Issues Related to Mobile IP Security and Their Solutions

Wireless communication ―has witnessed a growth number of users in the recent years; one of the main advantages of wireless technology is mobility, which allow mobile users to move from one network to another and maintaining their permanent IP address. This keeps transportation and high level connections while moving. Mobile IP is a standard convention built up by the Internet Engineering Task Force "IETF", to give a productive and adaptable system for portable hubs inside the internet. Mobile IP environments mostly exist in wireless networks where users need to carry their devices across several networks with different IP address. Mobile IP is built on the IP protocol for internet infrastructure. As Mobile IP is a layer 3 solution for IP mobility, it will suffer from security problem in the same way as IP. As such the issue of securing Mobile IP has become the most significant point with increasing demand on Mobile IP. The main goal of network security is to provide confidentiality, availability and integrity for data communication. In general confidentiality protects data so that it is not disclosed from unauthorized persons. The need for continuous correspondence when the cell phone moves starting with one area then onto the next requires the another innovation. This kind of communication can be efficiently implemented using Mobile IP. Mobile IP, which is an extension to standard Internet Protocol proposed by the Internet Engineering Task Force(IETF). The fundamental factors that impact the requirement for Mobile IP are:- • Mobility Support, expanded number of portable clients. • Standardization, utilizes the current IP Protocol • Inter-Operability, can be utilized across various specialist organizations • Alternative Technologies, absence of appropriate choices other than Mobile IP • IPv4 Availability, restricted accessibility of IPv4 address requires the requirement for Mobile IP Mobile IP could be stretched out to include all the innovations for consistent portability if the accompanying issues are settled. These are • Security Issues • Triangulation Problems • Reliability Issues • Latency Issues

Wireless communication has seen a development number of clients in the ongoing years, one of the principle points of interest of remote innovation is portability, which permit versatile clients to move starting with one organization then onto the next while keeping up their lasting IP address. This keeps transportation and significant level associations while moving. Mobile IP is a standard convention built up by the Internet Engineering Task Force "IETF", to give a proficient and adaptable component for portable hubs inside the internet. Mobile IP environments mostly exist in wireless networks where users need to carry their devices across several networks with different IP address.

Mobile IP has the following elements and entities that are required for optimum functionality.

A moving internet connected device on which the location and point of attachment to the internet can be changed while keeping ongoing communication without interruption using its home fixed address. This kind of device is usually IP phone, laptop computer or router.

An IP address assigned to Mobile device within the network for extended period of time.

HOME AGENT (HA)

It tracks the mobile device location (care of address), intercept and tunnels packets to the mobile device when it is away from home, and maintains current location information for the mobile device.

The network within which a device identifies as its home IP address. The IP routing mechanism will

A router on the mobile device‘s visited network. It provides the care-of-address to the mobile device and routing service to the mobile device whilst registered and acts as a default router for datagram generated by the mobile device. The foreign agent de-capsulates and delivers datagram to the mobile device that are encapsulated by the mobile device‘s home agent

Any network other than the mobile device‘s home network, on which the mobile device can operate successfully when away from its home network.

A temporary IP address assigned to a mobile device while it is away from home network.

A gadget that sends or gets parcels to or from the cell phone; the journalist gadget might be another cell phone or a non-versatile web gadget. A cell phone may have two locations, a perpetual street number and a consideration of address (CoA). A consideration of address is an impermanent IP address that recognizes a cell phone's present purpose of connection to the web and permits it to associate from various areas by keeping its home address. When a mobile device is leaving its home network and connects to any foreign network, it is assigned a care-of address. This may be a ―foreign agent care-of address‖ which is a static address of a foreign agent with which the mobile device is registered, and a ―co-located care-of address‖ which is a brief IP address alloted to the cell phone. A co-found consideration of address is appointed by Dynamic Host Configuration Protocol (DHCP), Point – to Point IP control convention (PPP), or manual setup.

(IP embodiment) is a strategy that typifies IP datagrams inside IP datagrams. GRE is a strategy that permits datagrams to be typified into IP bundles and afterward diverted to a transitional host. At this middle objective, the datagrams are decapsulated and afterward steered to the following leg. In doing as such, the excursion to the middle of the road have appears to the inward datagrams as one bounce. The overall framework of GRE can be found in RFC 1701. Active datagrams are embodied by an IP header of convention type 47, and a GRE header indicating the sort of the typified datagram (as of now just IP). This mode is depicted in RFC 1702. It's likewise the default mode on Cisco switches.

Otgoing IP datagrams are embodied by a littler header, and the first IP header is adjusted. This mode is portrayed in RFC 2004. For the Mobile IP to work viably the three significant elements that are to be changed are portable hub, home operator and unfamiliar specialist when the versatile hub utilizes unfamiliar specialist care-of-address. Whenever assembled care-of-address is utilized, at that point home specialist is separated from everyone else adjusted. It is liked to have Foreign Agent sort of care-of-address in IPv4 on account of its restricted location space.

As shown in the figure 2 when the mobile node moves from its Home Network, it has to get connected to a Foreign network. The first is by choosing an operator from among those intermittently publicized, and the second is by conveying an occasional sales until it gets a reaction from a versatility specialist. The portable hub in this manner gets its consideration of-address which might be progressively appointed or connected with its unfamiliar specialist. In the wake of accepting the consideration of-address, the versatile hub needs to enroll this location with the home specialist. As the reporter hub sends parcels to the portable hub, the bundles are will be sent to the home organization. On the gathering of the parcels, the Home Agent epitomizes these bundles inside another address and the objective IP address as Foreign Agent care-of-address and advances it to the Foreign Agent. Utilizing arranged consideration of-address, the Foreign Agent is liable for un-marshaling the burrowed parcels and sending it to the bundles from the versatile hub to reporter hub and to the home operator. Then again, with unfamiliar specialist care-of-address, the portable hub is straightforwardly associated with the unfamiliar organization and henceforth discusses legitimately with the home operator.

Though the growth of Mobile IP was slow compared to the Wireless LAN, the need for Mobile IP is increasing rapidly. The various factors that influence the implementation of mobile IP which are discussed as under :-

The guage number of cell phones in the year 2018. The estimated number of cell phones is anticipated to go up by 314% for the year 2018. This expansion thus means expanded number of cell phones and consequently expanded requirement for portability uphold. This would be one of the most convincing explanations behind the organization of Mobile IP.

The way the Internet Protocol, the convention that associates the organizations of the present Internet, courses parcels to their objections as per IP addresses. All the gadgets as laptop Desktops, PDAs, iPhones are completely appointed an IP address. Versatile IP likewise utilizes the standard TCP/IP convention suite. So any gadget that upholds IP can likewise uphold Mobile IP. Portable IP doesn't drop the organization prefix of the IP address of the hub, which is basic to the correct directing of parcels all through the Internet. There are several advantages of using TCP/IP stack in Mobile IP.

If there is a failure in a particular sub-network, then it is still possible to establish the connection with the remaining networks.

It is possible to add more access points without changing the existing design.

The standard TCP/IP protocol is platform independent and hence this makes it possible for

There is a great reduction in cost because maintenance becomes simpler and any error handling can be performed easily. Also modifications in the existing network can be implemented without much overhead in cost.

There are various service providers available and with different network connections. With a heterogeneous network there is need for a standard protocol to be used with all these providers for an effective communication. This scenario can be explained better with the mobile phone services. For mobile phones there are various service providers available and also there is a need for connecting the call from one service to another service. Mobile IP allows this kind of interoperability to provide a good communication between all the nodes that are connected to different networks across the world.

So as to help versatile correspondence without detaching from the organization there are just two potential arrangements that are accessible separated from Mobile IP. These are:- 1. The hub must change its IP address at whatever point it changes its place of connection, and 2. Host-explicit courses must be engendered all through a great part of the Internet directing texture. These alternatives are not widely accepted because in the first method it is not possible to maintain the connection in transport layer and higher layers of the convention suite and in the second technique there will be adaptability issues with increment in the quantity of remote gadgets. In this way Mobile IP would end up being the handy solution at any rate in the following decade for giving consistent portability backing to the end-clients.

Similarly as IPv4 has gotten the accepted norm for organized correspondence, the expense of installing generous figuring power into handheld gadgets has plunged. Thus, the utilizing a transitory IP for portable correspondence utilizes comprehensive number of IPv4 addresses.

Security problems are considered when registering to the home agent. The trustworthiness of the enrollment messages is ensured by a pre-shared 128-bit key the annexed MHAE, which is compulsory. Portable IP likewise underpins the hash-based message confirmation code (HMACMD5). The collector looks at the authenticator esteem it processes over the message with the incentive in the expansion to confirm the validness. Alternatively, the Mobile-Foreign Authentication Extension and Foreign-Home Authentication Extension are affixed to secure message trades between a Mobile Node and Foreign Agent and between a Foreign Agent and Home Agent, respectively.

The natural solution to overcome some of the limitations of the original IP addressing scheme is called Mobile IP. The home network address (primary address) is never changed. This address is always used by applications and transport protocols. The address at the foreign network (secondary address) is temporary; it changes as the computer moves and is only valid at the specific foreign network.

Security is one of the most challenging tasks in mobile IP network. Mobile IP allows mobile users to change their network attachment frequently without losing their connection, which gives many advantages to users. However, the mobility of communication devices and characteristics of the wireless channel introduce many security issues.The common security threats that face mobile IP networks as well as the method and suggestion to improve the security performance of mobile IP are discussed as under:-

This kind of attack usually takes the following steps: 1. By sending a large number of requests over the internet. These many requests make the target device to run below the optimum speeds till it become unavailable. 2. The other way is to intercept the communication between two devices on the network directly. In the case of Mobile IP, the denial of service attack happens once the attacker starts to manipulate the registration of a care of address for particular mobile device, figure 4 illustrated Denial of Service‘s manipulated registrations.

In this kind of attack, the attacker generally needs to be in the middle between the two corresponding hosts in order to cut off their traffic. With a Mobile IP network, the attacker can attack the network from anywhere, if a mobile device is connected on the foreign network, it is mandatory to use the registration technique to illuminate its home operator regarding its present consideration of address to which home specialist will capture and passage all the traffic bound to the cell phone's street number. So the aggressor can create a controlled register demand message announcing with its own IP address as the consideration of address for a cell phone to the home specialist. So all traffic communicated to the Mobile gadget goes to the assailant. In order to protect the Mobile network from this kind of attacks, strong authentications are required in all registration traffic trade by a cell phone and its home IP specialist. Confirmation instrument guarantees that that traffic is heading off to the cell phone that ought to get it, not any other individual. Portable IP permits a cell phone and home specialist to utilize and concur with any validation calculations they concurred. However, all implementation of mobile IP supports the default algorithm MD5 which can provide the strong authentication that is needed.

Passive Eavesdropping is type of a theft of information attack. An inactive snoopping assault happens when an assailant begin to tune in to the traffic that is moved between cell phone and its home operator. The assailant in inactive snooping needs to admittance to the traffic all together this to occur; this can occur in various ways. An aggressor can gain admittance to an organize and associate a host to the organization. In the event of a common Ethernet, all traffic on a similar section might be a survivor of listening in. Once in a while a criminal can get bundles communicated by radio signs in the event that he is sufficiently close to the remote organization. utilize encryption strategy to encode all continuous traffic data. This should be possible in a few different ways. Traffic ought to be scrambled on the unfamiliar connection, so the aggressor can't disentangle and comprehend the code text and listening in can no longer occur on the unfamiliar connection. Although, the traffic still might be a victim of eavesdropping on the rest of end to end connection. The best solution would be to use the end to end encryption method on all traffic, this makes eavesdropping attacks impossible.

Utilizing Authentication, a cell phone can forestall the forswearing of administration assault as referenced in past area. However it cannot protect mobile devices from a reply attack, because the attacker can have a copy of the valid registration request message, buffer it, and then reply it later on by registering a manipulated care-of address for the mobile device. To prevent this kind of attack, the mobile device has to generate a unique value for identification field of each successful attempt of registration. Mobile IP defines two ways to set identification field. The first uses timestamp, where the cell phone utilizes a gauge date and season of day in the distinguishing proof field. The subsequent strategy utilizes an irregular number. In this strategy, the cell phone and home specialist pronounce the worth which is entered in the recognizable proof field as needs be. A message will be rejected if either device receives a registration message with identification field that not match the expected value and this message will be ignored in the case of the mobile device.

Session Stealing is a kind of burglary of data assaults equivalent to uninvolved snoopping, yet in various advances: • The aggressor trusts that the cell phone will verify and enroll with its home operator and starts application meetings. • The aggressor listens in on the cell phone to check whether any intriguing discussion traffic comes through. • The assailant at that point floods the cell phone with vindictive parcels. • The assailant takes the meeting by capturing the bundle that is heading off to the cell phone then the aggressor send their own parcels that seem to have originated from the cell phone. The security against meeting taking is equivalent to aloof listening in by furnishing start to finish encryption with validation.

The passage to the home organization or unfamiliar organization might be utilized to conceal malignant parcels and get them to go through the firewall. As registration method is a key role of Mobile IP, Mobile IP has some basic security solutions. Mobile IP requires authentication for registration methods between the mobile device and the home agent. Moreover, Mobile IP uses identification fields and timestamp to protect registration from any attacks.

In order to secure the protocol, two approaches can be used.

Weak levels of security may be used between users in environment such as ―campus‖, since these services are not high added value or not primarily of commercial nature. A protection against manipulated attempts could be: • Home Agent assures the care-of address of mobile device is correct, because the allowed care-of address relates to a well-known IP address. • The mobile device in the foreign network has to authenticate bindings. • When a mobile device attaches to the foreign network, it sends a registration request with password to the home agent.

The weak security approach that was discussed in the previous section is notsuitable anymore. Both now have to agree on a stronger level of security policy where mobile IP authenticates any binding message or authenticates information received about a mobile device. Trusted servers and private and public keys are used, but they slow down the operation.

The main purpose of using tunneling techniques instead of source routing is that tunneling relates to fewer security threats. Attacker can use a manipulated manipulated care of address. So the mobile device is disconnected from communicating with his correspondent node. This issue can be solved by proper use of authentication.

Route optimization to mobile IP has been recently proposed, allowing the home agent to inform the correspondent node with the mobile device‘s care of address. However the main issue with route optimization is security. A network administrator configures a secret key to authenticate between the mobile device and its correspondent node, but with a large numbers of mobile devices. In the case of triangle routing, it‘s conceivable to configure a key between mobile device and its home agent.

The firewall screens the traffic experiencing the organization and chooses the premise of characterized rules whether certain parcels are permitted through or not. In this manner it attempts to forestall unapproved access. Typically, a firewall can‘t prevent the exploitation of vulnerability in the network service if the communication partner can access it. There are several kinds of firewall, mainly in the following three categories:

• PACKET FILTERING

It is the oldest network filtering device, introduced on routers. The simple filtering data packet uses the network addresses as basic function of the firewall. It looks at each packet independently and compares it to a list of preconfigured rules. The issue with packet filtering is that it is hard to configure correctly and they cannot keep private IP address invisible to public IP addresses.

This state-full filtering is an advanced form of packet filtering. It has two main improvements over packet filtering, session table to track all connections and recognition of dynamic application. This make state-full inspection better in protect the internal network from unwanted external access.

A proxy firewall is a firewall which is based dedicated proxy and circuit level proxy recourse as filter modules. These filter modules implement rules by deciding what data is transferred to the actual communication party. In this way it tries to proxy firewall its own network (segment) to protect against unauthorized access, but can also make a conversion of the data cache of certain content, and proxy. In summary, we can say that firewalls provide good security and flexibility for mobile IP by using the firewall categories described above.

IPSec (Internet Security protocol) is defined by IETF as a framework of open standards for ensuring private correspondences over IP networks ensured by the utilization of cryptographic security administrations.

MIPv6 is a host routing protocol, developed to modify the normal routing for a specific host, as it changes the way of sending packets to the host. The binding update tells a correspondent node of the new care-of address, a correspondent node authenticate the binding update and verifies that it does not come from the manipulated node . So as to effectively confirm the update the cell phone and the journalist hub need to set up security affiliation and offer a mystery key. IPSec in transport mode is utilized between home operator and its cell phone so as to make sure about the MIPv6 message, for example, restricting update.

Mobile IP provides network mobility solution over the internet. This paper‘s study focus on the security aspect in mobile IP and provides a lot of suggestions and methods to improve security in mobile IP. In this paper we firstly described wireless network security threats and security technology, we also investigated mobile security threats and different security solutions that can be applied to Mobile IP with emphasis on IPSec to provide the security solution for Mobile IP. Mobility feature and IPSec were not built on IPv4 protocol; they were designed as an extension to IPv4 standard. Mobile IP was an extension of the IPv4 standard under the name ―Mobile IPv4‖ to support mobility. IPSec is not the only protocol that deal with securing mobile IP, there are several security protocols such as AAA protocol (Authentication, Authorization and Accounting) and Public Key Infrastructure protocol that provide strong management. With a combination of these protocols with IPSec, we get more security and protection for mobile IP. IPv6 was developed because the number of possible address entries in IPv4 is limited. The main difference between Mobile IPv4 and Mobile IPv6 is that Mobile IPv6 is not an add-on feature of IPv6, it is built into the base of IPv6 which makes it more efficient and easier to implement. Mobile IPv6 introduces different security studied in future work.

1. A. Diab and A. Mitschele-Thiel. Minimizing mobile ip handoff latency. 2. A survey on mobile ip. 3. Charles Perkins, Andrew Myles, Mobile IP, SBT/IEEE International Telecommunications Symposium , Rio De Janeiro, Brazil, 22-25 August 1994. 4. Applicability statement for ip mobility support. http://www.rfc-editor.org/rfc/rfc2005.txt. 5. Charles Perkins, The Internet Mobile Host Protocol (IMHP),Internet Draft, 6 July 1995. This draft specifies protocol enhancements that allow transparent routing of IP datagrams to mobile nodes in the Internet. 6. Charles Perkins, IP Encapsulation within IP,Internet Draft, 6 July 1995.This draft specifies a way by which an IP datagram may be encapsulated within an IP datagram. 7. Charles Perkins, Minimal Encapsulation within IP Internet Draft, 6 July 1995. 8. C. So-In, Mobile IP Survey, 2006 9. C. Perkins, ―Mobile Networking through Mobile IP‖, online tutorial, October 2002. 10. Christian Huitema, ROUTING IN THE INTERNET, Prentice Hall, 1995, 315 pp. 11. iosipconfigurationguide, release12.2 – configuring mobile ip [cisco ios software releases 12.2 mainline] – cisco systems. http://tinyurl.com/5mpj6w. 12. C. Perkins. Mobile networking through mobile ip. Internet Computing, IEEE, 2(1):58–69, 1998. 13. David Johnson and Charles Perkins, Route Optimisation in Mobile IP,Internet Draft, 6 July 1995.This draft specifies extensions to the operations of the base Mobile IP protocol to allow for optimal routing of datagrams from a correspondent node to a mobile node. 14. Fred Simonds, ―Network security: data and voice communications‖ New York, McGraw-Hill, 1996. 16. Habib, A., Hafeeda, M.H, and Bhargava, B.,―Detecting Service Violation and DoS Attacks‖, In Proc. of Network and Distributed System Security Symposium (NDSS), 2003. 17. H. Hansen, ―IPSec and Mobile IP in Mobile Ad Hoc Networking ―, Helsinki University of Technology, April 2000. 18. Introduction to mobile ip. http://www.hpl.hp.com/personal/Jean Tourrilhes/MobileIP/ppal.html. 19. Introduction to mobile ip [ip tunneling] - cisco systems. http://tinyurl.com/5z9xpk. 20. J. Redi and P. Bahl. Mobile ip:a solution for transparent seamless mobile computer communications. In Report on Upcoming Trends in Mobile Computing and Communications. 21. Jim Binkley, John Richardson: Security Considerations for Mobility and Firewalls, Internet Draft, November 1998. 22. Jian Hui Wang. ―Security in Mobile IP‖ Concordia University, Canada. 23. John K. Zao, Matt Condell: Use of IPSec in Mobile IP, Internet Draft, November 24. John K. Zao, Matt Condell ―Use of IPSec in Mobile IP‖, November 1997. 25. Johnson, D., Perkins, C. Mobility Support in IPv6. Internet Engineering Task Force, draftietf- mobileip-ipv6-16, March 2002. 152 pages 26. Jim Binkley, John Richardson: Security Considerations for Mobility and Firewalls, Internet Draft, November 1998 27. Jon Postel, Internet Protocol, RFC 791,September 1981. 28. Matthias Hollick, ―The Evolution of Mobile IP Towards Security‖, German National Research Center for Information Technology Institute IPSI, 2000. 29. Mobile ip - wikipedia, the free encyclopedia. 30. Rfc 3344 - ip mobility support for ipv4.http://tools.ietf.org/html/rfc3344. 32. Rfcip mobility support. http://www.ietf.org/rfc/rfc2002.txt. 33. S. Sharma, N. Zhu, and T. ckerChiueh. Low-latency mobile iphando for infrastructure-mode wireless lans. 34. Security Aspects of Mobile IP. SANS Institute 2001, as part of the Information Security Reading Room. 35. S. Kent, Atkinson (2005). ―Security Architecture for the Internet Protocol‖, RFC 2401, November 1998. [36] ―The TCP IP Guide‖ Version 3.0. 36. T. Taleb, H. Nishiyama, N. Kato, and Y. Nemoto (2005). Securing hybrid wired/mobile ip networks from tcp-flooding based denial-of-service attacks. In Global Telecommunications Conference, 2005. GLOBECOM ‘05. IEEE, volume 5, page 5pp. 37. Terry Escamilla (1998). ―Intrusion Detection: Network Security beyond the firewall ―, New York, John Wiley. 38. T. Braun and M. Danzeisen (2001). ―Secure Mobile IP Communication‖, on Proceedings of the 26th Annual IEEE Conference on Local Computer Networks, IEEE Computer Society, November 14-16, pp. 586. 39. V. Gupta, G. Montenegro (1998). Secure and mobile Networking, Mobile Networks and Applications 3 (381-390), Baltzer Science Publisher BV. 40. V. Gupta, G. Montenegro (1998). Secure and mobile Networking, Mobile Networks and Applications 3 (381-390), Baltzer Science Publisher BV8. 41. William Stalling, ―Wireless Communication and Networking‖, Pearson Education Asia, 2002.

Research Scholar sameernandal30@gmail.com