Enhancing the Security of SIGMA by IPSec

IPSec has been designed to provide an interoperable security architecture for IPv4 and IPv6. It is based on cryptography at the network layer, and provides security services at the IP layer by allowing endpoints to select the required security protocols, determine the algorithms to use, and exchange cryptographic keys required to provide the requested services. The IPSec protocol suite consists of two security protocols, namely Authentication Header (AH) and Encapsulating Security Payload (ESP). ESP provides data integrity, authentication, and secrecy services, while the AH is less complicated and thus only provides the first two services. The protocol stack, when IPSec is used with a transport protocol (SCTP in our case), is shown in Fig. 11.

SIGMA is based on dynamic address reconfiguration, which makes the association vulnerable to be hijacked, also called traffic redirection attack. An attacker claims that its IP address should be added into an established association between MH and CN, and further packets sent from CN should be directed to this IP address. Another kind of security risk is introduced by dynamic DNS update. An attacker can send a bogus location update to the location manager, resulting in all future association setup messages being sent to illegal IP addresses. The extra security risk introduced by SIGMA gives rise to the authentication problem: CN and LM need to determine whether the MH initiated the handover process. Since both AH and ESP support authentication, in general, we can

Figure 12: Interoperability between SIGMA and IPSec.

choose either of them for securing SIGMA. ESP has to be used if data confidentiality is required. Assume that we are only concerned with authentication of MH by CN and LM to prevent redirection attack and association hi-jacking. In this case, AH can be used as shown in Fig. 12. All address reconfiguration messages and location updates sent to CN and LM should be protected by IPSec AH header.

+1 0

Post a comment