A lightweight mutual authentication mechanism for network mobility in IEEE 802.16e wireless networks

Computer Networks 55 (2011) 3796–3809

Contents lists available at ScienceDirect

Computer Networks journal homepage: www.elsevier.com/locate/comnet

A lightweight mutual authentication mechanism for network mobility in IEEE 802.16e wireless networks Ming-Chin Chuang, Jeng-Farn Lee ⇑ Department of Computer Science and Information Engineering, National Chung Cheng University, Chia-Yi, Taiwan, ROC

a r t i c l e

i n f o

Article history: Available online 24 June 2011 Keywords: Network mobility (NEMO) AAA Local authentication Handoff 802.16e

a b s t r a c t Many mobile network nodes (MNNs) in public transport move together as a large-scale mobile network. Therefore, RFC 3963 proposes a network layer solution called network mobility (NEMO) as the basic support protocol for network mobility management. NEMO is designed so that network mobility is transparent to nodes in the mobile network, thereby reducing the signaling overhead. However, NEMO does not specify how authentication, authorization and accounting (AAA) should be handled, and it inherits the drawbacks of long handoff latency from Mobile IPv6 (MIPv6). In this paper, we develop a lightweight mutual authentication mechanism (LMAM) with low computational overhead and achieve local authentication based on NEMO and the AAA model over IEEE 802.16e networks. Moreover, LMAM can resist various attacks. In addition, we propose an enhanced hierarchical Mobile IPv6 (E-HMIPv6) scheme to reduce intra-domain handoff latency. We then integrate LMAM into E-HMIPv6 without increasing the signaling overhead. Our analysis results show that the integrated scheme, called LE-HMIPv6 outperforms existing schemes in terms of authentication and handoff latency. Ó 2011 Elsevier B.V. All rights reserved.

1. Introduction The IEEE 802.16e standard (also called Mobile WiMAX) [1] describes a novel technique that supports high mobility, provides high bandwidth, and supplies large coverage area in the next generation broadband wireless networks. In such environments, people use mobile devices to access all kinds of services, such as Web-browsing, VoIP, video conferencing, and other multimedia applications, anytime-anywhere. In addition, users prefer that the system provides secure and seamless communications on the move. Therefore, developing an effective authentication mechanism and seamless handoff procedures have become important research issues. In real life, using public methods of transportation such as ships, trains, buses and airplanes, many mobile network

⇑ Corresponding author. Tel.: +886 5 2720411x33128. E-mail address: jfl[email protected] (J.-F. Lee). 1389-1286/$ - see front matter Ó 2011 Elsevier B.V. All rights reserved. doi:10.1016/j.comnet.2011.05.027

nodes (MNNs) move together as a large-scale mobile network. The Internet Engineering Task Force (IETF) proposed a network layer solution called network mobility (NEMO) [2], which is an extension of Mobile IPv6 (MIPv6) [3] and enables a mobile network moving among different foreign networks to maintain continuous connections. Although NEMO reduces the signaling overhead for mobility management, it inherits the drawbacks of long handoff latency from MIPv6. Moreover, NEMO does not specify how authentication, authorization and accounting (AAA) should be handled in mobile networks. IETF proposed the AAA model [4–6] and diameter protocol [7] to solve the AAA problems when a network receives a request from a mobile node for roaming in a foreign network. Within this AAA model, there are four security associations (SAs) in the MIPv6 as shown in Fig. 1. The security association means two network entities share some secret information with each other. When a mobile router (MR) moves in a foreign domain, it has to provide some authentication information before it can

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

3797

show that the integrated scheme outperforms existing schemes in terms of authentication and handoff latency. The remainder of this paper is organized as follows. In Section 2, we review related work in respect of security and handoff. Section 3 describes the operations of the proposed LMAM, E-HMIPv6, and LE-HMIPv6 mechanisms in detail. In Section 4, we present a security analysis of LMAM, and we analyze the performance of the proposed mechanisms in Section 5. Then, in Section 6, we summarize our conclusions and future work. 2. Related work 2.1. The security aspect

Fig. 1. The security associations in the MIPv6 with AAA model.

access the resources of that domain. However, in traditional authentication mechanisms, one of the technical challenges is that a roaming MR and a local AAA (LAAA) server cannot pre-share any secret information because they lack a direct security association as shown in Fig. 1. As the LAAA does not have sufficient information to verify the authentication information of the MR, it must send the information back to the home AAA (HAAA) server of the MR and wait for a reply. This restriction results in authentication inefficiency since the authentication information needs to be passed between the home and the foreign networks. Moreover, the MR needs to be authenticated frequently if it often roams in different domains. The problem becomes more serious as the distance between the foreign and home networks increases. In this paper, we develop a lightweight mutual authentication mechanism (LMAM) with low computational overhead and achieving local authentication based on NEMO and the AAA model over IEEE 802.16e networks. In addition, an efficient authentication scheme should take account of two factors: the computation cost of cryptography and the authentication latency. Therefore, our proposed LMAM has the following characteristics. (1) The computation cost is low because LMAM is a lightweight security mechanism that only uses symmetric cryptography and a hash function [8] to resolve the high computation problem of the public key infrastructure (PKI). (2) LMAM provides local authentication (i.e., authentication can be finished locally), which reduces the authentication latency and decreases the workload of the HAAA server without assuming that the MR and the LAAA server pre-share a session key. (3) LMAM fulfills the following security requirements: replay attack resistance, stolen-verified attack resistance, mutual authentication to prevent server spoofing attacks, and session key generation. Moreover, we propose an enhanced hierarchical Mobile IPv6 (E-HMIPv6) scheme to reduce intra-domain handoff latency. We then integrate LMAM into E-HMIPv6, called LE-HMIPv6 without increasing the signal overhead. The performance results

Previous research [9,10] focus on the AAA authentication in the host mobility environment. However, NEMO does not specify how AAA should be handled in mobile networks, and fewer studies consider the AAA authentication in the NEMO environment. Fathi et al. [11] and Shi and Tang [12] use the AAA model to deal with the security issues in NEMO. Fig. 2 shows the network architecture that combines NEMO with the AAA model [11] in a mobile network. In [11], the authors propose a leakage resilientauthenticated key establishment (LR-AKE) scheme based on the concept of PKI. Although PKI can normally be used to prevent all attacks, its cryptographic calculation is too heavy for most mobile devices. Moreover, Wang et al. [13] shows that LR-AKE scheme is vulnerable to both client and server impersonation attacks. Shi and Tang [12] proposes a local authentication concept for mobile networks to reduce the authentication delay. However, the authentication request still needs to return to the HAAA server in this scheme when the MR first moves into a new foreign network. If that foreign network is far away from the home network, the authentication latency will be long. In addition, this scheme is based on a strong assumption that the MR and the LAAA server pre-share a session key, but there is no such security association in a general AAA model as shown in Fig. 1. In addition, the AAA server needs to spend much time on key management. Therefore, we aim to provide an authentication scheme with low authentication latency and low computation cost based on the AAA model illustrated in Fig. 1. 2.2. The handoff aspect Because NEMO is extended from MIPv6, it inherits the disadvantage of long handoff latency from MIPv6. Many approaches [14–18] try improve long handoff latency of MIPv6, but these schemes still have some drawbacks. For example, Malki [14] proposes the Low Latency Handoff (LLH) scheme based on a pre-registration method. However, LLH might cause transmission failure called the HA Error Registration problem (HER) when the MNN is in a ping-pong situation. RFC 4068 [15] and RFC 4260 [16] propose a fast Mobile IPv6 (FMIPv6) scheme to enhance the handoff performance for MIPv6. FMIPv6 depends on the access router (AR) to anticipate handoff, but there is no guarantee that the MR will connect to the correct AR every

3798

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

Fig. 2. The network architecture combines NEMO with the AAA model over IEEE 802.16e networks.

time. If the anticipated connection between the MR and AR is unsuccessful, it needs to be re-built, resulting in long handoff latency. This fact is because the FMIPv6 only uses a simple layer 2 trigger. In addition, the schemes [14–17] do not consider the micro-mobility of MN. If the MN only micro-moves around, it still needs to perform the handoff and global registration (i.e., binding update to HA) procedures, resulting in high signaling overhead and handoff latency. RFC 5380 protocol [18] uses a hierarchical Mobile IPv6 (HMIPv6) to support micro-mobility management and reduce the intra-domain handoff latency. However, HMIPv6 also has difficulty coping with the ping-pong effect because it does not use a layer 2 trigger to facilitate accurate handoff decision. Therefore, we propose E-HMIPv6 to reduce the intra-domain handoff latency and ensure successful handoff. We then integrate LMAM into E-HMIPv6, called LE-HMIPv6 without increasing the signal overhead. 3. Lightweight mutual authentication mechanism (LMAM) In this section, we describe the proposed lightweight mutual authentication mechanism (LMAM) based on the

AAA model illustrated in Fig. 1. The operations of LMAM involve three procedures: home registration, first authentication, and fast re-authentication. Before joining a foreign network, an MR must register with the HAAA server. When the MR first moves into a new foreign network, LMAM performs the first authentication procedure. It executes the fast re-authentication procedure when the MR micromoves within the same foreign domain. We also propose an enhanced hierarchical Mobile IPv6 scheme, called the E-HMIPv6, to reduce the handoff latency in intra-domain handoff. Finally, we integrate LMAM into the handoff procedure of E-HMIPv6 without increasing the signaling overhead. 3.1. Network architecture Fig. 2 shows the network architecture that combines NEMO with the AAA model adopted over IEEE 802.16e networks. A mobile network contains several MNNs and at least one MR which has the function of the mobile subscribe station (MSS) and is responsible for maintaining the ongoing session. Besides, a foreign domain has some access routers (ARs) and at least one LAAA server. When

3799

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

a mobile network moves into a new foreign domain, the MR performs the first authentication procedure before it can access the new network. Maintaining secure group communication efficiently is an important issue in mobile networks since the network topology changes frequently when MNNs join, leave and perform handoff. The network architecture illustrated in Fig. 2 can support all kinds of group key management schemes in mobile networks [19–21]. Note that the HAAA and LAAA servers pre-share some secret information to facilitate the authentication procedure based on the AAA security model (i.e., SA 4 in Fig. 1) if they have a roaming agreement. Moreover, in a foreign domain, the LAAA and ARs share common secret information, such as the group key GK (i.e., SA 3 in Fig. 1) because they have a security association. We do not consider nested mobile networks in this paper, but our mechanism can easily be extended to such networks. The notations used throughout this paper are listed in Table 1. 3.2. Home registration procedure As mentioned earlier, before an MR joins a mobile network, it needs to perform the home registration procedure, which can be executed via a secure channel or human action. In this paper, we assume that there is a secure channel between MR and HAAA based on the AAA model [4–6] and the diameter protocol [7], because they have a security association, as shown in Fig. 1. The system could perform the Diffie–Hellman scheme to establish a secure channel if there is no a secure channel between MR and HAAA. Fig. 3 shows the home registration procedure. The steps are as follows: (1) MR ? HA: the MR sends its unique identification/ MAC address (i.e., MACMR) to the HA. (2) HA ? HAAA: the HA forwards the message to the HAAA server. (3) After receiving the MAC address of MR, the HAAA server computes the secret value G = H(xkMACMR). H( ) is a collision-free one-way hash function, and x is a secret value shared between HAAA and LAAA securely (i.e., based on SA4 in Fig. 1). In this paper, we assume the value of x cannot be acquired. Table 1 Notations. Symbol

Description

x GK MACi

Secret value shared between HAAA and LAAA Group key of a foreign domain The MAC address of a mobile device i (Note that this is a unique address) A random number i The message encrypted using a key K with symmetric cryptography The plaintext derived by decrypting ciphertext with the symmetric key K A one-way public hash function The combination of strings All of access rights in the HAAA server YService # XService; The set of access rights of an MR ZService # YService; The access rights granted by an LAAA server A session key

Ri EK (M) DK (M) H() k XService YService ZService SK

MR

HA (1) MACMR

HAAA (2) MACMR (3) 1. G=H(x||MACMR) 2. Access rights, YService

(5) G,YService

(4) G,YService

(6) Store G and YService

Secure channel Fig. 3. Home registration procedure.

(4) HAAA ? HA: the HAAA server sends the parameters G and YService to the HA. The HAAA holds all access rights XService, and YService denotes the set of access rights that the MR can access (i.e., YService # XService). (5) HA ? MR: the HA forwards the parameters G and YService to the MR. (6) The MR stores the parameters G and YService. 3.3. First authentication procedure When an MR moves into a new foreign network, it performs the first authentication procedure. In a mobile network, the MR needs be re-authenticated frequently because it often moves in different foreign domains. Normally, the authentication information of the MR needs to be verified by the HAAA server. If the foreign domain is far away from the home domain, the time required for authentication will be long. Therefore, an efficient authentication mechanism is necessary. Our scheme provides a local authentication mechanism (i.e., the authentication can be done locally without involving the remote server) and facilitates mutual authentication between the MR and the LAAA server. The steps of the first authentication procedure are listed below and shown in diagrammatic form in Fig. 4. (1) The MR generates a random number R1 and the authentication information M1 as (R1kYService). It uses the symmetric key G to encrypt the authentication information and then computes the message digest (i.e., H(EG(M1)kMACMR)) for message integrity. (2) MR ? AR: The MR transmits the authentication request, which includes the MACMR, the encrypted M1 (i.e., EG(R1kYService)), and the message digest. (3) AR ? LAAA: The AR forwards the message to the LAAA server. (4) The LAAA verifies the MR: The LAAA server first checks the message digest for detecting the modification attack. The LAAA rejects the authentication request if the hash value (i.e., H(EG(M1)kMACMR)) is not equal to the message digest. Therefore, denial of service attacks can be eliminated. Then, the LAAA generates the symmetric key G by H(xkMACMR) and decrypts the encrypted message, where x is the shared secret value between the HAAA server since the HAAA and LAAA servers have a secure roaming

3800

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

Fig. 4. First authentication procedure in a new foreign domain.

agreement, and have set a pre-shared secret value x (i.e., SA 4 in Fig. 1). Next, the LAAA gets the R1 and YService. Afterwards, the LAAA checks the access rights of the MR (i.e., YService). If the MR does not have access rights to the resource, the LAAA server will deny the request. Otherwise, it generates a random number R2 and a key K = H(GKkMACMR), which will be used in the fast re-authentication phase. Note that GK is the group key of a foreign domain (i.e., SA 3 in Fig. 1). Finally, the LAAA server prepares the authentication reply M2 as (R1kR2kKkZService), computes the message digest (i.e., H(EG(M2)kMACLAAA)), and generates the session key SK between the MR and LAAA server as H(R1kR2), where ZService represents the access rights granted by the LAAA server (i.e., ZService # YService). (5) LAAA ? AR: The LAAA server sends the encrypted authentication reply EG(M2), MACLAAA, and the message digest (i.e., H(EG(M2)kMACLAAA)) to the AR. (6) AR ? MR: The AR forwards the message to the MR. (7) The MR verifies the LAAA server: The MR checks the message digest (i.e., H(EG(M2)kMACLAAA)) for detecting the modification attack, uses the key G to decrypt the encrypted message to obtain R1, R2, K, and ZService, and checks the random number R1 for avoiding the replay attacks. Based on the ZService, the MR decides which ARs it will associate with. It stores the key K, generates the session key SK with the LAAA server.

(8) MR ? LAAA: The MR transmits the encrypted message which includes ESK(R2) to the LAAA. (9) LAAA decrypts the message and checks the random number when it receives the encrypted message. 3.4. Fast re-authentication procedure If an MR micro-moves to different ARs in the same foreign domain, it needs to be verified again. In our authentication scheme, the ARs implement a fast re-authentication procedure, as shown by the diagram in Fig. 5. The reauthentication steps are as follows: (1) When the MR receives a route advertisement (ADV) from the AR which includes the MAC address of the associated LAAA server, it can determine whether the foreign domain has been visited before. If the MAC address of the LAAA server has been received already, the MR micro-moves in the same foreign domain. The MR then performs the fast re-authentication procedure, and thus generates a random number R3 and encrypts the authentication information M3 (i.e., R3kYservice) using the symmetric key K from the first authentication procedure (i.e., H(GKkMACMR). Otherwise, the MR has moved into a new foreign domain, and it performs the first authentication procedure.

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

(2) MR ? AR: The MR transmits the authentication request, which includes the message digest (i.e., H(EK(M3)kMACMR)), the encrypted M3 (i.e., EK(M3)), and the MACMR to the AR. (3) When the AR receives the encrypted authentication request, it first checks the message digest for message integrity. The AR stops the follow-up authentication procedure if the MACMR is modified (i.e., the hash value is not equal to the message digest). Then, the AR computes the value of K (i.e., H(GKkMACMR) and decrypts the message, where GK is the group key pre-shared by the LAAA server and ARs of a foreign domain. If the encrypted message can be decrypted successfully, the MR is deemed valid. The AR then checks the access rights of the MR and obtains the random number R3. Consequently, the AR generates a random number R4, prepares the authentication reply M4 as (R3kR4kZService), computes the message digest (i.e., H(EK(M4)kMACAR)), and a new session key SK between the MR as H(R3kR4).

3801

(4) AR ? MR: The AR sends the reply (i.e., EK(M4), MACAR, and H(EK(M4)kMACAR)) to the MR. (5) When the MR receives the reply, it checks the message digest (i.e., H(EK(M4)kMACAR)) and uses the key K to decrypt the encrypted message. If the message digest is correct and the decryption operation is successful, the reply is trustworthy; otherwise, the MR ignores the reply message. Then, the MR checks R3 and Zservice, obtains R4, and then generates the new session key SK. (6) MR ? AR: The MR transmits the encrypted message which includes ESK(R4) to the AR. (7) The AR decrypts the message and checks the random number when it receives the encrypted message. In the first authentication and fast re-authentication procedures, LMAM provides local authentication. In the first authentication procedure, the MR uses the key G generated via the home registration procedure (i.e., step 3 in Fig. 3) to achieve local authentication. The LAAA server

Fig. 5. Fast re-authentication procedure in the same foreign domain.

3802

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

replaces the HAAA server to perform the authentication procedure because the key G can be calculated from the secret value x shared by both servers. Similarly, in the fast reauthentication procedure, the MR uses the key K gotten from the LAAA server in the first authentication procedure (i.e., step 4 in Fig. 4) to encrypt the authentication message. The AR, instead of the LAAA server, performs the authentication procedure to reduce the authentication latency since the key K is generated from the group key (i.e., GK) among the LAAA server and the ARs in the foreign network. In terms of key management, the cost of the symmetric key management in our proposed scheme is very low. Although our scheme is based on symmetric cryptography, the whole entities only need to store a few parameters (e.g., HAAA and LAAA only keep the secret value x, MR’s access rights, and a hash function). Moreover, HAAA, LAAA, and AR do not need to store any symmetric key table for MRs since our symmetric key is calculated. For example, in first authentication procedure, LAAA computes the symmetric key G generated by H(xkMACMR) in time rather than searching the corresponding symmetric key G from the key table. 3.5. Enhanced hierarchical mobile IPv6 (E-HMIPv6) HMIPv6 might cause the HER problem when the MR is in a ping-pong situation. Unfortunately, HMIPv6 must perform the handoff procedure again if the handoff procedure fails. This is because HMIPv6 does not use the layer 2 trigger to assist in making an accurate handoff decision. In the following, we propose an enhanced HMIPv6 (E-HMIPv6) scheme to support micro-mobility management. Specifically, E-HMIPv6 adds two layer 2 triggers (link weak trig-

ger (LWT) and link down trigger (LDT)) to perform the pre-handoff procedure in advance so as to further reduce the intra-domain handoff latency and provide reliable handoff. The LWT is triggered when the received signal strength of the MR is lower than the pre-defined threshold. E-HMIPv6 extends the concept of ‘‘DeuceScan’’ [22] to avoid the performance degrade due to the ping-pong effect. The LDT means that the MR has begun to initiate the handoff procedure. Fig. 6 shows the procedure of proposed E-HMIPv6 when the MR micro-moves in the same foreign domain. EHMIPv6 integrates the pre-handoff procedure with the handoff procedure. In the figure, steps 1–6 implement the pre-handoff procedure, and steps 7–11 are the handoff procedure. E-HMIPv6 uses two triggers for interactions between the data link and network layers: LWT and LDT. These triggers provide more accurate information to reduce the possibility of failed handoff. In the pre-handoff procedure of E-HMIPv6, the previous access router (PAR) periodically transmits a neighbor advertisement (NB_ADV) message to the MR. The message includes the candidate list of ARs and the network prefixes of the candidate ARs such that the MR can select suitable new access routers (NARs). When the LWT is triggered, the MR sends a fast binding update (FBU) message, which lists the possible candidate NARs, to a mobility anchor point (MAP) via its PAR (i.e., AR2 in Fig. 6). The MAP then initiates the fast handoff procedure by sending the handoff initial (HI) message to all candidate NARs. The candidate NARs (i.e., AR1 and AR4 in Fig. 6) execute the local duplicate address detection (DAD) process and send a handoff acknowledgement (HACK) message to MAP. The MAP then

Fig. 6. The intra-domain handoff procedure in the E-HMIPv6 scheme.

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

uses the fast binding acknowledgement (FBACK) message to notify the MR that the pre-handoff procedure is finished. In this phase, the MR can obtain multiple on-link care-ofaddresses (LCoAs) simultaneously. In the handoff procedure, when the MR receives the LDT trigger from the data link layer, it decides the real target AR. In the example illustrated in Fig. 6, the MR selects AR1 as its target AR and sends a handoff start (HO_START) message which includes the binding update information to the MAP. After receiving the HO_START message, the MAP starts forwarding packets for the MR to the selected NAR (AR1) which will buffer these packets. When the MR completes the connection, it sends a fast neighbor advertisement (FNA) message to AR and downloads the buffered packets from AR1. To summarize, E-HMIPv6 use multiple triggers in the data link layer to assist the handoff procedure of network layer and avoid the HER problem. Moreover, the proposed E-HMIPv6 reduces the handoff latency because the movement detection and the DAD procedures are completed during the pre-handoff phase. The MR simultaneously has multiple LCoAs after the pre-handoff procedure. Therefore, if the handoff occurs, the MR connects with the NAR immediately even if the MR makes a wrong handoff decision.

3803

3.6. LMAM with E-HMIPv6 (LE-HMIPv6) Since E-HMIPv6 aims to reduce the handoff latency for micro-mobility of MRs, it needs to cooperate with suitable authentication schemes, or the graceful design of E-HMIPv6 is thrown away if the authentication procedure needs to be performed in the home domain. In fact, LMAM works compatibly with the E-HMIPv6 because it supports local authentication. In this subsection, we explain how the fast re-authentication procedure of LMAM is integrated into the E-HMIPv6, called the LE-HMIPv6. LE-HMIPv6 is comprised of two phases: the pre-handoff procedure and the handoff procedure, as illustrated in Fig. 7. When an MR sends an FBU message to its PAR, the message piggybacks the authentication message (AUTH), which contains EK(R3kYServicekH(R3kMACMR)) and MACMR. Then, if the MR is deemed valid, the NAR piggybacks the authentication reply message (AUTH_REP), which includes EK(R3kR4kZServicekH(R4kMACAR)) and MACAR, to the HACK/FBACK message for the MR. Consequently, LEHMIPv6 does not increase the signaling overhead or handoff latency. When the pre-handoff procedure is finished, the mutual authentication procedure is also accomplished.

Fig. 7. The flow chart of LE-HMIPv6 scheme.

3804

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

4. Security analysis Before describing the security analysis, we add some notes as follows. (1) Although we define the group key GK as a pre-shared key among LAAA and ARs securely, the long-term key is still possible to be cracked by brute force attack for a long time if the attacker has enough time and high speed computer. Therefore, we assume the key length is long enough for the system to be robust. Moreover, the system needs to change the long-term key timely for reducing the cracked opportunity by brute force attack. (2) The security property of LMAM is based on a collisionfree one-way hash function (e.g., SHA-512 [23]). For a oneway hash function H( ), when the value of x is given, it is easy to compute H(x); however, given the value of H(x), computing x is very difficult or incurs a high computation cost. We now consider the security features of LMAM. The mechanism satisfies the following security requirements. Moreover, we compare the security feature of LMAM with LR-AKE scheme in Table 2. (1) Replay attack resistance: It is hard for the attacker to guess the value of the random number because the random number is refreshed in each authentication procedure. Therefore, the proposed scheme is resistant against the replay attack because the authentication information (i.e., M1 and M2) includes a random number to prevent the replay attack. (2) Mutual authentication and server spoofing attack resistance: The MR authenticates the authentication server, and vice versa in LMAM (i.e., step 4 and 7 in Fig. 4; step 3 and 5 in Fig. 5). Because of this mutual authentication, spoofing attacks are completely ineffective. (3) No time synchronization problem: The timestamp mechanism is used in some authentication schemes to resist replay attacks. However, the timestamp mechanism may suffer from some drawbacks such as different time zone, long delivery latency, and so on. Our scheme is a nonce-based authentication scheme; hence, it does not have the time synchronization problem. (4) Stolen-verified attack resistance: In LMAM, the AAA server does not need to store any verification table of the MR. Even if an adversary can intrude the database of the AAA server; he will not be able to obtain the authentication information of users. Therefore, LMAM is robust against the stolen-verified attack. Table 2 Comparisons of security feature.

Replay attack resistance Mutual authentication Server spoofing attack resistance No time synchronization problem Session key generation Modified attack resistance Local authentication Stolen-verified attack resistance

(5) Modified attack resistance: We use a one-way hash function to generate the message digest and then ensure that information cannot be modified. If an attacker transmits a modified (malicious) packet to the MR or the authentication server, the packet can be easily identified by checking the hash values. (6) Local authentication: Local authentication has three advantages: it saves authentication time, reduces the network overhead, and provides a fault tolerance mechanism. In other words, even if the HAAA server crashes, the MR will still be able to perform the authentication procedure in a foreign domain. (7) Session key generation: In the first authentication and fast re-authentication procedures of LMAM, a session key is generated, which uses the random numbers (i.e., step 4 and 7 in Fig. 4; step 3 and 5 in Fig. 5), to provide secure communications. In LEHMIPv6, the key is generated during the pre-handoff procedure. When the procedure has finished, the MR and the AR can communicate with each other securely. Specifically, they can use the session key to encrypt messages to prevent other nodes from overhearing their contents. (8) Known-plaintext attack resistance: The knownplaintext attack is a cryptanalytic attack in which the attacker has obtained both the plaintext and its corresponding ciphertext, and then the attacker tries to discover the secret information. Although the MACMR is transmitted in clear form in our scheme, it does not suffer from the known-plaintext attacks. This is because the attacker only captures the MACMR, but he does not know the corresponding secret key G (i.e., G = H(xkMACMR)) and the secret value x. Therefore, the attacker finds it hard to execute the known-plaintext attack successfully. In the fast re-authentication procedure, our scheme still does not suffer from the knownplaintext attacks for the same reason (i.e., the attacker only captures the MACMR, but he does not know the corresponding secret key K (i.e., K = H(GKkMACMR)) and the group key GK). The fast re-authentication procedure still resists the known-plaintext attacks since the attacker cannot obtain the corresponding secret key K (i.e., K = H(GKkMACMR)) and the group key GK. 5. Analysis 5.1. Performance metrics

LMAM

LR-AKE

Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes No No

We evaluate the proposed mechanisms based on the following performance metrics.  Computation Cost (CC): The computational complexity of a mobile node.  Authentication Latency (AL): The delay time between an MR sending an authentication request and receiving the corresponding authentication reply.

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

 Handoff Latency (HL): The time required for an MR to change its association. The total handoff latency is the sum of the data link layer handoff latency, the authentication latency, and the handoff latency in network layer.  Signaling Cost (SC): The total number of signal frames transmitted during each handoff procedure. The signaling cost is an important factor in network performance. A good authentication mechanism should incur low computation cost and provide low authentication latency. Besides, a fast handoff scheme emphasizes low handoff latency, and the integrated design of the authentication and fast handoff schemes should prevent redundant signaling costs. In the following, we show our proposed mechanisms provide better solutions to the security and handoff problems than existing schemes via an analytical model and numerical results. 5.2. Network parameters Fig. 8 shows the network topology and numerical model used for the performance evaluation. Although the signaling messages have different sizes, we assume they all have the same transmission delay and computation cost. In the evaluation model, we use the following notations:  DAB: The average propagation delay between node A and node B. It is assumed that DAB = DBA.  DFNA: The time required to transmit a fast neighbor advertisement.  m: The hop count between the home and the foreign domains.  DPROC(A): The average processing delay of procedure A.  The handoff latency can be expressed as the sum of layer 2 detection delay (DL2), movement detection delay (DMD), duplicate address detection delay (DDAD), authentication delay (DAUTH), and location registration delay (DBU). In [3] it is suggested that the AR used to support mobility should be configured with smaller MinRtrAdvInterval (MinInt) and MaxRtrAdvInterval (MaxInt) values so that the unsolicited router advertisement (RA) can be sent more often. For simplicity, we assume that the value of DMD in MIPv6 is half the mean value of

HAAA

LAAA

a (HA) Router

LAAA

a b

Router

…

unsolicited RA messages (i.e., (MinInt + MaxInt)/2), and the value of DMD in HMIPv6 is a quarter of the mean value of unsolicited RA messages (i.e., (MinInt + MaxInt)/4) based on [24].  SA: The number of signal messages sent by node A. Table 3 shows the parameter values used in the numerical analysis and the default value of DAD delay is 1000 ms based on [25]. 5.3. Performance analysis 5.3.1. Computation cost This section compares the computation cost of LAMA with LR-AKE scheme.1 In the analysis of the computation cost, we use the following notations: ‘‘-’’ means there is no computation cost; n is the number of MRs served by the HAAA server; Ch denotes the cost of executing the one-way hash function; Csym represents the cost of computing symmetric encryption or decryption; Casym represents the cost of computing asymmetric encryption or decryption; and Cran is the cost of generating a random number. Tables 4 and 5 show the computational complexity of LMAM and LR-AKE schemes, respectively. The LR-AKE scheme always performs the authentication procedure at HAAA each time because it does not support the local authentication. Therefore, the HAAA is a bottleneck in LR-AKE scheme. In addition, we use Crypto++ Library [26] which is run on an Intel Core 2 1.83 GHz processor to evaluate the computing process time of operation. Table 6 shows the computing process time of each operation. We can see that the symmetric encryption is about 1000 times faster than the asymmetric encryption for bulk encryption [27]. Although the calculation speed of the hardware has rapidly developed, the process time of the asymmetric authentication scheme still affects the network performance when the number of the mobile devices is larger. Before discussing the authentication and handoff latency, we add a note as follows. Generally, the environment of the simulation analysis is simple (i.e., few mobile devices) so the total authentication processing time is very small. On the contrary, the propagation delay time is obviously larger than the computing process time. Hence, it is reasonable to ignore the effect of the computing process time in simulations. In this situation, we can clearly emphasize that LMAM has better performance (i.e., authentication and handoff latency) than other schemes.

a b

(MAP) Router

(MAP) Router

c m

3805

c

AR

AR

c AR

d

5.3.2. Authentication latency (AL) We evaluate the performance of LMAM by numerical analysis and compare it with the simple NEMO protocol combined with the AAA scheme, the LR-AKE scheme, and Shi et al.’s scheme. We consider authentication latency in two mobility scenarios; (a) when an MR first enters a foreign domain, and (b) when an MR micro-moves in the same foreign domain. The numerical analysis of the authentication latency is as follows.

MR

Fig. 8. Network topology and numerical model for performance evaluation.

1 Shi’s scheme [12] just proposed a localized authentication architecture but it does not discuss the detailed scheme. Hence, we only compare our scheme with LR-AKE scheme.

3806

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

Table 3 System parameters used for analysis.

Time (ms)

DL2

DDAD

a

b

c

d

MinInt

MaxInt

DPROC(AUTH)

50

1000

10

10

10

100

30

70

10

Table 4 Computation cost of the LMAM scheme.

Home registration phase First authentication phase Re-authentication phase

MR

HAAA

LAAA

AR

– Cran + 3Csym + 3Ch Cran + 3Csym + 3Ch

nCh – –

– Cran + 3Csym + 5Ch –

– – Cran + 3Csym + 4Ch

Table 5 Computation cost of the LR-AKE scheme.

Home registration phase First authentication phase Re-authentication phase

MR

HAAA

LAAA

AR

– Cran + 3Casym + 6Ch Cran + 3Casym + 6Ch

– Cran + 2Casym + 6Ch Cran + 2Casym + 6Ch

– – –

– – –

When an MR first enters a foreign domain, the authentication latency can be expressed as follows:

ALLMAM ¼ 2DMRAR þ 2DARMAP þ 2DMAPLAAA þ DAUTH ¼ 2a þ 2c þ 2d; ALSimple

Combine

ð1Þ

¼ 2DMRAR þ 2DARLAAA þ 2DHAAALAAA þ DAUTH ¼ 4a þ 2mb þ 2c þ 2d;

ð2Þ

ALLRAKE ¼ 5DMRAR þ 5DARHA þ 2DHAHAAA þ 4DHAAALAAA þ DAUTH ¼ 10a þ 9mb þ 5c þ 5d;

ð3Þ

ALShi ¼ 2DMRAR þ 2DARLAAA þ 2DHAAALAAA þ DAUTH ¼ 4a þ 2mb þ 2c þ 2d:

ð4Þ

Similarly, when an MR micro-moves in the same foreign domain, the authentication latency can be defined as:

ALLMAM ¼ 2DMRAR þ DAUTH ¼ 2d; ALSimple

Combine

ð5Þ

¼ 2DMRAR þ 2DARLAAA þ 2DHAAALAAA þ DAUTH ¼ 4a þ 2mb þ 2c þ 2d;

ð6Þ

ALLRAKE ¼ 5DMRAR þ 5DARHA þ 2DHAHAAA þ 4DHAAALAAA þ DAUTH ¼ 10a þ 9mb þ 5c þ 5d;

ð7Þ

ALShi ¼ 2DMRAR þ 2DARMAP þ 2DMAPLAAA þ DAUTH ¼ 2a þ 2c þ 2d:

ð8Þ

Table 7 lists the numerical analysis results of authentication latency. The results show that the proposed LMAM achieves the best authentication latency among the compared approaches. This is because it utilizes local authentication instead of home authentication. In contrast, the LR-AKE scheme spends a long time on negotiations between the HAAA and the LAAA servers. If the hop count m is large, the authentication latency will be much longer. Shi et al.’s scheme also needs to send the authentication

Table 6 Computing process time. Operations

Microseconds/operation

RSA 1024 encryption RSA 1024 decryption RSA 1024 signature RSA 1024 verification AES 256 encryption AES 256 decryption SHA-1 SHA-512

3010 130 3020 130 0.801 0.801 0.5 0.76

information for the MR to the HAAA server when the MR first enters a foreign domain. Moreover, the LAAA, instead of the AR in LMAM, uses the authentication procedure in the micro-move scenario for Shi et al.’s scheme. Therefore, LMAM still performs better than Shi et al.’s scheme. Fig. 9 shows the authentication latency of the first authentication procedure for different distances (i.e., hop counts) between the home and foreign domains. The authentication latency of other schemes increases sharply when the distance between the home network and a foreign network increases, whereas LMAM maintains low authentication latency because its property of local authentication. Fig. 10 shows the performance of re-authentication latency. Once again, LMAM achieves the best result, since it only relies on the AR to implement the re-authentication procedure. 5.3.3. Intra-domain handoff latency (HL) We simulate the performance of the LE-HMIPv6 by NS2 [28,29] and compare it with the basic NEMO scheme, the LLH pre-registration scheme and the HMIPv6 scheme. In the simulations, each result is obtained from the average of ten runs. We assume that HMIPv6 supports regional registration [30]. The total handoff latency is the sum of data link layer handoff latency, authentication latency, and network layer handoff latency. The total handoff latency of each scheme is calculated as follows:

3807

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809 Table 7 Authentication latency of the compared schemes.

LMAM Simple NEMO combined with AAA LR-AKE Shi et al.

First enters a foreign domain

Micro-moves in the same foreign domain

2a + 2c + 2d 4a + 2mb + 2c + 2d 10a + 9mb + 5c + 5d 4a + 2mb + 2c + 2d

2d 4a + 2mb + 2c + 2d 10a + 9mb + 5c + 5d 2a + 2c + 2d

2500

2500

LMAM Simple NEMO combines with AAA LR-AKE Shi et al.

LMAM Simple NEMO combines with AAA LR-AKE Shi et al.

2000

Authentication Latency (ms)

Authentication Latency (ms)

2000

1500

1000

500

0

1500

1000

500

0 0

2

4

6

8

10

12

14

16

18

0

20

Distance between home domain and foreign domain (Hops) Fig. 9. The performance of the first authentication latency.

6

8

10

12

14

16

18

20

2500 LE-HMIPv6-Ana Basic NEMO-Ana LLH-Ana HMIPv6-Ana LE-HMIPv6-Sim Basic NEMO-Sim LLH-Sim HMIPv6-Sim

ð9Þ

HLNEMO ¼ DAUTH þ DL2 þ DMD þ DDAD þ DBU þ DL2 þ ðMinInt þ MaxIntÞ=2 þ DDAD þ 2ðDMRNAR þ DNARHA Þ ¼ 2ða þ ðm þ 1ÞbÞ þ DPROCðAUTHÞ þ DL2 þ ðMinInt þ MaxIntÞ=2 ð10Þ

Handoff Latency (ms)

2000

¼ ð2DLAAAHAAA þ DPROCðAUTHÞ Þ

þ DDAD þ 2ðd þ ðm þ 1ÞbÞ; HLLLH ¼ DAUTH þ DL2 þ DMD

4

Fig. 10. The performance of the re-authentication latency.

HLLEHMIPv 6 ¼ DL2 þ DFNA ¼ DL2 þ 2DMRNAR ¼ DL2 þ 2d;

2

Distance between home domain and foreign domain (Hops)

1500

1000

500

¼ ð2DLAAAHAAA þ DPROCðAUTHÞ Þ 0

þ DL2 þ ðMinInt þ MaxIntÞ=2 ¼ 2ða þ ðm þ 1ÞbÞ þ DPROCðAUTHÞ þ DL2

0

ð11Þ

þ ðMinInt þ MaxIntÞ=2; HLHMIPv 6 ¼ DAUTH þ DL2 þ DMD þ DDAD þ DBU

2

4

6

8

10

12

14

16

18

20

Distance between home domain and foreign domain (Hops) Fig. 11. The performance of average intra-domain handoff latency vs. distance between the home domain and the foreign domain.

¼ ð2DARLAAA þ DPROCðAUTHÞ Þ þ DL2 þ ðMinInt þ MaxIntÞ=4 þ DDAD þ 2ðDMRNAR þ DNARMAP Þ ¼ 2ða þ cÞ þ DPROCðAUTHÞ þ DL2 þ ðMinInt þ MaxIntÞ=4 þ DDAD þ 2ðc þ dÞ: ð12Þ LMAM works well with the micro-mobility management because it provides local authentication without sending the information back to the HAAA server of the MR. In addition, LE-HMIPv6 uses the piggyback technique to reduce the signaling overhead, and it uses multiple data link triggers to assist the pre-handoff procedure for reducing the handoff latency. Therefore, the MR can perform intradomain handoff procedure quickly. Figs. 11 and 12 show

the performance of average intra-domain handoff latency. The ‘‘Sim’’ in Figs. 11 and 12 means the results are obtained from the simulation, and the ‘‘Ana’’ in Figs. 11 and 12 means the results are obtained from the numerical analysis. Fig. 11 shows the results of intra-domain handoff latency with different distances (i.e., hop counts) between the home and foreign domains. The basic NEMO protocol has the longest handoff latency because it inherits the drawbacks of long handoff latency from MIPv6 and does not support local authentication. Although the LLH uses a pre-registration method to reduce the handoff latency, the authentication procedure still needs to be performed in the HAAA server resulting in long authentication latency. The HMIPv6 protocol supports micro-mobility

3808

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809

6. Conclusions and future work

2500 LE-HMIPv6-Ana Basic NEMO-Ana LLH-Ana HMIPv6-Ana LE-HMIPv6-Sim Basic NEMO-Sim LLH-Sim HMIPv6-Sim

Handoff Latency (ms)

2000

1500

1000

500

0 0

1

2

3

4

5

6

7

8

9

10

Distance between AR and LAAA (Hops) Fig. 12. The performance of average intra-domain handoff latency vs. distance between the AR and the LAAA.

management and a regional registration scheme, but the movement detection and DAD delay cause long handoff latency. The LE-HMIPv6 mechanism has the lowest handoff latency because the authentication procedure, the movement detection procedure, and the DAD procedure are completed during the pre-handoff phase. Moreover, to avoid the ping-pong effect and HER problem, we use the concept of ‘‘DeuceScan’’ [22] and the layer 2 triggers the pre-handoff procedure in a timely manner. Fig. 12 depicts the performance of average intra-domain handoff latency with different distance between the AR and the LAAA. Our scheme still has the best results. Moreover, we can observe that the distance between the AR and the LAAA has little effect on our scheme. This is because LE-HMIPv6 performs the authentication procedure at the LAAA when an MR first moves into a new foreign network. Afterwards, the MR only performs the authentication procedure at the AR if an MR micro-moves to different ARs in the same foreign domain. 5.3.4. Signaling cost (SC) The signaling cost is defined as the total number of messages exchanged between network entities during the intra-domain handoff procedure. It includes the authentication and handoff signal costs. The signaling costs of the LE-HMIPv6, basic NEMO, LLH scheme, and HMIPv6 scheme are computed by Eqs. (13)–(16) respectively.

SC LEHMIPv 6 ¼ 3SMR þ 3SMAP þ SAR ¼ 7 messages;

ð13Þ

SC NEMO ¼ 2SMR þ 3SAR þ SHA þ 2SLAAA þ SHAAA ¼ 9 messages;

ð14Þ

SC LLH ¼ 3SMR þ 4SAR þ SHA þ 2SLAAA þ SHAAA ¼ 11 messages;

ð15Þ

SC HMIPv 6 ¼ 2SMR þ 3SAR þ 2SMAP þ 2SLAAA þ SHAAA ¼ 10 messages: ð16Þ The LE-HMIPv6 scheme completes the authentication and handoff procedures with the minimum signaling cost because it is based on the piggyback technique (i.e., Step 2, 3, 5, and 6 in Fig. 7). The difference in signaling costs is more obvious when handoff occurs frequently.

In this paper, we propose a lightweight mutual authentication mechanism called LMAM to support network mobility over IEEE 802.16e wireless networks. Since LMAM only uses symmetric cryptography and a hash function, the amount of cryptographic calculation is reduced substantially. Moreover, LMAM has the property of local authentication, which can complete authentication process locally without returning to the HAAA or LAAA server to reduce the authentication latency. We also enhance the HMIPv6 to support micro-mobility management in mobile networks. Our scheme, E-HMIPv6, uses multiple triggers and multiple CoAs to speed up the handoff procedure and avoid the HER problem. Finally, we integrate LMAM into E-HMIPv6 without increasing the signaling overhead since LMAM supports local authentication. The analysis results show that our proposed mechanism outperforms all existing schemes in terms of computation costs, authentication latency, handoff latency and signaling costs. With regard to security issues, LMAM is very effective in the areas of local authentication, replay attack resistance, stolen-verified attack resistance, session key generation, mutual authentication to prevent server spoofing attacks, known-plaintext attack resistance, and modified attack resistance. In the future, we will extend the proposed schemes for different authentication scenarios to evaluate their performance in more complex environments (e.g., a nested NEMO environment) and solve the route optimization problem.

References [1] IEEE Standard 802.16e-2005, in: IEEE standard for local and metropolitan area networks, air interface for fixed broadband wireless access systems, Amendment 2, February 2006. [2] V. Devarapalli, R. Wakikawa, A. Petrescu, P. Thubert, in: Network Mobility (NEMO) Basic Support Protocol, RFC 3963, January 2005. [3] C. Perkins, D. Johnson, Mobility support in IPv6, in: RFC 3775, June 2004. [4] C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, D. Spence, Generic AAA architecture, in: RFC 2903, August 2000. [5] S. Glass, T. Hiller, S. Jacobs, C. Perkins, Mobile IP authentication, authorization, and accounting requirements, in: RFC 2977, October 2000. [6] C. Perkins, Mobile IP joins forces with AAA, IEEE Personal Communications (2000) 59–61. [7] P. Calhoun, T. Johansson, C. Perkins, T. Hiller, Diameter Mobile IPv4 application, in: P. McCann (Ed.), RFC4004, August 2005. [8] L. Lamport, Password authentication with insecure communication, Communications of the ACM 24 (11) (1981) 770–772. [9] S. Pack, Y. Choi, Fast handoff scheme based on mobility prediction in public wireless LAN systems, IEE Communications 151 (5) (2004) 489–495. [10] A. Mishra, M.H. Shin, N.L. Petroni, J.T. Clancy, W.A. Arbauch, Proactive key distribution using neighbor graphs, IEEE Wireless Communications 11 (1) (2004) 26–36. [11] H. Fathi, S. Shin, K. Kobara, S. Chakraborty, H. Imai, R. Prasad, LRAKE-based AAA for network mobility (NEMO) over wireless links, IEEE Journal on Selected Areas in Communications (JSAC) 24 (9) (2006) 1725–1737. [12] Donghai Shi, Chaojing Tang, A fast handoff scheme based on local authentication in mobile network, in: Sixth IEEE International Conference on ITS Telecommunications Proceedings (ITST), June 2006, pp. 1025–1028. [13] Yingjie Wang, Wei Luo, Changxiang Shen, Analysis on Imai–Shin’s LR-AKE protocol for wireless network security, Communications in Computer and Information Science (2009) 84–89.

M.-C. Chuang, J.-F. Lee / Computer Networks 55 (2011) 3796–3809 [14] K. El Malki (Ed.), Low-Latency Handoffs in Mobile IPv4, RFC 4881, June 2007. [15] R. Koodli (Ed.), Fast Handovers for Mobile IPv6, RFC 5268, June 2008. [16] P. McCann, Mobile IPv6 fast handovers for 802.11 Networks, RFC 4260, November 2005. [17] Y.-H. Han, H. Jang, JinHyeock Choi, Byungjoo Park, J. McNair, A crosslayering design for IPv6 fast handover support in an IEEE 802.16e Wireless MAN, IEEE Network 21 (6) (2007) 54–62. [18] H. Soliman, C. Castelluccia, K. ElMalki, L. Bellier, Hierarchical Mobile IPv6 (HMIPv6) mobility management, in: RFC 5380, October 2008. [19] Depeng Li, Srinivas Sampalli, An efficient contributory group rekeying scheme based on hash functions for MANETs, in: IFIP International Conference on Network and Parallel Computing Workshops, September 2007, pp. 191–198. [20] W.H.D. Ng, Zhili Sun, H. Cruickshank, Group key management with network mobility, in: 13th IEEE International Conference on Networks (ICON), vol. 2, November 2005, pp. 716–721. [21] Y. Kim, A. Perrig, G. Tsudik, Group key agreement efficient in communication, IEEE Transactions on Computers 53 (7) (2004) 905– 921. [22] Yuh-Shyan Chen, Ming-Chin Chuang, Chung-Kai Chen, DeuceScan: deuce-based fast handoff scheme in IEEE 802.11 wireless networks, IEEE Transaction on Vehicular Technology 57 (2) (2008) 1126–1141. [23] NIST, U.S. Department of Commerce, Secure Hash Standard, U.S. Federal Information Processing Standard (FIPS), August 2002. [24] Ki-Sik Kong, Wonjun Lee, Youn-Hee Han, Myung-Ki Shin, HeungRyeol You, Mobility management for All-IP mobile networks: Mobile IPv6 vs. proxy mobile IPv6, IEEE Wireless Communications 15 (2) (2008) 36–45. [25] S. Thomson, T. Narten, IPv6 stateless address autoconfiguration, in: RFC 2462, December 1998. [26] Crypto++ Library 5.6.1, Available from: . [27] The SANS Technology Institute – Security Laboratory, Hash Functions, Available from: , January 2008. [28] MobiWan: NS-2 extensions to study mobility in wide-area IPv6, Available from: . [29] The network simulator NS-2, Available from .

3809

[30] E. Fogelstroem, A. Jonsson, C. Perkins, Mobile IPv4 regional registration, in: RFC 4857, June 2007.

Ming-Chin Chuang received the B.S. degree in computer and information science from Aletheia University, Tamsui, Taiwan, ROC., in 2003 and the M.S. degree in computer science and information engineering from Chaoyang University of Technology, Wufeng, Taiwan, in 2005. He is currently working toward the Ph.D. degree at the Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan. His research interests include mobility management, network security, and VANET.

Jeng-Farn Lee received the B.S. and M.S. degrees in the Department of Information Management from National Taiwan University, Taiwan, in 1998 and 2000, respectively, and the Ph.D. degree in the Department of Electrical Engineering from National Taiwan University, Taiwan, in January 2007. He was a Postdoctoral fellow in the Institute of Information Science, Academia Sinica, Taiwan until July 2007, and joined Department of Computer Science and Information Engineering, National Chung Cheng University as an Assistant Professor in Aug. 2007. His current research interests include QoS networking, scheduling, and wireless access network.