TY - GEN
T1 - Efficient solution to decrease the effect of DoS attack against IP address ownership proof in Mobile IPv6
AU - Toyoda, Kentaroh
AU - Kamiguchi, Yuta
AU - Inoue, Shinichiro
AU - Sasase, Iwao
PY - 2011/12/1
Y1 - 2011/12/1
N2 - In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim's IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.
AB - In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim's IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.
UR - http://www.scopus.com/inward/record.url?scp=84857516596&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84857516596&partnerID=8YFLogxK
U2 - 10.1109/PIMRC.2011.6139694
DO - 10.1109/PIMRC.2011.6139694
M3 - Conference contribution
AN - SCOPUS:84857516596
SN - 9781457713484
T3 - IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC
SP - 1223
EP - 1227
BT - 2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC'11
T2 - 2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC'11
Y2 - 11 September 2011 through 14 September 2011
ER -