An optimized and secure BUTE – binding update using twofold encryption for next generation IP mobility

Abstract

The mobile Internet Protocol (IP) is a mobility based communication protocol that provides guidelines for the routing of mobile nodes in a network. The mobile IP manipulates IP addresses as a natural identifier for each mobile communicant. Here, each mobile device recognizes itself via two IP addresses: a home-of address and a care-of address. Owing to the mobility nature of the these devices, the location update of their current care-of address plays a vital role in receiving continuous services without interference. Many investigations have been explored on the location update of mobile devices along with the security and computation issues. However, the efforts on the security services have not received much attention in these investigations. Consequently, there is an increasing need for optimized binding update that balances security and efficiency. In this paper, a new Binding Update using Twofold Encryption (BUTE) is proposed, for balancing both security and efficiency of binding update for IPv6 mobility. It exhibits the alleviation of the attacks such as rerun, man-in-the-middle, false binding update and denial-of-service. The proposed BUTE is simulated using network simulator-2 and the experimental results are analyzed. Also, it is validated for security attributes using Automated Validation of Internet Security Protocols and Applications (AVISPA) – a security tool. Finally, the numerical results reveal that the proposed BUTE provides a significant reduction in communication cost and binding update delays.

Keywords

Binding update asymmetric encryption authentication return routability message latency tunneling

1 Introduction

Mobile IP version 6 (MIPv6) is designed to maintain the mobility support in internet protocols for continuous services without the use of any additional fixed routers [1]. Here, the broadcasting of IP packets between nodes in a mobility based network facilitates a location independent routing since the messages are routed irrespective of the current location of the nodes [2]. Several approaches of network mobility infrastructure such as proxy mobile IP and hierarchical mobile IP were developed and they all receive their signal messages from different points of attachment with multiple gateways [3]. However, the incorporation of such approaches to IPv6 based networks can result in non-optimized routes. Hence, the IPv6 mobility necessitates a secure and efficient communication between wireless networks.

The environment of IPv6 based network consists of communicating entities such as mobile node (MN), home agent (HA) and correspondent node (CN) as shown in Fig. 1. Initially, the MN located in the fixed infrastructure of its respective home network uses a home-of address (HoA), while when away from its home network uses a care-of address (CoA). Further, when a MN moves from one location to another, the recipient keeps track of the sender using CoA which is carried by a series of message transfers known as binding updates (BUs). Each BU is associated with a response message, described as binding acknowledgment (BA). Here, the establishment of binding update is explored by verifying the correctness of CoA of the legitimate node [4, 5].

Fig.1

Mobile IPv6 work space: A pictorial view.

2 Related work

The notion of basic return routability in MIPv6 allows the secure transfer of BU messages by providing mutual authentication. Return Routability Protocol (RRP) [6] aims to offer authentication by issuing tokens for the corresponding MN without relying on a public key infrastructure (PKI). In this approach, two tokens are issued between MN and CN, one for addressing MN’s HoA and the other for denoting current CoA. Here, the MN creates a hash value of message as part of the BU scheme. The hash is rechecked by the respective CN. However, the RRP suffers from security threats such as replay and reflection attack, man-in-the-middle (MITM), traffic redirection and amplification attacks.

Subsequently, the RRP using identity-based encryption (RRP-IBE) proposed by Alsalihy & Alsayfi (2013) aims at integrating IBE with the former study of RRP for increasing the basic protection level of RRP [7]. It investigates the message flow of the protocol using an additional third party, called as private key generator (PKG) for the purpose of issuing keys during the test initiations. This approach employs PKG for the replacement of PKI without relying on a key recovery database. Though RRP-IBE provides required protection in the MN-HA link, it does not protect the CN-HA link. Specifically, the MITM can intervene in the communication link of CN-HA. Here, the intruder can take control over a router in the CN-HA link.

Private-key based binding update (PKBU) protocol [8] aims to provide a secure BU scheme using private key based IP addresses between MN and CN. The BU messages between MN and CN, also termed as signal messages are protected using IP security (IPSec) tunneling to provide authentication [9]. In PKBU, the present CoA of MN is verified by using an identity based scheme which uses the private key of MN and the IPv6 subnet prefix. Here, the address generation is carried out through the multi-key cryptographically generated address which takes more computation cost compared to cryptographically generated address. Further, PKBU is prone to hand-off delay even though it decreases message signaling overhead.

Subsequently, Yeh et al. suggested a batch binding update (BBU) scheme [10] for handling recurrent BUs using multiple mobile routers over a short period of time. In BBU, the binding of MN is established with mobile routers which communicate through multiple tunnels with a frail routing path. These routers often shift themselves from their home network interfaces frequently by issuing BU in every move. Though BBU is protected, the concealed data of CoA message is not authenticated. Further, there are possibilities of an adversary to create a new cryptographically generated address (CGA) with the pre-defined public key of the home agent. Since the scheme incorporates elliptical curve cryptography based parameters for signature and verification, the computation steps are complex in terms of payload and latency.

In [11], the mutual authentication among MN and HA and CN is examined. It is based on the optimal asymmetric encryption in which public key is shared beforehand. The message padding is performed using two hash functions and a randomized number. The symmetric key encrypts the random nonces of MN, HA and the temporary identity of MN. The MN sends this information in the BU request to the HA. In turn, the HA computes the hash value of the temporary identity of the CN and sends the BA to the MN. In order to verify, the MN decrypts the BA and recalculates the hash value of the temporary identity of the CN. The process is repeated with a new set of random values to attain mutual authentication.

The route optimization and security enhancement measures have been explored for the proxy based MIPv6 networks [12, 13]. A unique token is shared between the MN and mobile access gateway (MAG) in this method [12]. Then, the CN verifies the token and sends the token response to MN via CN-MAG which forwards it to the MN-MAG. The messages shared among the MAGs cannot be intercepted by the attackers because location updates are encrypted and hash value is calculated with the nonce of the respective MAGs. There is no exchange of proxy BU or BA with home agent, which reduces the signaling cost. In [13], the token is incorporated in the routing table followed by the encryption to provide security. The routing table is shared among all the nearby MAGs. The CN gets the location of the MN by referring the routing table. The mutual authentication and data integrity is ensured by the application of hash function in this method. However, it is performed in the proxy MIPv6 based network.

To recapitulate, it is summarized that the existing protocols suffer from security vulnerabilities owing to the ineffectiveness of authenticating the legitimacy of MN by CN and obscuring CoA message in IPv6 mobility [14 –16]. Developing and building from the inferences of former protocols, this current paper suggests a mechanism for location update of IPv6 mobility using a new scheme BUTE to enhance security and efficiency in terms of BU latency. The contributions of the current paper in the proposed BUTE are: (1) secured concealing of CoA, (2) authentication of identity of each user authority, (3) efficient CoA generation and verification, (4) validation of the security properties of BUTE using AVISPA – a model checker, and (5) reduced computational and communication payload.

The rest of the paper is organized as follows: The cryptographic groundwork of BUTE is reviewed in Section 2. Section 3 describes the proposed scheme (BUTE) with its message sequence. Section 4 and 5 discusses the security analysis and the formal validation of BUTE using AVISPA. Section 6 shows the performance evaluation based on communication payload and latency. The conclusion is presented in Section 7.

3 Preliminaries

The current section discusses the optimal asymmetric encryption (OAE) and the CoA generation of MN using OAE.

3.1 Optimal asymmetric encryption

Optimal asymmetric encryption is a message padding procedure [17, 18]. Unlike discrete logarithm problem, which depends on heavy computation, OAE procedure uses minimal cryptographic operations with two randomized hash functions G and H. The OAE selects two random oracle numbers r1 and r2 and computes the output as follows. $\begin{matrix} OAE [r 1, r 2] & = & [(r 1 | | 0^{k}) XOR G [r 2]] | | \\ r 2 XOR H [(r 1 | | 0^{k}) XOR G [r 2]] \end{matrix}$

The output of OAE provides one-way authentication and it is repeated with random values to complete the mutual authentication between the communicants. Here, the value of k is an integer, number of bits padded with r1 (represents the number of padded bits) and XOR is the exclusive-OR operation.

3.2 Cryptographically generated address using OAE

The MN’s identity after its relocation from the home network is addressed using the CoA, which is generated using CGA technique [19] with OAE (CGA-OAE). The address generated using CGA-OAE is a 128-bit IPv6 address where the leftmost 64 bits are subnet prefix and rightmost 64 bits are the interface identifier.

The input parameters defined for the address generation includes modifier value, subnet prefix, public key of HA, hash function G and H, nonces, security flag sec and collision count (initially set to 0). Here, the value sec is a predefined security parameter and the value ranges between 0 and 7 in binary representation. The CGA-OAE increments the modifier bit and collision count in case of duplication [20]. The new IPv6 address is generated by concatenating the subnet prefix and the newly generated interface identifier. The procedures for generating and verifying the CGA using OAE are shown in Figs. 2 and 3.

Fig.2

CoA generation using CGA-OAE procedure.

Fig.3

CoA verification using CGA-OAE.

4 Proposed binding update

The current section discusses the intricacies of the proposed BUTE that incorporates probabilistic factoring based public key encryption [21]. It is built on the assumption that the public keys of HA and CN are pre-shared with the MN. Also, the communication channel of MN-HA is secured through IPSec tunneling. The notations and variables used in the proposed BUTE are listed in Table 1.

Table 1
Notations and variables used in BUTE

Notation Description

ETR_M - N Encrypted text to be used in the link between M and N

F₁ || F₂ … . || F_n Concatenation of fields F₁, F₂, ... F_n

A → B : M Host A sends a message M to host B

MN_Tmp, MN_Sig, σ_MN Temporary identity, signature and verification key of MN

OAE[N₁,N₂] Optimal asymmetric encryption on the nonces N₁ and N₂

H One-way hashing applied to the fields F₁, F₂, ... F_n

Nonce_MN, Nonce_HA, Nonce_CN Nonces of MN, HA and CN respectively

HA_{_Kpub} Pre-shared public key of HA

B_req, B_rep Bit pattern indicating binding request and reply

Notation	Description
ETR_M - N	Encrypted text to be used in the link between M and N
F₁ \|\| F₂ … . \|\| F_n	Concatenation of fields F₁, F₂, ... F_n
A → B : M	Host A sends a message M to host B
MN_Tmp, MN_Sig, σ_MN	Temporary identity, signature and verification key of MN
OAE[N₁,N₂]	Optimal asymmetric encryption on the nonces N₁ and N₂
H	One-way hashing applied to the fields F₁, F₂, ... F_n
Nonce_MN, Nonce_HA, Nonce_CN	Nonces of MN, HA and CN respectively
HA_{_Kpub}	Pre-shared public key of HA
B_req, B_rep	Bit pattern indicating binding request and reply

4.1 The proposed binding update with HA

The proposed BUTE with HA is a two-step procedure (in Fig. 4). MN sends a BU request message to HA (Step 1), where CoA is the intended location address of MN currently; HoA denotes MN’s initial home address of HA. The message flow of the proposed BU with HA is as follows, $\begin{matrix} 1 . MN \to HA : B_{req}, {MN}_{Tmp}, {MN}_{Sig}, \\ {ETR}_{MN - HA}, HoA \end{matrix}$ where, $\begin{matrix} {ETR}_{MN - HA} = (M^{2} mod ({HA}_{K_p ub})) {(- 1)}^{M 0} \\ \sum^{M 1} mod ({HA}_{K_p ub}) \\ M = CoA, {MN}_{Tmp}, σ_{MN}, H [{Nonce}_{MN} | | \\ {Nonce}_{HA} | | CoA | | {HA}_{k_p ub}], OAE [{Nonce}_{MN}, \\ {Nonce}_{HA}] \\ M 0 = M (mod 2) \\ M 1 = (1 / 2) [1 - (M / N)], where \\ N = {Nonce}_{MN} * {Nonce}_{HA} \end{matrix}$

Fig.4

Proposed location update with HA.

In the first step, the binding update is initiated from MN and sent to HA with the fields MN_Tmp, ETR_MN - HA and HoA where ETR_MN - HA is the encrypted value of the message M in modulo arithmetic using HA_{K _ pub}. It is presumed that the MN is authentic to generate its signing key with the public keys of HAs known by MNs. $2 . HA \to MN : B_{rep}, {MN}_{Tmp}, {ETR}_{HA - MN}, HoA,$ where, $\begin{matrix} {ETR}_{HA - MN} = (S^{2} mod ({MN}_{K_p ub})) {(- 1)}^{S 0} \sum^{S 1} \\ mod ({MN}_{K_p ub}) \\ S = CoA, HoA, {MN}_{Tmp}, {new_N once}_{MN}, \\ OAE [{new_N once}_{MN}, {Nonce}_{HA}] \\ S 0 = S (mod 2) \\ S 1 = (1 / 2) [1 - (S / N)] \end{matrix}$

In the second step, HA sends a BA message to the MN by verifying the updated value of CoA. Note that, CoA is entrusted only if the decrypted value of OAE [Nonce_MN, Nonce_HA] in the message M is verified by using the private key of HA. Upon receiving the packet from MN, HA checks the validity of CoA by recalculating the hash value with the parameters Nonce_MN, Nonce_HA, CoA, and HA_{k _ pub}. If the values are found to be matching, then the BU is verified and acknowledged by the HA with the newly updated nonce (new_Nonce_MN). Here, after receiving new_Nonce_MN, MN_Sig is verified using Nonce_MN. The HA then sends BA message with the fields B_rep, MN_Tmp, ETR _HA - MN and HoA after the successful verification of signature and CoA.

4.2 The proposed binding update with CN

The route optimization emphasizes a direct message transfer between the MNs and CNs instead of adopting HA. In the proposed BU with CN (Fig. 5), MN sends a BU request with the parameters MN_Tmp, MN_Sig, ETR_MN - CN and HoA to CN. The details of signaling message are as follows, $\begin{matrix} 1 . MN \to CN : B_{req}, {MN}_{Tmp}, {MN}_{Sig}, \\ {ETR}_{MN - CN}, HoA \end{matrix}$ where, $\begin{matrix} {ETR}_{MN - CN} = T^{2} mod ({CN}_{K_p ub}) {(- 1)}^{T 0} \\ \sum^{T 1} mod ({CN}_{K_p ub}) \\ T = CoA, {MN}_{Tmp}, σ_{MN}, H [{Nonce}_{MN} | | \\ {Nonce}_{CN} | | CoA | | {CN}_{k_p ub}], OAE [{Nonce}_{MN}, \\ {Nonce}_{CN}] \\ T 0 = T (mod 2) \\ T 1 = (1 / 2) [1 - (T / N)] \end{matrix}$

Fig.5

Proposed location update with HA.

Here, the proposed BUTE is initiated with a BU message B_req, MN_Tmp, MN_Sig, ETR_MN-CN and HoA from MN to CN. The values Nonce_MN and Nonce_CN are encrypted using CN’s public key (CN_{K _ pub}) since MN has CN_{K _ pub} which is pre-shared. $2 . CN \to MN : B_{rep}, {MN}_{Tmp}, {ETR}_{CN - MN}, HoA$ where,

$\begin{matrix} {ETR}_{CN - MN} = V^{2} mod ({MN}_{K_p ub}) {(- 1)}^{V 0} \sum^{V 1} \\ mod ({MN}_{K_p ub}) \\ V = {CN}_{Tmp}, {new_N once}_{CN}, OAE [{Nonce}_{MN}, \\ {new_N once}_{CN}] \\ V 0 = V (mod 2) \\ V 1 = (1 / 2) [1 - (V / N)] \end{matrix}$

Upon receiving, the CN acknowledges the first step message. The MN’s signature (MN_Sig) is verified using the verification key. After the decryption of the random nonces, CN reverts back with a BA of its actual value for the intention of MN verifying the identity of CN avoiding false binding update attack. If the verification procedure succeeds, CN appends a new nonce (new_Nonce_CN) with V. On successful verification, the CN sends the final acknowledgement with the fields B_rep, MN_Tmp, ETR_CN-MN and HoA.

5 Security analysis

This section discusses security analysis for authentication, confidentiality, integrity, non-repudiation and prevention of attacks such as MITM, false binding update, DoS amplification, replay attack and CN’s memory saturation.

5.1 Authentication

In the proposed BUTE, the authentication between all the correspondent pairs is provided through the hash values used in OAE. The random nonces (Nonce_MN, Nonce_HA) used in OAE between the communicants (MN-HA and MN-CN) provides mutual authentication. Also, the validity of CoA indicates self-authentication of MN. Therefore, a one-way authentication is denoted by the two random numbers and the computation of nonce from the hash function. In order to attain complete mutual authentication mechanism, the encryption scheme is repeated further with two random values.

5.2 Confidentiality

The binding update and acknowledgement between MN and HA of the proposed BUTE is initially instantiated by sharing the public key of HA. Here, the MN can encrypt the message M (between MN and HA) and T (between MN and CN) containing CoA, temporary identity of the sender, hash value of random nonces and OAE fields using the known public key of HA (HA_{K _ pub}). The HA or CN (in route optimization) retrieves its nonces from OAE(Nonce_MN, Nonce_HA). It is difficult for an intruder to obtain the value of new nonce as in M and T since a twofold encryption is used during the decryption at HA (and CN).

5.3 Integrity

The communication channel disruption may occur with the motivation to alter the content of the message [22]. This leads to the tampering of the message contents sent by the communicants. However, this sort of an attack is not possible in the proposed scheme since HA/CN verifies the hash code, H [Nonce_MN|| Nonce_HA || CoA || HA_{k_pub}] and H [NonceMN || Nonce_CN || CoA || CN_{k_pub}] by recalculating them at the recipient side.

5.4 Non-repudiation

Non-repudiation constitutes with either of the communicating parties accepting their intended message without denying it. The proposed BUTE provides non-repudiation by signing (MN_Sig) the contents of the BU message between MN and HA or MN and CN. Here, the HA and CN validates the signed message from M and T with a verification key σ_MN. The authorized recipient accepts the message content without rejecting it.

5.5 Amplification attack prevention

Amplification refers to the broadcasting of messages by the adversaries. Under this attack, the attacker compiles the message of relatively smaller size and delivers as a real message with larger bytes. Thus, the recipient receives a significantly larger volume of message than the actual sent message and results in a larger amplification factor.

The amplification attack propagates its message when the recipient node CN intends to send message to the sender node MN with HA as the tertiary node. It is initiated by CN requesting MN to send additional messages to a different node. However, in the proposed BUTE, the amplification attack is mitigated as there are no BU messages propagating from CN to HA and vice versa (BA).

5.6 MITM attack prevention

A third party adversary places itself as a MITM between the pairs MN-HA and MN-CN by attaching fake sets of BUs or BAs. Compared to the link of MN-HA, route optimization scheme i.e. between MN and CN has more resistance to MITM attack as the information is directly passed to the authorized node (CN) without crossing the additional node HA.

As the proposed BUTE system protects its message contents through a dual encryption providing mutual authentication, it is virtually impossible for an intruder node to intervene between the MN and the receiver node.

5.7 False BU attack prevention

The false BU’s can be synthesized with the address being forged. The address here refers to the CoA of MN. However in BUTE, the generation of current CoA takes place by using the CGA-OAE method. Also the message attaches two values of CoA as discussed in Sections 4.1 and 4.2. Once the receiver decrypts the message, the value is compared, to guarantee the value of CoA and the details of who owns it, therefore avoiding the possibility of false binding update attack.

5.8 Replay attack prevention

Consider the case where an adversary tries to replay the message of S and V at the receiving nodes of HA and CN respectively. In the proposed BUTE, the nonce values of MN and HA/CN are generated randomly with the assumption that there is no similar value of nonce present in the BU’s.

Thus, when HA/CN receives their intended message from MN, it compares for the value of nonces by decrypting OAE[Nonce_MN, Nonce_HA/CN] with the recomputed hash. If the values of the generated nonces are found to be matching then it is accepted. Further, HA/CN checks its previously encountered nonce values with the received values. If successive nonces are to be found same, then the message is discarded since it is replayed.

5.9 CN’s memory saturation attack prevention

The CN’s memory saturation attack is generated when the opponent attacks the communication link by increasing the traffic volume. As a result, instead of receiving a single BU message, HA/CN obtains enormous number of BUs which saturates their memory with an effect of either increase in the volume of message fetched or messages being lost. However in the proposed system, it is prevented with the use of nonces since the receiving node HA/CN accepts the incoming BUs with the limitation on the number of messages by verifying the sequence number. The prevention analysis of various attacks is listed in Table 2.

Table 2
Attack prevention analysis

Attacks RRP RRP-IBE PKBU BBU Proposed BUTE

MITM Partial Yes Yes Yes Yes

Replay No Yes Yes Yes Yes

DoS amplification No No No Yes Yes

False BU Yes Partial Yes Yes Yes

CN’s memory saturation No No No No Yes

Attacks	RRP	RRP-IBE	PKBU	BBU	Proposed BUTE
MITM	Partial	Yes	Yes	Yes	Yes
Replay	No	Yes	Yes	Yes	Yes
DoS amplification	No	No	No	Yes	Yes
False BU	Yes	Partial	Yes	Yes	Yes
CN’s memory saturation	No	No	No	No	Yes

6 Formal validation using AVISPA

The current section discusses the validation of the proposed BUTE using the security protocol analyzer, known as Automated Validation of Internet Security Protocol and Application (AVISPA) [23]. The AVISPA is a user interface tool for the validation of security protocols and their properties. It uses a modular and high level expressive formal language, known as High Level Protocol Specification Language (HLPSL) for specifying the security properties [24]. The HLPSL is a role based specification language described with a finite state machine model. Its equivalent code is converted to an intermediate format (IF) using the translator HLPSL2IF.

The AVISPA integrates four back ends OFMC (On-the-fly Model-Checker), CL-AtSe (Constraint-Logic-based Attack Searcher), SATMC (SAT-based Model-Checker), TA4SP (Tree Automata based Automatic Approximations for Security Analysis Protocols) that employ a variety of automated analysis techniques on various attacks. The IF code validates all the transition heuristics and its specifications can be either of typed or un-typed variant. The tool yields an abstract based verification for different role definitions written in HLPSL. Figure 6 shows a role definition for MN. In the proposed BUTE, the initial transition starts with 0 and follows from 1 to 4 stating the role commands for each of the protocol steps as mentioned in Section 4. The proposed BUTE is translated to IF and is traced for the OFMC and CL-AtSe back-ends results in AVISPA.

Fig.6

Role specification for MN in AVISPA.

The role is an independent process having a defined name along with local declarations and receives information through the parameters. The agents are represented by the parameters and play roles such as transition, changing states etc. The role may have several declarations like local, constant, initializations, accept and intruder knowledge declarations. The term played_by connects the role and the agent that plays the role. The player gains the knowledge through the parameters and the local declarations defined in the role. The init section represents theinitialization of variables or constants using simple assignments. In Fig. 6, the declaration of the variables is provided inside the role definition.

It states that A and B are agents; defines the hash function, public keys, messages to be shared along with the channel. Further, it describes the player who plays the role with the detailed information of the initial state and the transition states. Here, the initial state is assigned a value 0 followed by the description of the transition steps. The MN is authenticated to generate its signing key with the public key of HA known by MN. HA checks the validity of CoA by recalculating the hash value with the parameters. If the values are found to be matching, then the BU is verified and acknowledged by the HA. Consequently, HA sends BA to the MN.

The validation results of the proposed BUTE are shown in Figs. 7 and 8. From the OFMC results, it is found to be safe from attacks. The proposed BUTE is executed for a bounded number of sessions with a search time of 0.02 seconds, number of visited nodes as 7 and a depth search of 4 plies. From the CL-AtSe results (Fig. 8), it is observed that the BUTE is safe from attacks. Here, the protocol executes with a 21 analyzed and 10 reachable states.

Fig.7

OFMC back-end results in AVISPA.

Fig.8

CL-AtSe back-end results in AVISPA.

7 Performance evaluation

The current section discusses the performance of the proposed BUTE scheme with the existing schemes in terms of communication payload, message transmission time and overall latency of binding update messages. The proposed BUTE is simulated using network simulator-2 (NS-2) [25] and the experimental results are discussed in the next sub-sections.

7.1 Simulation set-up

The proposed work is simulated by using NS-2 tool. The NS-2 is a discrete event simulator directed for exploring communication flows in networking. The topology of the proposed scheme is based on wired cum wireless architecture. It consists of the three different networks for home network, visited network for mobility based nodes and correspondent network. The instance of the node movement is recorded with respect to the simulation time. The simulation time is assessed from one occurrence to the other based on the event scheduler. Each network has 450 nodes and the time required to discover a router is 100 ms. In the wired network, bit rate is set as 100 Mbps and the propagation time is considered as 0.5 ms. The bit rate in case of wireless network connection in our simulation is 2 Mbps. The propagation time in wireless network is considered as 2 ms, which is higher in comparison to the wired network. In the simulation, the mobility model is designed with the system parameters [26, 27] as shown Table 3.

Table 3
System parameters

Processing time in MN, HA, CN 0.5 ms

Propagation time in wireless network 2 ms

Bit rate in wireless network 2 Mbps

Handoff delay of link switching 50 ms

Time required for router discovery 100 ms

Propagation time in wired network 0.5 ms

Bit rate in wired network 100 Mbps

Number of nodes in each network 450 nodes

7.2 Message size and Communication payload

The variables used in the performance evaluation are listed in Table 4. The communication payload is defined as the overall cost required during the binding update in the communication link. In the proposed BUTE, the message size of BU and BA between MN and HA is 128 + 128 + 16 + 16 = 288 bytes and 128 + 16 + 16 = 160 bytes respectively; the message size for binding request and binding reply between MN and CN is 128 + 128 + 32 + 32 = 320 bytes and 128 + 32 + 32 = 192 bytes respectively.

The total communication payload for a single BU/BA of the proposed BUTE is estimated as follows. $\begin{matrix} CPBU & = & CP_a ddr + CP_h ash + CP_e nc + CP_s ig \\ CPBA & = & CP_a ddr + CP_h ash + CP_e nc \end{matrix}$

Table 4
Variables used for performance evaluation

Variables Description

C_p Communication payload

PL_avg Payload average

C_{P _ pair} Payload for pairing operations

C_{P _ addr} Payload for address calculation

C_{P _ hash} Payload for cryptographic hash operation

C_{P _ enc} Payload for encryption operation

C_{P _ sig} Payload for signature generation and verification operations

C_PBU, C_PBA Cost for a single BU/BA

L_BU Overall latency of BU message

T_{Msg _ tr} Message transmission time

Variables	Description
C_p	Communication payload
PL_avg	Payload average
C_{P _ pair}	Payload for pairing operations
C_{P _ addr}	Payload for address calculation
C_{P _ hash}	Payload for cryptographic hash operation
C_{P _ enc}	Payload for encryption operation
C_{P _ sig}	Payload for signature generation and verification operations
C_PBU, C_PBA	Cost for a single BU/BA
L_BU	Overall latency of BU message
T_{Msg _ tr}	Message transmission time

The total cost and the number of cryptographic hash operations required for various BU schemes with the proposed scheme are listed in Table 5. It is noted that the communication payload of BUTE requires only two encryptions and two hash functions [28]. The RRP scheme faces the maximum message overhead in addition to four encryptions and four hash functions resulting in the higher value of total communication payload. The PKBU and RRP-IBE shares the same number of hash operations but the PKBU shows less message overhead. Although the messaging overhead is same for BBU and BUTE; the proposed one takes lesser hash function computation. Finally, the proposed BUTE relatively requires a less communication payload compared to all other schemes. The average of communication payload for BU and BA are defined as the ratio of total cost and the maximum bit rate and they are denoted as follows, $\begin{matrix} {PL}_{avg - BU} & = & \frac{(\sum (C_{PBU} * number of messages))}{Maximum bit rate} \\ {PL}_{avg - BA} & = & \frac{(\sum (C_{PBA} * number of messages))}{Maximum bit rate} \end{matrix}$

Table 5

Total cost, cryptographic hash operations and number of messages

BU Schemes	Total cost	#Hash functions	#msgs
RRP	4 C_{P _ enc} + 4 C_{P _ pair}	–	8
RRP-IBE	2 C_{P _ enc} + 4 XOR	2	7
PKBU	2 C_{P _ enc} + 2 C_{P _ hash}	2	5
BBU	3 C_{P _ hash} + C_{P _ enc}	4	4
BUTE	2 C_{P _ enc} + 2 C_{P _ hash}	2	4

Where maximum bit rate is the maximum number of bits transmitted per second. Accordingly, the average communication payload is estimated and represented in Fig. 9 (a) and (b) that shows the total communication payload required during the BU communication between existing and proposed schemes. The RRP and RRP-IBE consumes higher communication payload as compared to other schemes for both BU and BA. The BBU shows higher overhead in MN-HA as compared to MN- CN BUs but in case of BA, it consumes less overhead in HA-MN communication. The proposed scheme provides less communication payload in comparison to the other schemes and it is comparable in nature between MN-HA and MN-CN links.

Fig.9

Communication payload (in bytes) between (a) MN-HA (b) MN-CN.

7.3 Message transmission time

Any binding message on a send/receive request requires latency for its processing. Also, the propagation time on the wired/wireless links through which the message is being processed is an additional cost to be measured during the message transmission. The computation of message transmission time between the pairs MN-HA and MN-CN for the proposed BUTE is as follows, $\begin{matrix} T_{Msg_t r} & = & \frac{(\sum (message size of BU and BA))}{(Bit rate in wired and wireless links)} \\ = & \sum CP / Bit rate in wired and wireless links \end{matrix}$

Accordingly for a BU message, the message transmission time is estimated as follows, $T_{Msg_t r} = (\sum C_{PBU}) / Bit rate$

For a BA message, $T_{Msg_t r} = (\sum CPBA) / Bit rate$

Figure 10 exhibits the total message transmission time required for BU and BA operations along with the number of messages transmitted. The transmission time for the messaging increases as the number of BU messages increments. The rise in the transmission time is more in case of MN- HA in comparison to MN-CN. Therefore, it can be noted that the MN-CN communication has less transmission time overhead with the increase in BUs.

Fig.10

Message transmission time (in ms) vs Number of messages.

Figure 11 shows the average message transmission time of BU and BA between the links MN-HA and MN-CN respectively. It is noted that the binding update between MN and HA in terms of message transmission time reduces up to 48.87 percent. Subsequently between MN and CN, the proposed BUTE shows a reduction of 22.65 percent approximately. Here, the RRP shows the highest average message transmission time of BU and BA between the links MN-HA and MN-CN. The RRP-IBE has less time overhead of BU and BA in MN-HA link as compared to MN-CN link. It consumes almost the same message transmission time in BA of CN-MN link along with PKBU scheme but takes higher value in case of HA-MN link. In MN-CN, the average message transmission time of BBU scheme is less than the other schemes but more than the proposed scheme. Moreover, it consumes highest message transmission time for BA. The proposed scheme performs better in comparison to other schemes. It consumes least message transmission time for BU and BA in both the links.

Fig.11

Message transmission time (in ms) between (a) MN-HA (b) MN-CN.

7.4 Latency of binding update

The latency of BU is measured as the average amount of time required to transmit the BU message from MN to HA or CN. The latency of BU is computed as follows, $\begin{matrix} LBU & = & processing time + propagation time \\ + message transmission time . \end{matrix}$

Figure 12 shows the comparison of latency of the BU message of various schemes with the proposed scheme. The RRP scheme suffers with the highest BU latency in both the cases between the pairs MN-HA and MN-CN. The RRP-IBE and PKBU has similar BU latency in MN-HA, however BA latency from HA to MN in RRP-IBE is more as compared to PKBU. The BBU has lesser latency and it is analogous in both the messages BU and BA. In MN-CN updates, the latency of BU and BA is comparable in RRP-IBE and PKBU. The BU latency of BBU is also equal as the PKBU but BA latency is lesser. The proposed scheme has the least latency in both the cases as compared to other schemes.

Fig.12

Latency for BU message between (a) MN-HA (b) MN-CN.

Figure 13 shows that the RRP requires the maximum latency for transmitting BU and BA between MN-HA and MN-CN. But, the schemes RRP-IBE and PKBU represent almost similar BU latency in both the cases. The BA latency is comparable in RRP, RRP-IBE, PKBU and BBU schemes between MN-CN. The BBU shows lesser latency than the rest of the mentioned schemes but more than the proposed BUTE. The proposed scheme reduces the overall latency even when the number of messages is compared with those in other schemes.

Fig.13

Latency with number of messages vs. BU scheme between (a) MN-HA (b) MN-CN.

8 Conclusion

In this paper, a new location update using twofold encryption for IPv6 mobility is proposed to protect the signaling messages between the pairs of the MN-HA and MN-CN. The proposed BUTE incorporates dual encryption methodology using the optimal asymmetric encryption and a probabilistic approach. Here, the CoA generated using CGA method is concealed to an extent using the message padding technique of OAE. The mutual authentication between the communicants of the proposed BUTE is also achieved. From the perspective of security threats, the proposed BUTE ensures protection from all possible attacks such as MITM attack, replay attack, DoS attack and false BU attack. The security properties are also formally validated by using AVISPA and the results demonstrate that no revealed attacks were detected. Finally, the proposed BUTE significantly reduces the communication cost and latency. For future work, the BU of IPv6 mobility can be considered to support route optimization in distributed domains.

References

Akyildiz

I.F.

, Xie

and Mohanty

, A survey of mobility management in next-generation all-IP-based wireless systems, Wireless Communications, IEEE11(4) (2004), 16–28.

Rana

M.K.

, Sardar

, Mandal

and Saha

, Implementation and performance evaluation of a mobile IPv6 (MIPv6) simulation model for ns-3, Simulation Modelling Practice and Theory72 (2017), 1–22.

Guan

, You

, Xu

, Zhou

and Zhang

, Survey on route optimization schemes for proxy mobile IPv6, In Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Sixth International Conference on, IEEE (2012), (pp. 541–546).

Al-Surmi

, Othman

and Ali

B.M.

, Mobility management for IP-based next generation mobile networks: Review, challenge and perspective, Journal of Network and Computer Applications35(1) (2012), 295–315.

Cominardi

, Giust

, Bernardos

C.J.

and De La Oliva

, Distributed mobility management solutions for next mobile network architectures, Comp Networks121 (2017), 124–136.

Aura

and Roe

, Designing the mobile IPv6 security protocol, In Annales des telecommunications, Springer-Verlag61(3-4) (2006), 332–356.

Alsalihy

W.A.A.

and Alsayfi

M.S.S.

, Integrating identity-based encryption in the return routability protocol to enhance signal security in mobile IPv6, Wireless Personal Communications68(3) (2013), 655–669.

Modares

, Salleh

, Moravejosharieh

and Malakootikhah

, Securing binding update in mobile IPv6 using private key base binding update protocol, arXiv preprint arXiv:1206.6170 (2012).

Slezak

and Gelogo

Y.E.

, Securing IP Multimedia Subsystem with the appropriate security gateway and IPSec tunneling, Journal of Security Engg8(3) (2011), 6.

10.

Yeh

L.Y.

, Yang

C.C.

, Chang

J.G.

and Tsai

Y.L.

, A secure and efficient batch binding update scheme for route optimization of nested NEtwork MObility (NEMO) in VANETs, Journal of Network and Computer Appls36(1) (2013), 284–292.

11.

Mathi

S.K.

and Valarmathi

M.L.

, A secure and efficient binding update scheme with decentralized design for next generation IP mobility, In Artificial Intelligence and Evolutionary Algorithms in Engineering Systems, Springer, India, 2015, pp. 423–431.

12.

Mathi

and Anbarasi

P.N.

, A secure and efficient location update scheme for next generation proxy mobile IP in Distributed Environment, Procedia Comp Sci57 (2015), 942–951.

13.

Anbarasi

P.N.

and Mathi

, A tokenized binding update scheme for next generation proxy IP mobility, In Artificial Intelligence and Evolutionary Computations in Engineering Systems,, Springer, India, 2016, pp. 193–207.

14.

Modares

, Moravejosharieh

, Lloret

and Salleh

, A survey of secure protocols in mobile IPv6, Journal of Network and Computer Applications39 (2014), 351–368.

15.

Dong

and Kuinam

, Improved authentication of binding update protocol in mobile IPv6 networks, Wireless Personal Communications94(3) (2017), 351–367.

16.

Mohammed

A.A.

, Elbashir

M.K.

, Ahmed

A.M.

and Ali

M.M.

, Enhancement of seamless mobility in nested network mobility, In Communication, Control, Computing and Electronics Engineering (ICCCCEE), 2017 International Conference on, IEEE (2017), (pp. 1–5).

17.

Fujisaki

, Okamoto

, Pointcheval

and Stern

, RSA-OAEP is secure under the RSA assumption, Journal of Cryptology17(2) (2004), 81–104.

18.

Shoup

, OAEP reconsidered, Journal of Cryptology15(4) (2002), 223–249.

19.

Qadir

and Siddiqi

M.U.

, Cryptographically generated addresses (CGAs): A survey and an analysis of performance for use in mobile environment, IJCSNS Int J Comput Sci Netw Secur11(2) (2011), 24–31.

20.

Liu

and Li

, A novel key exchange protocol based on RSA-OAEP. In Advanced Communication Technology. ICACT 2008, 10th International Conference on3(2008), 1641–1643. IEEE.

21.

Elia

, Piva

and Schipani

, The Rabin cryptosystem revisited, Applicable Algebra in Engineering, Communication and Computing26(3) (2011), 251–275.

22.

Shyamala

C.K.

and Sharanya

R.R.

, Adversarial effect in distributed storage systems, Indian Journal of Science and Technology9(30) (2016).

23.

Armando

, Basin

, Boichut

, Chevalier

, Compagna

, Cuéllar

and Vigneron

, The AVISPA tool for the automated validation of internet security protocols and applications, In Computer Aided Verification, Springer, Berlin, Heidelberg (2005), pp. 281–285.

24.

Vigano

, Automated security protocol analysis with the AVISPA tool, Electronic Notes in Theoretical Computer Science155 (2006), 61–86.

25.

Singh

, Dua

R.L.

and Mathur

, Network simulator NS2-2.35, International Journal of Advanced Research in Computer Science and Software Engineering2(5) (2012), 24–228.

26.

Carmona-Murillo

, Cortés-Polo

, Calle-Cancho

, González-Sánchez

J.L.

and Rodríguez-Pérez

F.J.

, Analytical and experimental evaluation of handovers in IPv6 mobility management protocols, Network Protocols and Algorithms8(1) (2016), 104–125.

27.

Argyroudis

P.G.

, Verma

, Tewari

and Mahony

D.O.

, Performance analysis of cryptographic protocols on handheld devices, In Network Computing and Applications, 2004. Proceedings. Third IEEE International Symposium on, IEEE (2004), pp. 169–174.

28.

Dai

, Crypto++–A Free C++ Library for Cryptography, Version 5.2.1. (2005).

Processing time in MN, HA, CN	0.5 ms
Propagation time in wireless network	2 ms
Bit rate in wireless network	2 Mbps
Handoff delay of link switching	50 ms
Time required for router discovery	100 ms
Propagation time in wired network	0.5 ms
Bit rate in wired network	100 Mbps
Number of nodes in each network	450 nodes