Authentication In Mobile IP

thanhtien501 — Sun, 04 Jul 2021 04:46:33 GMT

Dear all

I start learning about Mobile IP( read the RFC 3344) and some related RFC documents. Now i have a concern question, Hope that you clear a canal of obstruction because it makes me getting mad.

As i know about Mobile IP like this:

+The Foreign Agent send advertisement messege periodically (ICMP)

+When the Mobile Node moves to a new place, It will receive the advertisement messege and send the Registration request. The registration request uses the IP of Mobile node ( in case of located- care-of address ) or NAI ( in case of co-located care-of address) to authentication mobile node with Home agent.

There are some security problems here:

+ Replay Attacks: can be resisted by using identifier field in Registration request message

+ Modify the Packet : can be resisted by using the checksum and HMAC-MD5 to guarantee the packet integration

But i am a little bit confused with man-in-the-middle attack. I supposed that someone capture the registration request packet and he know the authention property (IP of mobile node or NAI) , after that he can use this authentication to use the service?

I'm thinking of the below scenario:

Mobile Node : The digest message A = HMAC-MD5(IP, identifier, Secret key) and after that it sends to the Home Agent

Home Agent : Computer the digest messge B = HMAC-MD5(IP, Identifier ,Secrect key' ) ( the IP, Identifier from the registration message ) and it stores the secret key

We compare The digest message A (in registration message ) with the digest messge B . It will be ok if 2 of digest message are equal.

In this case, We consider 3 authentioncation scenario: Mobile Node -- Home Agent , Mobile Node - Foreign Agent and Foreign Agent -- Home Agent

How can we authenticate Mobile Node - Foreign Agent ?

Please help me, I do appreciate your help.

topic Authentication In Mobile IP in Wireless

Authentication In Mobile IP