Mac Tools Transmission

Mac Tools Transmission

Secure Authentication Mechanism in Mobile Internet Protocol Version 6

Secure Authentication Mechanism in Mobile Internet Protocol Version 6

 

Mojtaba Sadeghi, Hamid Reza Naji, Tawfik Zeki

Department of Computer Engineering

Islamic Azad University

Dubai ,UAE

                                                            June 2009

  

Abstract

This paper  presents a secure authentication method  for Mobile IPv6. As a default IPsec is used for secure signaling messages between the Mobile Node and other agents in Mobile IPv6 networks. Mobile IPv6 message transactions include the Binding Updates and Acknowledgement messages as well. We propose a new mechanism for securing Mobile IPv6 signaling between Mobile Node and other agents.  The proposed method consists a Mobile IPv6 message authentication option and cookie management that can be added to the current protocols for securing IPV6. Also we investigate an architecture to integrate the mobility authentication signaling. This architecture is implemented and evaluated. In Mobile IPV4 protocol and also some authentication protocols of Mobile IPV6, there are some difficulties for satisfying timing requirements. We show the latency can be decrease between the Mobile IPV6 node, Home Agent and Correspondent Node with creating a cookie file keeping the mobile node identification.

 

1.Introduction

The security of a mechanism and protocol depends on the reliability and infrastructure of the Internet routing. The protocol will work between mobile nodes and any other Internet node that have no previous connection or relation with, and also we assume there is not any specific global security infrastructure. When Mobile IPV6 was developed, the built-in technology made it possible for users to change their points of attachment to the Internet while they still using the same IP connections established before. But, authentication and authorization, which are too important functions in wireless networks, were not considered during the design and creation. Therefore, this paper investigates the integration of MIPv6 and Authentication systems and develops integrated architectures as well. The mechanism described in this paper is a simplified version of the actual Mobile IPV6 protocol. We focus on the binding-update messages sent by the mobile node to its correspondents. In fact authentication service is the most important protection and inspection services in wireless networking. Security designing in mobile network is a critical stage in developing and establishing a Network infrastructure system. While a wireless system provides economic, convenience and efficient network , it must also be secured to prevent attack for theft and damage of data and  information . A safe and secure wireless network can ensure that your data transmissions are not intercepted, abuse, misuse by unknown third-party. Unsecured wireless networks are vulnerable to many types of problems, including:

-Theft of information

-Corruption or illegal modification of data

-Interception of interaction ,transaction and communication

-Insider abusing of network data and resources

Establishing a professional and secure wireless network means implementing a framework of authentication, encryption and key management protocols[1]. We focus on authentication with IPV6  in this paper. As a description , authentication is a process of verifying that a device or user that is attempting to log in to the wireless network, should be allowed on the network. Encryption and Key Management are processes and techniques that are make more complex and scramble data so that an unauthorized user or device that receives the data cannot use that.

 

2. IPv6 Review

Based on the recent concerns over the lack of internet addresses and the desire to provide more functionality for modern mobile devices, an upgrade of the old and current version of the Internet   Protocol (IP), called IPv4, has been established. This new version, called IP version 6 (IPv6), resolves  weakness of IPv4 design issues and made a revolution in Internet in recent years. The long of addresses in IPv6 are 128 bits. The first 64 bit are used for the link prefix. Which it  is assigned to every link and gets advertised through routers on that link. The second 64 bit of the address belongs to the interface  identifier .There are different scopes of IPv6 addresses in networking. The different scopes can be     diagnostic by looking at certain bit patterns of the address prefix.  

We can call the most important scopes in IPv6 as below:

- Link local: An address with a scope of link local only can be used to communicate within the node’s link. Packets with this link addresses will not be

routed outside the link. The first 64 bits of this addresses are fixed and look likes this: 1111111010 0 . . - Site local

First 10 bits Proceeding 54 bits. Link local addresses are like unique addresses  inside a site. The size of a site will define by site administrator. It can be a small home network with two or three clients or even the network of a university with hundreds nodes. The first 64 bits of site local addresses look like follows: 1111111011 0 . . . - Subnet ID

The 16 subnet bits are used to differentiate sites and First 10 bits Proceeding 38 bits last 16 bits. Protocol transitions are not easy and the transition from IPv4 to IPv6 is no exception. Protocol transitions are typically deployed by installing and configuring the new protocol on all nodes within the network and verifying that all node and router operations work successfully. Although this might be possible in a small or medium sized organization, the challenge of making a rapid protocol transition in a large organization is very difficult. Additionally, given the scope of the Internet, rapid protocol transition from IPv4 to IPv6 is an impossible issue. The designers of IPv6 recognize that the transition from IPv4 to IPv6 will take years and that there might be organizations or hosts within organizations that will continue to use IPv4 indefinitely[1]. IPv6 solves the network address limitations of  the current IPv4 protocol by replacing IPv4's  32-bit addresses with 128-bit addresses. Different elements were considered during the design of IPv6. One of this consideration is forecasting about the needs of future markets. We can guess that future of internet markets would rely on more security, high efficiency, and mobility[7]. Another successful issue of IPv6 designing is the way of internet’s transition from IPv4. This kind of transition involves with different software, hardware, protocol and infrastructure problems. Fortunately IPv6 has been developed to work with IPV4 network protocol as well. By creating a tunnel to transfer IPv6 packets or by creating a tunnel for transferring other protocol packets, IPv6 will support without requiring any fundamental changes. When a mobile node is far from it's home agent, it sends information about its current location to the home agent. Any node that it wants to start interaction and communication with a mobile node will use the home address of the mobile node for this communication and sending packets. The home agent intercepts these packets information, and via using tunnels the packets to the mobile node's care-of address. In fact Mobile Network IPv6 uses care-of address .But for supporting route optimization for direct connection between Mobile Node and Correspondent Node, the Correspondent node will use IPv6 header than the IP encapsulation. Mobile IPv6 technology allows a Mobile Node to move within the Internet infrastructure without loosing an old established connection. It means for a Mobile Node to be reachable at any time by a Correspondent Node it must have an address that not change. In fact this address belongs to the subnet of home network. In Mobile IPv6 this address is called, Home Address or HoA. If Mobile Node be available in its home network, all packets that want to reach to it, can reach the through the normal routing way. In this situation the Home Agent is topologically correct for the Mobile Node. But if the Mobile Node moves to another subnet, it must to update a Care of Address that topologically this address belongs to the new network. From now Mobile Node  will not be reachable through its HoA as well. Home Agent is responsible to receive all packets that destined to the Mobile Node, whenever Mobile Node is in another visited network. Whenever Home agent receives a packet, it would establish a tunnel it to the Mobile Node's current Care of Address. It proves the Mobile Node has to update its Home Agent about its current Care of Address regular. It means Home Agent will forward any packets destined to the Mobile Node’s Home Address, to its current Care of Address in visited network. These packets will send through a tunnel to the Mobile Node. It should be considered that the tunnel begins from the Home Agent and will end at the Mobile Node. Mobile IPv6 works like transparent for upper layers like applications. Any time Mobile Node wants to send a packet to the Correspondent Node, it can send it direct to it's address.

 

3. Security on Mobile IPV6

 3.1. Data Encryption and authentication protocol

One of the solution for making sure that unauthorized users or systems do not access on your wireless and mobile network is to encrypt your data and files. The famous and basic encryption method, WEP (wired equivalent privacy), unfortunately was found to be completely weak and nonstable. WEP works on a shared key technology, or password, to prevent unauthorized access. Anyone who find the WEP key or even stronger key can join and misuse the wireless network. There is no any mechanism or technique in WEP  to automatically change this key, and some tools have produced that can crack a WEP key very fast , even less that 60 sec! It means it will not take long time for an attacker to access a WEP-encrypted in wireless network. We can say the procedure of  RADIUS server is receiving end user requests, then authenticating the user, and finally providing the NAS plus all of the  information for it to deliver services. This protocol of authentication provides a centralized security system to control access to the network resources. Lightweight Directory Access Protocol or LDAP  is called another authentication protocol which defines organized and accessed information. As we know an authentication protocol is a set of rules for communication between server and clients. By implementing LDAP, Network administrator can control users and clients easier with centralize and secure user information[12]. Also there are other mechanisms for mobile authenticating clients, the combination of  RADIUS, EAP, and LDAP is the most common and available solution in use in business today.  Each component has associated open-source software that is freely available for network administrators to download, configure, and use. Thus, with the hardware in place, installation of an authentication system is inexpensive[15]. 

 

3.2. Hijacking and Spoofing on Mobile IPV6 Networks

The first difficulty of IP networks is that it is difficult to know where information really comes from. An attack called IP spoofing takes advantage of this weakness. Since the source IP address of a packet has no influence to the deliverability, it can easily be changed. The attack – called spoofing – makes a packet coming from one machine appear to come from somewhere else altogether. It's obvious that IP based address is not trustable at all, because everyone can claims he is the owner of this IP address. Even after authentication step , still everything is not safe against sessions hijacking. It means after identification of a person, we can not make sure he will be the same person during the rest of that session. That's why all source of data must authenticated during the transmission. Still most of networks in the world are based on Ethernet or cabling LANs. This type of network normally are cheap, globally available, easy understood and fast to expand. But making spying is easy in these networks, because any node is able to read every transmitted packet over the LAN. Formally, each network card only listens and responds to the packets that specifically belongs to it, but it is not difficult to ask these devices to listen all packets during passing on the wire. The first recommendation for all Mobile IP networks is to use encryption and authentication the data. But there are still problems on that. We should consider all encryption keys will be exchanged during communicating parties. It's a rule that encryption keys use encryption algorithms to encrypt and decrypt data. 

 

3.3. Mobile Node MAC address and Authentication

A sorted care-of address is a care-of address that obtained by mobile node as a local IP address. This IP address will be dynamically acquire, may be through a DHCP server or via a foreign agent. After assigning a routable IP address to MN, the mobile node is now able to establish and communicate directly with it's home agent, careless of  foreign agent. By implementing of this method, mobility decapsulation has done. Sometimes Mobile Node uses the Mobile Node Identifier option to establish of communication and enable the Home Agent to start using of available authentication infrastructure. One of the most difficult step for an attacker is finding the MAC Address of wireless Lan[7]. Many of systems may trust on a faked MAC address, as an authorized wireless router or client. Attacker can start denial of service attacks by passing access control mechanisms in wireless. MAC addresses have been used as unique layer 2 for network identifier in Mobile IPV6 Networks. As we know MAC address is unique in the world for all network-based devices. Organizationally unique identifiers (OUI) has allocated to all hardware manufacturers specially network products manufacture. Generally the MAC address of a client or mobile node is used as an authentication parameter or a unique identifier for making security in authentication level. When an attacker changes their MAC address they continue to utilize the wireless card for its intended layer 2 transport purpose, transmitting and receiving from the same source MAC. All 802.11 network protocol use their MAC addresses to be changed, with support from the manufacturer[6]. Linux users can change their MAC address with some command or programming with C program. But windows users are able to change  their MAC address by configuring the properties of lan card drivers. We should care that an attacker may choose to change the MAC address for different  reasons[15]. The Mobile IPv6 protocol enables a Mobile Node to move from one network to another network without the need to change its old IPv6 address. Because a Mobile Node is always routable and addressable by its home agent, which is the Mobile Node's IPv6 address. When a Mobile Node is far from its home network, messages can be routed to it using the Mobile Node’s home address. Normally the movement of a mobile node is completely invisible to transport and other layer protocols. 

 

3.4. Mobile IPV6 Accounting

Mobile IPV6 accounting can be divided to four processes: metering, pricing, charging and billing. Actually the duty of metering process would be measure and collects the resource usage information which is related to a single customer' service. Also the task of pricing would be the process of determining a cost per unit. Then charging process make compatible the pricing data to the usage of resource to an amount of money that we called charge. This charge has to paid by customer. And billing process obviously  informs customer about the billing information[7]. In fact accounting on Mobile network means the act keeping the records for all user's usage of the source. The primary aim could be billing for any user but for security reasons we need to know each users logon and logout time, visited websites, amount of download and upload and so on.

 

4. New Mechanism

 4.1.  Mobility Message Authentication with a Cookie File

This section defines a new mechanism in mobility message authentication option that can be use to secure Binding Update and Binding Acknowledgement messages in mobile IPV6 networks. This mechanism is able to used along with IPsec or preferably as an new mechanism to authenticate Mobile node in communication with Home agent or foreign agent to Binding Update and Binding Acknowledgement messages whenever we don't have IPsec infrastructure in our network. The simulation of the Mobile IPV6 protocols is based on the implementation of Mobile IPV6 in Network Simulator 2 (NS2). Overall implementation is based on home station, correspondent node and mobile agents. In fact base station agent will implement the functionality of home agent and foreign agent. This agent will create the Broadcasting area. This area will re-set every second. Mobile IPV6 agent finds the advertisement and registers with home agent and foreign agent based on protocol. The registration timeout for Mobile IPV6 protocol has set for one second. It means every second updating of registration will happen. For simulation we developed a simulated Mobile IPV6 network that considers to delay and payload.  Also for the simulation of the authentication with a C++ code  home agent will create a cookie file as a identity file. Based on our assumption the Mobile Node has registered with the home agent before leaving it's subnet. The Mobile Node as a personal computer has some specific details that it can save them in a cookie as a file and then encrypt the file[10]. Home Agent MUST include this option in the BA if it received this option in the corresponding BU and Home Agent has a shared-key-based mobility security association with the Mobile Node[2]. 

 

4.2. New Care-of Address and Binding Update

After detection that a Mobile Node has moved the network, new CoA allowed to access to the network, but it must inform its Home Agent regarding the new location of Mobile Node. It's a big concern in mobility that whenever a Mobile Node lost it's connectivity with its last router, until it informs its Home Agent about its new location, all messages that sent to it will lost and also it will not able to send any packet to any of correspondent nodes. Actually a Mobile Node registers its new Care of Address to its HA via sending a binding update message. Then Home agent does acknowledge this update by replying a binding acknowledgement and from that time is able to tunnel the packets from Mobile Node's home address (HoA) to the Mobile Node's in new location. In the last step, The Mobile Node informs all of its Correspondent Node, its new location and that it is reachable with this new Care of Address. It means after registering, the Mobile Node sends a BU to all CN to inform them about its new location. By the way, there is an additional procedure for following that BUs are sent to all CNs. This one called Return Routability (RR) test.

  

4.3. WAP Infrastructure with Cookies
WAP protocol is a service enabler that is located between internet and mobile networks in the service layer. The service layer includes of different service enablers for mobile nodes and mobile applications. The WAP protocol works like a secured tunnel from the mobile node to the  service layer. All IP packets from a mobile node will transport via three layers of mobile networks: connectivity layer, control layer, and service layer.  

4.4. Design and Implementation

Mobile IPv6 authentication relies fundamentally on IPv6 protocol functions as a standard protocol and IPv6 neighbour discovery as well[1]. It's obvious that the latency can significantly affect during following components in IPV6 Mobility[13]:

• Movement detection time (td): The time to detection and establishment for Mobile Node, when it moves to a new location. For example the discovery of a new router.

• IPV6 Care-of-Address configuration time (ta):

The time between the establishment of movement and configuration of a globally routable IPv6 address. Duplicate address detection test is partial of this time[2].

• Context establishment time (tc): The time between establishment of a routable care-of address and the establishment of the suitable context state.

• Binding registration time (tr): The time between the sending of a binding update signal to the Home Agent to the receipt of an acknowledged Binding Update.

• Route optimization time (to): The time from registering of new Care of Address to completing route optimization with Correspondent Nodes. This time includes the return routability procedure time if exist, it must calculate before a Binding Update is sent by Mobile Node to a Correspondent Node[8].

In fact , the total Mobile IPV6 configuration delay (th) can be defined as the sum of these mentioned latency times as follows:

Formula 1: th = td + ta + tc + tr + to

  

4.4.1.  Movement Detection Time

The movement of detection time (td) is the sum of two separate latency time: First, Link of switching delay (Tl2) which is the time delay regarding to re-association of the wireless subnet's Access Point and Second, Link-local IPv6 address configuration delay (Tll), which is the time between the first time that Mobile Node meets a new link by receiving neighbor advertisement over its all nodes. It means movement detection time can be defined as:

Formula 2 : td = Tl2 + Tll

  

4.4.2. Care of Address Configuration Time

As we mentioned about the CoA configuration time (ta), it's a starting time from the moment of the receipt of a router advertisement till the Duplicate Address Detection and update of the routing table will complete. For stateless IPv6 address auto-configuration ta  is included of the following delays:

Formula 3: ta = TpreAd + TAddConf + TDAD + TRoutUpdt

Meanwhile TpreAd is defined as:

TrtAd - TrtSol (if the router advertisement is requested)

TrtAdInterval / 2 (if router advertisement is cyclic)

TAddConf is the real time that Mobile Node needs to configure the address, like to Create an unique and globally routable IPv6 address. The time in stateful address auto-configuration, like DHCPv6 for Care of address can be defined as:

Formula 4: TAddConf = TDHCPaddReq + TDHCPaddResp + TRoutUpdat

In fact TDHCPaddReq and TDHCPaddResp  will represent the transmission delay caused by stateful configuration of a care of address via a DHCP server in Mobile IPV6 network[9].

 

4.4.3. Care of Address Registration Time

Care of Address registration time or tr is defined as the transmission delay caused within registration of the Mobile Node Care of Address with its Home Agent.

Formula 5: tr = RTMN-HA + BUproc + BAproc

 

5. Create a Code to Perform MPV6 Authentication

On the File menu, point to New, then Project. Click Visual C++ Projects under Project Types, and then we click Mobile Web Application under Templates.

      "In the next step, we should add the following code to the Web.config file:"

   <authentication mode="Forms">

      <forms loginUrl="login.aspx" timeout="60" path="/" >

         <credentials passwordFormat="Clear">

            <user password="password"/>

         </credentials>

      </forms>

   </authentication>

   <authorization>

                <deny users="?" />

 

   </authorization>

To add a Mobile IPV6 authentication Web Form we should perform these steps:

First, click Add New Item on the Project Menu, then Click on Mobile Web Form and finally type Login.aspx in the Name box.

We can create the following controls from the Mobile IP Controls section

of the toolbox:Collapse this tableExpand this table

 

Control Type

Control Name

Control Text

Label

Label1

Type User Name

TextBox

txtUserName

 

Label

Label2

Type Password

TextBox

txtPassword

 

Command

cmdLogin

  Log in

Label

Error

 

Now we can click on Log in and open the code-behind page.

Then we should add the following code in the page:

private void cmdLogin_Clk(Obj sender, Event Args)

   {

      if(IsAuthenticated(txtUsername.Text, txtPassword.Text))

      {

MobileIPAuthentication.RedirectFromLogin(txtPassword.Text,true);

      }

      else

      {

         Error.Text = "Check the credentials";

      }

   }

 

private IsAuthenticated(String user, String password)

{//Or call the cookie file which has been created for authentication/

   if(FormsAuthentication.Authenticate(user, password))

   {

      return true;

   }

   else

   {

      return false;

    }

}

We can add a Label control on the page, and change the text of the Label control to

"Mobile IPV6 Authenticated!"

 

6. Delay Calculation and analyze

6.1.  Authentication Delay Calculation

In this section, we quantitatively calculate and analyze the times of different phases of authentication on the security and system performance in Cookie ID based authentication and IPsec protocol with some assumption, which is the first step of the work for build up a relationship between the security and QoS[3]. Moreover the effect on the mobility security, authentication mechanism also affects on authentication delay, cost, number of message exchange, call dropping and etc[2]. Data encryption/decryption in each router involves some security processing latencies. We consider that an IPSec Mobile Network in each router take the same time. This latency lsec is evaluated with the following equation:

 Formula 7 :  lsec = Dpacket

                                     R

where Spacket is the data packet size (in bit) and R is the router encryption/decryption processing capability (in bit/s). In our assumption R is 1Mbit/Sec like a normal router. The authentication delay time is defined as the time from whenever  a Mobile Node sends out the authentication request till the time that Mobile Node receives the authentication reply. The problem is during this delay,  any data can be transmitted, which may interrupt or even disconnect the connections. Therefore, the call dropping will increased with the increase of authentication delay time[2]. In the other hand authentication cost is defined as the processing and signaling cost for cryptography. The total number of  messages from the Mobile Node, Foreign Node and Home agent could be large if the distance between them is long[14]. It should be considered, the mobility technique and traffic mechanisms will make the authentication frequently in different scenarios because the authentication will start whenever a Mobile Node establish a communication session.

 

Symbol

                                       Description

Ttr

Transmission time for Mobile Node

Tu

Update Binding Time

Ta

Acknowledgment  sending/receiving Time

Ted

Encryption/Decryption Time

Tr

Registration Time

Ts

Authentication request service and waiting time

Th

Home Agent updating time

Table 1

Formula 8 :

 Tsum = Ttr +  Tu + Ta +  Ted + Tr + Ts + Th

 6.2. Latency and Analyze Our Mechanism

Practical of Mobile IPV6 is likely to occur where a private network is deployed over the Internet. It means this situation can hint that Foreign Agent belongs to a another subnet wants to provide mobility services. For any accounting and billing purposes, the Foreign Agent needs to track of the usage of its services by mobile nodes. We simulate the Authentication protocol of Mobile IPV6 Transport Mode. Actually the major reason for simulation is representation with the least expensive computational authentication method.  A cookie based authentication is used between the Mobile Node and Home Agent. The second association will establish between Foreign Agent and Home Agent. With the expansion of mobile security protocols and the growth of internets, all networks are trying to securely extend their wireless networks over the public infra-structre, is called Virtual Private Networks or VPN. Cookie identity authentication’s  functionality consists of two phases: In the first phase, mobile node and home agent involved in communication establishment and in the second phase , the home agent and foreign agent will communicate for send/receive the cookie file which is belong to mobile ipv6 node. The major difference between this two phases is that phase 1 will happen in the same subnet and naturally it’s faster and easier to complete, but phase 2 must establish a communication between two different subnet. In phase 2 we recommend  to establish a tunnel for higher security. The attributes of cookie file which is include Mac address, User name, Password and may extra information defined by the encryption algorithm and authentication mechanism. Based on our assumption the maximum authentication message size would be 4096 bytes or 4KB, the transmission delay is considered 40 milliseconds, and we assume 4 Mbps for our mobile network capacity. Also IP Configuration latency on Local Site is around 20 msec and on different subnets this latency would be around 160-200 msec in Cisco standard. As a average it's considered 180 msec.

Formula 9 : IPconf-latn-local= 20 Msec,

Formula 10 : IPconf-latn-global = 180 Msec

There is an additional factors should be considered. There are additional bytes added to each packet of data sent to control errors and routing information as well. The actual numbers of these codes depend on the packet size and also protocol used in Mobile network. Generally, a typical packet of data sent will be about 90% and 10% or a bit more belongs to overhead. In order to send 4096 Bytes of data about 4506 bytes would actually need to be transmitted.
In a router with 16 MegaBITs/Sec speed transfer rate is equal to 2MB/Sec. Our Cookie file with 4506 byte would take time about 0.0023 seconds to send, assuming the source can continuously send the file and also the receiver can process it that fast and there no lost packets that need to be resent. In 802.11X protocol, router will advertise every second. It means in the best case a Mobile Node might wait about 0 Sec and in the worst case it might to wait 1 Sec for next advertising of router and join to it. We assume 0.5 Sec for all cases as a average waiting, whenever a Mobile Node wants to find and ask a router to join to the new subnet.

 Formula 11 :           File Size(Kbyte)

 Time Taken = --------------------------------- + Router delay (Sec)

                         Bandwidth Speed(KB/Sec)

 

                Action

In IPsec     (Sec)

In Cookie ID (Sec)

         Result

1st Exchange

      0

         0

 

For the first inquiry and Second

exchange both are the same

2nd Exchange

  (Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

                                                  

          

         0.5023

       

           0.5023

Initial to Update binding (Formula 10)+Router Delay

        

         0.6800

 

             ---

 

Update Binding is a Must in IPsec

 

Respond to Updating (Formula 10)

       

         0.1800

     

             ---

Refer to Home Agent(Router Delays,10)

0.5+0.5+0.18=1.1800

 

 

      

               --

      

         1.1800

 

In Our Mechanism MN refer to HA

Sending Cookie File from HA to CN  (Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

 

     

               --

       

             0.5023

 

HA will send the created ID cookie file to CN

 

Sending/Receiving Acknowledgment

Formula 11:

0.5+0.5=1 Sec

 

         1.0000

 

             --

 

In IPsec Acknowledgment transaction must updated

 

Encryption/Decryption By Tunneling

Formula7 :

 lsec = Dpacket =

                   R

       4065Byte     = 0.0325Sec

125,000Byte/Sec

 

     

             ---

   

           0.0325

 

Cookie file must encrypt and

 decrypt for security reason

Care of Address

Formula 9:

IPconf-latn-local= 20 Msec,

 

        

          0.0200

 

          0.0200

 

Assign new IPV6 address to MN

Updating HA

(Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

 

        

          0.5023

 

          0.0023

 

HA already had ID from MIPV6,but in IPsec full

 info must updated

Total Time (Formula 8)            2.8846 Sec    2.2394 Sec

Table 2 : Timing calculation

 

Saving time: 2.8846 – 2.2394 = 0.6452 Sec         Efficiency on time saving : % 22

 

7. Conclusion

We have described secured authentication Mobile IPv6 mechanism and used in the standard protocol such as IPSec. In Mobile IP network techniques, some features are unconventional because of globally working of protocols and without any global infrastructure for security challenges. The quantitative analysis and design of Mobile IPV6 authentication with respect to the IPSec create more challenges about the authentication in IPV6 wireless networks. Overall time in IPSec in our assumption with 4KB file amd 2MB/Sec router bandwidth is  2.8846 Sec. But in our mechanism with Cookie ID it decreases to  2.2394Sec . It means saving time would be 0.6452 Sec and the efficiency would be ".

Note that we considered latency time for encryption/decryption via a tunnel from HA to CN, and obviously it takes time and cost for our mechanism[11]. We believe without making strong security, any protocol and mechanism on mobility infrastructure will not get a positive response. As result shows encryption/decryption time for Cookie ID file is  0.0325 Sec, that this time will be higher for bigger files. This time has not calculated and mentioned for IPsec protocol, because although it's strongly recommended on IPSec, but its not a Must[5]. The only disadvantage of Cookie ID mechanism could be creating cookie files on the storage of authenticator server. We can ignore these small files, because as we mentioned the size of cookie file is 4KB. Also task schedule can be configure for disk cleanup monthly, weekly or daily. It can erase these un-useful files from the storage to prevent of any confusing and conflict.

  

   References:

[1]Li WANG, Mei SONG, Jun-de SONG, An efficient hierarchical authentication scheme in mobile IPv6 networks, School of Electronic Engineering, The Journal of China Universities of Posts and Telecommunications. China, October 2008.

[2] C. Blondia, O. Casals, Ll. Cerdà, N. Van den Wijngaert, G. Willems, P.  De Cleyn,” Performance Comparison of Low Latency Mobile IP , INRIA Engineering Journal, Sophia Antipolis, pp., March 2008.

[3] Huachun Zhou?,†, Hongke Zhang and Yajuan Qin, An authentication method for proxy mobile IPv6 and performance analysis, Institute of Electronic Information Engineering, Beijing Jiaotong University, Sep 2008

[4] P. Calhoun, T. Johansson, C. Perkins, T. Hiller: Diameter Mobile IPv4 Application, IETF RFC 4004, August 2008.

[5] D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, A. Yegin: Protocol for Carrying Authentication for Network Access , IETF draft, Dec 2007.

[6] M.S. Bargh, R.J. Hulsebosch, E.H. Eertink, A. Prasad: Fast Authentication Methods for Handovers between IEEE 802.11 Wireless LANs, ACM Press, Sep 2004.

[7] S. Glass, T. Hiller, S. Jacobs, and C. Perkins. Mobile IP Authentication, Authorization and Accounting Requirements. RFC2977, October 2000.

[8] T. Narten, E. Nordmark, W. Simpson, “Neighbor Discovery for IP Version 6 (IPv6)”, IETF RFC2461, August 2005.

 [9] K. Chowdhury, A. Yegin: MIP6-bootstrapping via DHCPv6 for the Integrated Scenario, IETF draft, June 2006.

[10] J. Chen and K.J.R. Liu. Joint Source-channel Multi-stream Coding And Optical Network Adapter Design For Video Over IP . IEEE Transactions on Multimedia, 4(1):3–22, March 2002.

[11] Da Wei, Yanheng Liu, Xuegang Yu, Xiaodong Li: Research of Mobile IPv6 Application Based On Diameter Protocol, IEEE Computer Society, 2006.

[12] P. Funk, S. Blake-Wilson: EAP Tunneled TLS Authentication Protocol Version 1, IETF draft, March 2006.

[13] A. Diab, A. Mitschele-Thiel,“ Minimizing Mobile IP Handoff Latency,” 2nd International Working Conference on Performance modeling and Evaluation of Heterogeneous Networks (HET-NET Journal, U.K., July 2006.

[14] C.F. Grecas, S.I. Maniatis, and I.S. Venieris. Towards the Introduction of the Asymmetric Cryptography. In Proceedings. Sixth IEEE Symposium on Computers and Communications, 2001, July 2001.

[15] J. C. Chen, Y. P. Wang: Extensible Authentication Protocol (EAP) and IEEE 802.1X: Tutorial and Empirical Experience, IEEE Radio Communications, Dec 2005.

 

About the Author

Mojtaba Sadeghi
Master of Computer Engineering, Software
IAU University
Dubai,UAE

Mac OS X Power Tools $39.99 Expert Dan Frakes Toiled Endlessly with OS X So You Don't Have To... OS X expert and incurable Mac addict Dan Frakes delved into the deepest, darkest regions of Apple's newest operating system to uncover the best and most efficient ways to get things done. The result of his tireless efforts, Mac OS X Power Tools , takes you step-by-step through insightful and essential tips, shortcuts, and solutions. Filled with choice coverage on installation, the Finder, networking, security, Unix, software, and much more—Mac OS X Power Tools is certain to save you countless hours (and frustration) and turn you in to the OS X expert you've always dreamed of becoming. Coverage includes: Foiling Finder Frustration Setting Up Your Mac Sensationally Mastering Mac OS and Third-Party Software Installations Developing a Dynamic Dock Clobbering Classic Networking and Surfing Superiorly Connecting Conveniently and Running Remotely Fine-Tuning Firewalls and Strengthening System Security Utilizing UNIX See the author's website at www.macosxpowertools.com

M-Audio Pro Tools Custom Keyboard for Mac $119.99 This keyboard features color-coded keys to help you work fast and efficiently in select Mac-based Pro Tools audio production systems, including Pro Tools HD, Pro Tools LE and Pro Tools M-Powered systems.

Mac Sound Tools, Set $38.95 No Synopsis Available

MAC App Store Tools and Deployment (Paperback) $58.5 Learn about the basics of writing and selling apps in the Mac App Store. Starting with an overview of the Mac App Store, you`ll move on to a tour of the Xcode developer tools. Then you`ll get a tutorial of how to submit your app for approval. This quick guide gives you a fast track to learning the basics of using the developer tools and the tools you`ll be using to submit your app.

St Transmission 300 Light $19 Download the St Transmission 300 Light font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 400 Regular $19 Download the St Transmission 400 Regular font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 500 Medium $19 Download the St Transmission 500 Medium font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 600 SemiBold $19 Download the St Transmission 600 SemiBold font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 700 Bold $19 Download the St Transmission 700 Bold font for Mac or Windows in OpenType, TrueType or PostScript format.

Sunex Tools 7700B 700 Lb. Transmission Jack $427.67 700 lb. Transmission Jack Low H: 503/8 ; High H: 703/4 . Satisfaction ensured. Offers excellent value. Committed to bring you the best products on the market.

Desktop 7 for Mac - Mac $69.99 Whether the documents and programs on your PC are for work or play, you need to access your favorite Windows-based programs and files. If you need to whip up a presentation, surf the Web, check your payroll or just blast away some enemies in your favorite game, Desktop 7 for Mac lets you run Windows-based programs on a Mac without having to reboot your computer. Enjoy the features and look of your Mac with the programs and files of your PC easily and seamlessly with this powerful software. Desktop 7 for Mac lets you enjoy your favorite Windows programs, documents and more on your Mac without rebooting. Take advantage of Mac OS X Lion features such as Launchpad and Mission Control while using Windows programs. Need to use an operating system other than Windows? Desktop 7 for Mac allows you to run Google Chrome, Linux and many other operating systems at the same time. Access the new Parallels Wizard to easily transfer your programs, documents, music, photos and Internet favorites from your PC to your Mac. Use your Mac's iSight or FaceTime HD camera with your Windows programs. Prefer the look of the Mac OS? Hide Windows and still use the programs, or keep the familiar Windows look with the Start menu on your Mac the choice is yours. Immerse yourself in a Windows 3D graphics experience on your Mac with support for DirectX 9.0c/9Ex, Shader Model 3.0 and 7.1 surround sound. Keep your Mac and virtual PC secure with administrator tools that allow you to protect the virtual machines. Protect your investment in your Windows programs and documents while enjoying the features and capabilities of your Mac with Desktop 7 for Mac.

Allison Transmission Shift Enhancer $98.99 These transmission kits increase line pressure in the transmission, which reduces torque converter and transmission clutch slippage and improves shifting. Easy to install using basic hand tools. Bully Dog?s shift enhancers improve shift and line pressure

Mac Box Set - Mac $135.99 Enhance your Mac experience by upgrading to the latest versions of the software you know and love. The Mac Box Set combines Mac OS X v10.6 Snow Leopard, the newest version of the Macintosh operating system; iLife '09, designed to help you get more from your photos, movies and music; and iWork '09, Apple's productivity suite for home and office. Do more, faster, with your computer, and get greater enjoyment out of your many entertainment options. The all-in-one Mac Box Set helps unleash the potential in your Mac, whether at work or play. Snow Leopard takes your Mac's operation to the next level, offering a streamlined, secure and powerful operating system that makes your Mac even faster and more reliable. iLife '09 includes iPhoto '09, iMovie '09, GarageBand '09, iWeb '09 and iDVD, which let you create themed slideshows, edit amazing movies, compose and record your own songs, design and publish your own Web sites, burn Hollywood-style discs and more. And with iWork '09's Pages '09, Numbers '09 and Keynote '09, you have the tools you need to create documents, spreadsheets and presentations quickly and easily.

Pro Tools Clinic - Demystifying LE for Mac and PC $37.21 Pro Tools Clinic reveals the secrets of making great recordings using Pro Tools and shows the way to becoming a Pro Tools LE expert in a simple and easy fashion. This book takes a clear and easy approach to teaching the reader how to use Pro Tools from the ground up. Rather than simply describing Pro Tools features, this book provides examples and tutorials designed to get the reader recording, editing, and mixing music right away. Contains over 700 photos with screen shots.

St Transmission 200 Thin Italic $19 Download the St Transmission 200 Thin Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 300 Light Italic $19 Download the St Transmission 300 Light Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 400 Regular Italic $19 Download the St Transmission 400 Regular Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 500 Medium Italic $19 Download the St Transmission 500 Medium Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 600 SemiBold Italic $19 Download the St Transmission 600 SemiBold Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 700 Bold Italic $19 Download the St Transmission 700 Bold Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission 800 ExtraBold Italic $19 Download the St Transmission 800 ExtraBold Italic font for Mac or Windows in OpenType, TrueType or PostScript format.

St Transmission Complete Family Pack $149 Download the St Transmission Complete Family Pack font for Mac or Windows in OpenType, TrueType or PostScript format.

KD Tools Automatic Transmission Clutch Spring Compressor. Each $117.93 Manufacturer: KD Tools. Each. Features Benefits: Permits easy removal and installation of snap rings Tool compresses automatic-transmission clutch springs on some GM, Ford, Toyota and other transmissions No need to remove center shaft and clutch assemb

Easy VHS to DVD Mac - Physical $79.99 Roxio Easy VHS to DVD for Mac Makes it Easy to preserve your irreplaceable memories by transferring them to DVD and saving and sharing for generations.

Mac Bible $11.99 Whether you're one of the thousands unwrapping your first Mac or you're already an experienced Mac user, Mac Bible is the perfect Mac primer, from the very basics up to all the cool stuff. First get up to speed on Safari and business tools, set up user accounts, and add our Mac to a network. The fun continues as you see how to edit digital video with iMovie, organize your calendar with iCal, get the most out of iTunes, and much more. It's 600 pages jam-packed with the information you need to succeed with your Mac.

PDF Converter for Mac - Mac $99.99 Work faster and smarter with the enhanced productivity and powerful tools of PDF Converter for Mac. From creating industry-standard PDF documents to scanning paper documents into editable PDF files and protecting sensitive information, this software offers the technology and functionality you need to work effectively. This software allows you to convert PDF documents into fully formatted Microsoft Word, Excel and Corel WordPerfect files, and keep text, columns, tables and graphics intact. Featuring handy collaboration tools that let you add notes, text boxes, graphics and more, PDF Converter for Mac allows you to exchange ideas and provide feedback easily. Directly editable PDF files, accurate document conversion and assembly and information protection are some of the powerful features offered by PDF Converter for Mac. Scan paper documents directly into searchable PDF files. Easily and accurately convert PDF files into Microsoft Word, Excel and Corel WordPerfect documents. Edit directly within PDF files to change, delete or add text and insert, move, copy, resize and delete images as needed. Don't be forced to only print out PDF forms create fillable PDF forms that can be saved for enhanced productivity. Protect sensitive information by redacting, editing or erasing text and images that need to be kept safe from prying eyes. With the easy-to-use tools of PDF Converter for Mac, you'll be able to enhance your productivity without sacrificing quality.

Personal Productivity Tools : Introduction to Mac $66.3 No Synopsis Available

QuickBooks Mac 2012 - Mac $229.99 Sometimes it feels like you spend more time doing paperwork, getting tangled in finances and lost in customer records, than you spend actually running your business. When simple, everyday tasks begin costing your business more time and energy than they're worth, you know it's time for a change. QuickBooks Mac 2012 has the tools and resources you need to run your business faster and more efficiently and get back to the more important tasks. QuickBooks Mac 2012 helps you save time and get organized so you can see exactly where your business stands. Keep your vital customer and vendor account information at your fingertips using Company Snapshot widgets, and easily locate transactions and contacts so you can stay up to date and in control. Create professional invoices and estimates with your logo and colors. When things get tricky, use Guide Me to access step-by-step assistance with key tasks. Keep your business organized and simplified by exporting your information to iCal, iChat and Address Book. Are you ready to clear out the clutter and get organized so you can get back to what matters most? View a product demo.

Pro Tools 8 for Mac OS X and Windows $27.99 This is the eBook version of the printed book. This bestselling reference’s visual format and step-by-step, task-based instructions will have readers up and running with Pro Tools in no time. With this latest release of Pro Tools, Digidesign establishes its audio recording platform as a serious contender in the music creation market, with a long list of enhanced capabilities for the home studio. In this completely new edition of our bestselling guide to Pro Tools, readers will learn how to use the new features in the latest release, including automation lanes, track comping, MIDI and Score editors, notation, and more. Musician and producer Tom Dambly has been an audio consultant and music technology writer for over ten years and has written product documentation and training materials for seven major releases of Pro Tools. From beginners to accomplished users, readers will benefit from his clear instructions that cover everything from creating a session and recording to editing, mixing, and final delivery.

Pro Tools 8 for MAC OS X and Windows $12.68 This bestselling reference's visual format and step-by-step, task-based instructions will have readers up and running with Pro Tools in no time. With this latest release of Pro Tools, Digidesign establishes its audio recording platform as a serious contender in the music creation market, with a long list of enhanced capabilities for the home studio. In this completely new edition of our bestselling guide to Pro Tools, readers will learn how to use the new features in the latest release, including automation lanes, track comping, Elastic Audio, MIDI and Score editors, notation, and more. Musician and producer Tom Dambly has been an audio consultant and music technology writer for over ten years and has written product documentation and training materials for seven major releases of Pro Tools. From beginners to advanced users, readers will benefit from his clear instructions that cover everything from creating a session and recording to editing, mixing, and final delivery.

GE Healthcare MAC 5500 ECG Diagnosis System, Color Screen $13650 Features of the GE Healthcare MAC 5500 ECG Diagnosis System:MAC 5500 is designed for high volume ECG environments, it offers a complete suite of advanced ECG Analysis programs. Combined with MobileLink™ wireless ECG workflow solutions, MAC 5500 helps you capture, analyze and communicate ECG data with greater speed and confidence. Ethernet and wireless networking option saves time, reduces errors and maximizes charge capture. Hook-up advisor minimizes editing time and repeat ECG acquisitions. Single button operation for printing, storage and transmission. Bar code scanner helps reduce clerical errors. 12SL ECG Analysis program with Gender-Specific software. 15-Lead ECG Analysis. Risk stratification tools such as ACI-TIPI, Late Potential P-Wave Signal Averaging. Optional stress testing capabilities.

GE Healthcare MAC 5500 ECG Diagnosis System, Black and White Screen $12350 Features of the GE Healthcare MAC 5500 ECG Diagnosis System:MAC 5500 is designed for high volume ECG environments, it offers a complete suite of advanced ECG Analysis programs. Combined with MobileLink™ wireless ECG workflow solutions, MAC 5500 helps you capture, analyze and communicate ECG data with greater speed and confidence. Ethernet and wireless networking option saves time, reduces errors and maximizes charge capture. Hook-up advisor minimizes editing time and repeat ECG acquisitions. Single button operation for printing, storage and transmission. Bar code scanner helps reduce clerical errors. 12SL ECG Analysis program with Gender-Specific software. 15-Lead ECG Analysis. Risk stratification tools such as ACI-TIPI, Late Potential P-Wave Signal Averaging. Optional stress testing capabilities.

Learn Xcode Tools for Mac OS X and iPhone Development $37.79 This book will give you a thorough grounding in the principal and supporting tools and technologies that make up the Xcode Developer Tools suite. Apple has provided a comprehensive collection of developer tools, and this is the first book to examine the complete Apple programming environment for both Mac OS X and iPhone. Comprehensive coverage of all the Xcode developer tools Additional coverage of useful third-party development tools Not just a survey of features, but a serious examination of the complete development process for Mac OS X and iPhone applications What you'll learn The book is holistic, providing a comprehensive sweep across the available development tools. The book is structured, taking a logical and progressive journey from the basics to a firm understanding of the purposes, benefits, and limitations of each component of Xcode's developer tools. The tone is friendly and accessible--we wouldn't have it any other way. The book fills a niche--there is no other single book that focuses on this collection of developer tools. This book complements other books in the Apress series. Who is this book for? All Mac OS X and iPhone developers who want to develop applications more efficiently by taking advantage of all the tools Apple offers in its Xcode suite, as well as many indispensable third-party tools.

Pro Tools 10 Crossgrade - Mac/Windows $499.99 Whether you're a veteran of the music industry, a music-making hobbyist or a student developing your own style of sound design, you have one goal mastering an innovative, crystal-clear, perfectly balanced mix that will blow away your audience, whether it's big or small. Composing professional-quality audio tracks requires dedication and talent, but with Pro Tools 10, it doesn't require a professional studio. Stocked with award-winning tools, workflows, plug-ins and more, this comprehensive software gives you everything you need to achieve the exact sound you're striving for without ever leaving your computer. Crossgrade your Pro Tools MP software to Pro Tools 10, and see your possibilities multiply. This new set of Tools eliminates the need for file duplication, freeing you up to work with multiple audio formats faster and more effectively. Plus, new support for 32-bit floating-point file formats gives you unrivaled sound quality with the highest-quality Pro Tools resolution yet. Whether you're jamming out melodies on a MIDI controller, recording a vocal performance, or designing rhythms right from your computer, Pro Tools 10 lets you create bigger mixes than ever with up to 96 tracks, and boosts your efficiency with specialized workflows. When it's time to add the perfect finishing touches, find the exact sounds you want in a vast library of more than 75 plug-ins, including the Channel Strip plug-in that emulates the renowned EQ and dynamics of the System 5 console. Promoting your finished work has never been easier, thanks to direct exporting to SoundCloud that delivers your music to a worldwide audience. Cross over to the next generation of sound excellence.

Pro Tools 10 Upgrade - Mac/Windows $299.99 Whether you're a veteran of the music industry, a music-making hobbyist or a student developing your own style of sound design, you have one goal mastering an innovative, crystal-clear, perfectly balanced mix that will blow away your audience. Composing professional-quality audio tracks requires dedication and talent, but with Pro Tools 10, it doesn't require a professional studio. Stocked with award-winning tools, workflows, plug-ins and more, this comprehensive software gives you everything you need to achieve the exact sound you're striving for without ever leaving your computer. Upgrade your Pro Tools 9 software to Pro Tools 10, and see your possibilities multiply. This new set of Tools eliminates the need for file duplication, freeing you up to work with multiple audio formats faster and more effectively. Plus, new support for 32-bit floating-point file formats gives you unrivaled sound quality with the highest-quality Pro Tools resolution yet. Whether you're jamming out melodies on a MIDI controller, recording a vocal performance, or designing rhythms right from your computer, Pro Tools 10 lets you create bigger mixes than ever with up to 96 tracks, and boosts your efficiency with specialized workflows. When it's time to add the perfect finishing touches, find the exact sounds you want in a vast library of more than 75 plug-ins, including the Channel Strip plug-in that emulates the renowned EQ and dynamics of the System 5 console. Promoting your finished work has never been easier, thanks to direct exporting to SoundCloud that delivers your music to a worldwide audience. Step up to the next generation of sound excellence.