY ANALYSIS

Before explaining security analysis, several considerations are added as followings. (1) Although it was defined that the group key GK is safely shared between LAAA and MAGs in advance, if an attacker has enough time and high-speed computer then, the key which is used for a long cycle can be under brute force attack for a long time. Therefore, the length of key is assumed to be long enough so that the system can endure strongly. Further, the system should change key timely to reduce the probability of hacking due to brute force attacks. (2) Security characteristics of SK-[L.sup.2]AM are based on one-way hash function (for example SHA-512 [23]) for collision avoidance. If [chi] value is given for one-way has function H() then, H([chi]) is easy to calculate. But, if H([chi]) is not given then, it is very difficult or it incurs high calculation costs to calculate this. Besides, SK-[L.sup.2]AM satisfies security characteristics as follows.

(1) Replay Attack Resistance: It is difficult for the attackers to guess the value of the random number as the random numbers are newly created in each authentication procedure. As the random numbers are included in the authentication information ([M.sub.n]) in order to prevent replay attack resistance, the proposed SK-[L.sup.2]AM has resistance in replay attacks.

(2) Server Spoofing Attack Resistance: MR authenticates the authentication server and vice versa in SK-[L.sup.2]AM. This mutual authentication is ineffective spoofing attacks completely.

(3) There is no time synchronization: To cope with replay attack, several authentication systems use time stamp mechanisms. But, time stamp mechanism may have several disadvantages such as other time zones and long transmission latency. But this system is the random number based authentication system. Therefore, this system does not have time synchronization problem.

(4) Stolen-verified Attack Resistance: In SK-[L.sup.2]AM, AAA server does not have to save any verified information. Even if any attacker infiltrates in to the database of AAA server, he may not acquire any user authentication information. Therefore, SK-[L.sup.2]AM is strong to attacks for Stolen-verified Attack.

(5) Message Modification Attack Resistance: To create message digest, one-way hash function is used safely so that information is not modified. If any attacker transmits packets which are modified (malignant) to MR or the authentication server then, the packets can be easily checked as the hash value is checked.

(6) Local authentication: Local authentication has 3 advantages. Local authentication reduces satisfies authentication time. It also reduces satisfies network burden. And it provides fault tolerance mechanism. In other words, even if AAA server is in hacking, MR still carries out authentication procedure in domains.

(7) Generation of session key: To provide safe communication in the first and fast re-authentication procedures of SK-[L.sup.2]AM, the session key which uses the random numbers is generated. In AX-FPMIPv6, the key is created in prehandoff procedure. To complete the procedure, the MR and MAG can mutually communicate safely. Specifically, MR and MAG can use the session key to encrypt messages in order to prevent overhearing of their contents.

(8) Known-plaintext Attack Resistance: Known-plaintext attack resistance is a cryptanalytic attack in which the attacker obtains both the plaintext and its corresponding cipher text, and then the attacker tries to discover secret information. Although [MAC.sub.MR] is transmitted in this system, it does not suffer from known-plaintext attack. The reason for not being able to attack using plaintext is because the attacker can obtain only [MAC.sub.MR] but the attacker does not know the applicable secret key G (namely G = H(x [parallel] [MAC.sub.MR])) and secret value [chi]. Therefore, the attacker will know it is difficult to easily execute plaintext attack. In fast re-authentication procedure, we do not suffer known-plaintext attack owing to the same reason (the attacker can acquire only [MAC.sub.MR] but does not know the applicable secret key K (i.e., K = H(x [parallel] [MAC.sub.MR])) and group key GK. Fast reauthentication procedure can also still resist in attacks. Because the attacker does not the applicable secret key K (i.e., K = H(GK [parallel] [MAC.sub.MR])) and the group key GK.

5 PERFORMANCE ANALYSIS

5.1 Evaluation Criteria

The proposed mechanisms based on the following performances evaluation criteria would be analyzed in three points of views as follows.

* Calculation Cost (CC): Complexity of the mobile node.

* Authentication Latency (AL): Latency between an authentication request sent by the MR and receiving of an applicable authentication reply.

* Handoff Latency (HL): Time when MR requires changing of the MR connection. The total handoff latency is the sum of L2 handoff latency, authentication latency and handoff latency in a network layer (L3).

A good authentication mechanism should incur low cost of calculation and provide low authentication latency. Moreover, low handoff is reinforced in the fast handoff and the integrated design of authentication and fast handoff should prevent overlapped signaling cost. Through analysis models and numerical results, our proposed mechanism is to show that it is a better solution for security and latency problems compared to the existing systems.

5.2 Parameter

Fig.9 shows the network phases and numerical analysis model. Although signaling messages have different sizes, each signal message is assumed to have the same transmission latency and calculation costs. In the evaluation, notations as followings are used.

[FIGURE 9 OMITTED]

* [D.sub.A-B]: Average delivery latency between node A and node B and it is presumed that [D.sub.A-B] = [D.sub.B-A].

* [D.sub.RA]: Time required to transmit the fast neighboring advertisement message.

* m: hop count between home and domains.

* [D.sub.PROC(A)]: Average process latency of procedure A.

* Handoff latency can be expressed as the sum of L2 detection latency ([D.sub.L2]), move detection latency ([D.sub.MD]), overlapping address detection latency ([D.sub.DAD]), authentication latency ([D.sub.AUTH]) and location registration latency ([D.sub.BU]). MAG which supports mobility so that router advertisement (RA) not request in is sent more often suggests it should be established with more less MinRtrAdvInterval (MinInt) and MaxRtrAdvInterval (MaxInt) values. To simplify more, in the ground [24], it is assumed that it is half of the average value for RA message, which did not request the [D.sub.MD] value (i.e., (MinInt+MaxInt)/2), and the quarter of the average RA message value, which did not request the [D.sub.MD] value in HMIPv6 (i.e., (MinInt+MaxInt)/4).

* SA: The number of signaling messages which node A sent.

Table-2 is showing that values of parameters used in numerical analysis based on [25] and default latency value of DAD operation is 1000ms.

5.3 Analysis Results

5.3.1 Calculation Cost (CC)

In this section, calculations costs of SK-[L.sup.2]AM and LR-AKE systems are compared. The analysis of calculation costs analysis, notations as followings are used. "-" means there is no calculation costs. n is the income of MRs which AAA server handles. Ch represents the cost at which one-way hash function is executed. [C.sub.sym] represents cost for symmetric encryption or decryption. [C.sub.asym] represents cost for asymmetric encryption or decryption. Table-3 and Table-4 represent the calculation complexity of each SK-[L.sup.2]AM and LR-AKE system. As LR-AKE does not support local authentication, the authentication procedure is performed every time in HAAA. Therefore, under LR-AKE system the bottleneck problem can arise in HAAA.

5.3.2 Authentication Latency (AL)

SK-[L.sup.2]AM performances is evaluated by numerical analysis. It is compared with LMAM which is combined with the AAA system, the simple NEMO protcol, LR-AKE system and the system of Shi et al. Also. authentication latency is considered in threemobility scenarios. (a) When MR enters into a domain first (b) MR moves within the same domain (c) Last, MR moves among the domains. The numerical analysis of authentication latency is as follows.

Table-5 is the result of the numerical analysis for authenticationlatency.

(a) The formula of authentication latency when MR first entered into domain are as follows.

(1) [AL.sub.Proposed] = 2[D.sub.MR-MAG] + 2[D.sub.MAG-LAM] + 2[D.sub.LAM-LAAA] + [D.sub.AUTH]

= 2a + 2c + 2d

(2) [AL.sub.LMAM] = 2[D.sub.MR-AR] + 2[D.sub.AR-MAP] + 2[D.sub.MAP-LAAA] + [D.sub.AUTH]

= 2a + 2c + 2d

(3) [AL.sub.Simple_Combine] = 2[D.sub.MR-AR] + 2[D.sub.AR-LAAA] + 2[D.sub.HAAA-LAAA] + [D.sub.AUTH]

= 4a + 2mb + 2c + 2d

(4) [AL.sub.LR-AKE] = 5[D.sub.MR-AR] + 5[D.sub.AR-HA] + 2[D.sub.HA-HAAA] + 4[D.sub.HAAA-LAAA] + [D.sub.AUTH]

= 10a + 9mb + 5c + 5d

(4) [AL.sub.Shi] = 2[D.sub.MR-AR] + 2[D.sub.AR-LAAA] + 2[D.sub.HAAA-LAAA] + [D.sub.AUTH]

= 4a + 2mb + 2c + 2d

[FIGURE 10 OMITTED]

(b) When MR moves within the same domain, the authentication latency is defined as follows,

[C] [AL.sub.Poposed] = 2[D.sub.MR-MAG] + [D.sub.AUTH] = (MinInt + MaxInt)/2

(7) [AL.sub.LMAM] = 2[D.sub.MR-MAG] + [D.sub.AUTH] = 2d

(8) [AL.sub.Simple_Combine] = 2[D.sub.MR-AR] + 2[D.sub.AR-LAAA] + 2[D.sub.HAAA-LAAA] + [D.sub.AUTH]

= 4a + 2mb + 2c + 2d

(9) [AL.sub.LR-AKE] = 5[D.sub.MR-AR] + 5[D.sub.AR_HA] + 2[D.sub.HA-HAAA] + 4[D.sub.HAAA-LAAA] + [D.sub.AUTH]

= 10a + 9mb + 5c + 5d

(10) [AL.sub.Shi] = 2[D.sub.MR-AR] + 2[D.sub.AR-MAP] + 2[D.sub.MAP-LAAA] + [D.sub.AUTH]

= 2a + 2c + 2d

[FIGURE 11 OMITTED]

(c) When MR moves into another domain, the authentication latency is defined as follows,

[FIGURE 12 OMITTED]

SK-[L.sup.2]AM show the way or means to achieve the least authentication latency out of the other compared approaches. This is the reason for using local authentication instead of home authentication. While the local authentication system shows similar results with the LMAM system, on the contrary LR-AKE system consumes long time on negotiation between HAAA and LAAA server. If the hop count m is largethen the authentication latency would get more longer. When MR entered into a domain first, the system of Shi et al. should also send authentication informationto HAAA server.

5.3.3 Handoff Latency (HL)

After simulating AX-FPMIPv6 performances, it compares with LE-HMIPv6 system, Simple NEMO system, LLH system and HMIPv6 system. Result was acquired as the average of 10 times in this simulation. HMIPv6 is assumed to support local registration. Total handofflatency is the sum of L2 handoff latency, authentication latency and L3 handoff latency. Total handoff latency of each system is calculated as follows.

(11) [HL.sub.PProposed] = [D.sub.L2] + [D.sub.RA(FNA)] = [D.sub.L2] + 2[D.sub.MR-NMAG]

= [D.sub.L2] + (MinInt + MaxInt)/2

(12) [HL.sub.LE-HMIPv6] = [D.sub.L2] + [D.sub.FNA] = [D.sub.L2] + 2[D.sub.MR-NAR] = [D.sub.L2] + 2d

[HL.sub.NEMO] = [D.sub.AUTH] + [D.sub.L2] + [D.sub.MD] + [D.sub.DAD] + [D.sub.BU]

(13) [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]

(14) [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]

(15) [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]

[FIGURE 13 OMITTED]

Fig.13 shows average handoff latency within the same domain. As SK-[L.sup.2]AM provides local authentication without sending information to HAAA server of MR, it operates effectively in mobility management within the local domains. Additionally, AX-FPMIPv6 uses Piggybacks method in order to reduce signaling overload and it also uses several L2 tirgger to support prior handoff procedure. Therefore, handoff procedure among domains can be executed rapidly.

Fig.13 shows the results of handoff latency among domains at different distances (i.e., hop count) between home and foreign domains. As LE-HPMIPv6 supports mobility management and local registration systems but the application of HMIPv6 protocol improved the handoff from MIPv6. Handoff latency reduces but it causes the longest handoff latency for movement detection and DAD latency also it, does not support handoff among domains. A simple NEMO protocol inherited the disadvantage of long handoff latency in MIPv6 and it does not support local authentication. Although LLH uses prior registration method to reduce handoff latency, the authentication procedure should be executed in the HAAA server and due to this authentication latency arises. As our proposed system completes network-based architecture, local-based authentication, authentication and movement detection procedure in the pre-handoff stage, AX-FPMIPv6 mechanism have the lowest handoff latency. Further, to avoid Ping-Pong effect and the occurence of HER problem, this paper uses the concept of "DeuceScan" and L2 triggers start the pre-handoff procedurein time. Fig.14 shows the average handoff latency among domains.It describes the average handoff delay between the domains for different distances between MAG and LAAA. The proposed system still shows the best results. Besides, the distance between MAG and LAAA is found not to scarcely affect our system. The reason behind this is, AX-FPMIPv6 executes the authentication procedure in LAAA when MR first moves into foreign networks.

[FIGURE 14 OMITTED]

6 CONCLUSIONS

As the local authentication mechanism called as SK-[L.sup.2]AM is proposed to support network mobility in this paper. Calculation cost related with code is considerably reduced for this use in the symmetric encryption and hash function. In order to also reduce the authentication latency, the authentication procedure can be completed without returning to HAAA or LAAA server. And PMIPv6 is improved to support local handoff and global handoff in a wireless network. X-FPMIPv6 uses many triggers and many CoAs to increase handoff procedure speed and avoid HER problem.

Lastly, as SK-[L.sup.2]AM supports local authentication, it does not increase the signaling overload. So, it is integrated in AX-FPMIPv6. According to the results of the performances analysis, it is shown to be more excellent than all the exsting systems in calculation costs, authentication latency, handoff latency and signaling cost. Related to the security problem, SK-[L.sup.2]AM is very effective in local authentication, replay attack resistance, stolen verifier attack resistance, session key creation, mutual authentication to prevent server spoofing attack, known plaintext attack resistance and message alteration attack resistance.

REFERENCES

[1.] V. Devarapalli, R. Wakikawa, A. Petrescu, and P. Thubert, "Network Mobility (NEMO) Basic Support Protocol,"IETF, RFC 3963, January 2005.

[2.] D. Johnson, C. Perkins, and J. Arkko, "Mobility support in IPv6," IETF, RFC 3775, June 2004.

[3.] L. Lamport, "Password authentication with insecure communication," Communications of the ACM, Vol. 24 (11), pp.770-772, November 1981.

[4.] T. Narten, E. Nordmark, and W. Simpson, "Neighbor discovery for IP version 6 (IPv6)," RFC 2461, December 1998.

[5.] Jong Hyuk Park and Qun Jin, "Effective session key distribution for secure fast handover in mobile networks," Telecommunication Systems, Vol.44(1-2), pp.97-107, November 2009.

[6.] A. Mishra, M.H. Shin, N.L. Petroni, J.T. Clancy, and W.A. Arbauch, "Proactive key distribution using neighbor graphs," IEEE Wireless Communications, Vol.11(1), pp.26 -36, February 2004.

[7.] C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, and D. Spence, "GenericAAA architecture," IETF RFC 2903, August 2000.

[8.] S. Glass, T. Hiller, S. Jacobs, and C. Perkins, "Mobile IP authentication, authorization, and accounting requirements," IETF RFC 2977, October2000.

[9.] C.E Perkins, "Mobile IP joins forces with AAA," IEEE RFC 2977, August 2000.

[10.] P. Calhoun, T. Johansson, C. Perkins, and T. Hiller, "Diameter Mobile IPv4 application," IEEE RFC4004, August 2005.

[11.] H. Fathi, S. Shin, K. Kobara, S. Chakraborty, H. Imai, and R. Prasad, "LRAKE-based AAA for network mobility (NEMO) over wireless links," IEEE Journal on Selected Areas in Communications (JSAC), Vol. 24(9), pp.1725-1737, 2006.

[12.] I. Hideki, S. Seonghan, K. Kanukuni, "Introduction to Leakage-Resilient Authenticated Key Exchanged Protocols and Their Applications," KIISC, December 2008.

[13.] Yingjie Wang, Wei Luo, and Changxiang Shen, "Analysis on Imai-Shin's LR-AKE protocol for wireless network security," Communications in Computer and Information Science, pp.84-89, 2009.

[14.] Ming-Chin Chubng, and Jeng-Farn Lee, "A lightweight mutual authentication mechanism for network mobility in IEEE 802.16e wireless networks," Computer Networks, June 2011.

[15.] Depeng Li and Srinivas Sampalli, "An efficient contributory group rekeying scheme based on hash functions for MANETs," IFIP International Conference on Network and Parallel Computing Workshops, pp.191-198, September 2007.

[16.] W.H.D. Ng, Zhili Sun, and H. Cruickshank, "Group key management with network mobility," 13th IEEE International Conference on Networks (ICON), Vol. 2, pp.716-721, November 2005.

[17.] Y. Kim, A. Perrig, and G. Tfsudik, "Group key agreement efficient in communication," IEEE transactions on computers, Vol. 53(7) PP.905-921, 2004.

[18.] K. El Malki (Ed.), "Low-Latency Handoffs in Mobile IPv4," IETF RFC 4881, June 2007.

[19.] R. Koodli (Ed.), "Fast Handoffs for Mobile IPv6," IETF, RFC 4068, June 2005.

[20.] P. McCann, "Mobile IPv6 fast handoffs for 802.11 Networks," IETF RFC 4260, November 2005.

[21.] S. Gundaveli, K, Leung, V. Devarapali, K. Chowdhury, and B. Patil, "Proxy Mobile IPv6," IETF RFC 5213, August 2008.

[22.] Kyoung-Hee Lee, Hyun-Woo Lee, Won Ryu and Youn-Hee Han, "A scalable network-based mobility management framework in heterogeneous IP-based networks," Telecommunication Systems, June 2011.

[23.] Jee-Hyeon Na, Soochang Park, Jung-Mo Moon, Sangho Lee, Euisin Lee, and SangHa Kim, "Roaming Mechanism between PMIPv6 Domain," draft-park-netmmpmipv6-roaming-o1.txt, July, 2008.

[24.] Yuh-Shyan Chen, Ming-Chin Chuang, Chung-Kai Chen, "DeuceScan:deuce-based fast handoff scheme in IEEE 802.11 wireless networks," IEEE Transaction on Vehicular Technology Conference, Vol. 57(2), pp.1126-1141, September 2008.

[25.] NIST, U.S. Department of Commerce, "Secure Hash Standard," U.S.Federal Information Processing Standard (FIPS), August 2002.

Illkyun Im * and Jongpil Jeong **

* 'SAMSUNG SDS Co. Ltd., Principal Engineer Modeling & Simulation Group Ilok Bldg., 707-19, Yoksam 2-dong, Gangnam-gu, Seoul, Korea of Republic, 135-918

illkyun.im@samsung.com

** School of Information and Communication Engineering Sungkyunkwan University, Korea

jpjeong@ece.skku.ac.kr (Corresponding Author)
Table 1. Notation

Symbol            Description

[chi]             Secret value which is shared between HAAA and LAAA
GK                Group key of domain
[MAC.sub.i]       Unique MAC address which I, a mobile communication
                    device
[R.sub.i]         I, an arbitrary value
[E.sub.K](M)      Coded message by using symmetric code (Encryption)
                    K key
[D.sub.K](M)      Plain sentence induced in the coded sentence which
                    is decoded in symmetric key K
H()               Hash function of work direction open
[parallel]        Character string combination
[X.sub.service]   All accessing rights in HAAA server
[Y.sub.service]   [Y.sub.service] [subset or equal to]
                    [X.sub.service]: A set of accessing rights of MR
[Z.sub.service]   [Z.sub.service] [subset or equal to]
                    [Y.sub.service]: Accessing right which
                    LAAA allowed
SK                Session Key

Table 2. Parameters used in the numerical
analysis

Parameters    Value       Parameters       Values

[D.sub.1,2]    50             d             100
[D.sub.DAD]   1000          MinInt           30
a              10           MaxInt           7
b              10     [D.sub.proc(auth)]     10
c              10

Table 3. Calculation Costs of SK-L2AM System

Item                  MR            HAAA

Home
registration          --         n[C.sub.h]
procedure

First            [C.sub.ram] +       --
authentication   3[C.sub.sym]
Procedure        + 6[C.sub.h]

Re-              [C.sub.ram] +       --
authentication   3[C.sub.sym]
procedure        + 6[C.sub.h]

Item                  LAAA             MAG

Home
registration           --              --
procedure

First            [C.sub.ram] +         --
authentication   3[C.sub.sym] +
Procedure          5[C.sub.h]

Re-                    --         [C.sub.ram] +
authentication                    3[C.sub.sym]
procedure                          4[C.sub.h]

Table 4. Calculation Costs of LR-AKE System

Item                  MR             HAAA        LAAA   AR

Home                  --              --          --    --
registration
procedure

First            [C.sub.ram] +   [C.sub.ram] +    --    --
authentication   3[C.sub.asym]   2[C.sub.asym]
procedure        + 6[C.sub.h]    + 6[C.sub.h]

Re-              [C.sub.ram] +   [C.sub.ram] +    --    --
authentication   3[C.sub.asym]   2[C.sub.asym]
procedure        + 6[C.sub.h]    + 6[C.sub.h]

Table 5. Comparision of Authentication Latency

Item                Moveme
                   nt into          Movement          Movement
                     the           within the       into another
                    domain        same domain          domain
                  initially

Proposed(SK        2a+2c+2          (MinInt+          (MinInt+
  - [L.sup.2]         d            MaxInt)/2          MaxInt)/2
  AM)
LMAM              2a+2c+2d             2d            2(2a+2c+2d)
Simple
  NEMO             4a+2mb+         4a+2mb+2c         2(4a+2mb+2c
  combined          2c+2d             +2d               +2d)
  with AAA
LR-AKE          10a+9mb+5c+5d    10a+9mb+5c+5d    2(10a+9mb+5c+5d)
Shi et al.      4a+2mb+2c+2d        2a+2c+2d      2(4a+2mb+2c+2d)
COPYRIGHT 2012 The Society of Digital Information and Wireless Communications
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Im, Illkyun; Jeong, Jongpil
Publication:International Journal of Digital Information and Wireless Communications
Article Type:Report
Date:Jan 1, 2012
Words:9130
Previous Article:An enhanced workflow reengineering methodology for SMEs.
Next Article:Source separation from single channel biomedical signal by combination of blind source separation and empirical mode decomposition.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters