AAA authentication for network mobility

The Journal of China Universities of Posts and Telecommunications April 2012, 19(2): 81–86 www.sciencedirect.com/science/journal/10058885

http://jcupt.xsw.bupt.cn

AAA authentication for network mobility ZHANG Jie (), LIU Yuan-an, MA Xiao-lei, JIA Jin-tao School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China

Abstract Network mobility (NEMO) is a protocol proposed for the mobility management of a whole network. It offers seamless Internet connectivity to the mobile end users. However, the NEMO protocol has not been widely used in Internet, because it has not considered the secure problem about authentication and authorization. The proposed framework designed an access control scheme especially used for the NEMO network environment. It is based on the authentication, authorization, and accounting (AAA) system. It can make use of the mobile router to authenticate for all the mobile nodes at the same time, and uses the mobile network node (MNN)-list synchronization mechanism to control the secure access of the MNN. By using the foreign AAA server cache mechanism, this scheme can decrease the authentication time delay and improve the efficiency of the network. The advantages are proved by the comparison with other recent related studies via the OPNET simulations. Keywords

NEMO, AAA, authentication, access control

1 Introduction The NEMO basic protocol (NEMO BS) is provided by Internet Engineering Task Force (IETF) to ensure the session continuity of a whole mobile network when changing the access point of the Internet [1]. A NEMO network consists of a mobile router (MR) and a group of MNN. The MR will manage the mobility of the MNNs, and do the handover related works for the MNNs. However, the NEMO protocol has not been practically used in the Internet because it lacks of secure authentication and authorization control. Nowadays, the AAA framework [2] has been widely used by many Internet service providers. The mobile nodes send the authentication requests in extensible authentication protocol (EAP) [3] messages to the AAA servers, then the AAA servers use the remote authentication dial in user service (RADIUS) protocol or the diameter base protocol to deal with the authentication requests and finally decide whether to authorize the mobile nodes or not. Received date: 05-07-2011 Corresponding author: ZHANG Jie, E-mail: [email protected] DOI: 10.1016/S1005-8885(11)60249-5

In recent years, using the AAA model to solve the secure access problem in mobile network has been widely discussed [4–6]. In Ref. [4], Phang et al. provided an access control mechanism between the network nodes and the service providers, but it introduced an extra entity NEMOAAA server to authenticate the MNNs. It is not practical to change the AAA framework which widely deployed. In Ref. [5], Chuang et al. developed a lightweight mutual authentication mechanism (LMAM). LMAM is based on NEMO combining with AAA model in vehicular networks with low computation cost and local authentication. However, it deeply relies on the pre-shared secret value between the AAA servers, so it is vulnerable to the threats such as impersonate and man-in-the-middle attack. In Ref. [6], Moon et al. used the ticket to realize the local authorization and hence to shrink the authentication time delay. But the scheme increases the computation cost of the foreign AAA servers. And the later two papers have not stated how the MNNs can access to the MR securely. The remainder of the paper is organized as follows. Sect. 2 describes the detailed operations of the proposed mechanism. In Sect. 3, we analyze the performance of the mechanism based on the results of the experiment. Finally, Sect. 4 presents the conclusion of our work.

82

The Journal of China Universities of Posts and Telecommunications

2 The proposed authentication mechanism 2.1

Network architecture and symbol notation

The network architecture is explained in Fig. 1 which includes the AAA [2] entities and related protocols: home AAA server (AAAH), foreign AAA server (AAAF), EAP [3], diameter, and the NEMO [1] entities: MNN, MR, home agent (HA), and also the access router (AR) as the access point at the edge of the Internet.

Fig. 1

Proposed NEMO-AAA network architecture

The new function of the AAA server is that every AAAH keeps a list of MNNs which registered with a certain mobile network prefix (MNP) [1], and the AAAH will change the list content dynamically. When the AAAH receives a NEMO authentication request from the AAAF, it will check the identity of the MR and also give the newest MNN-list back to the MR. The notations used in this paper are explained in Table 1. Table1

2.2

The notation explanation

Symbol (node X) IDX VIDX

Full name Identity Virtual ID

PKX

Public key

SKX

Secret key

KX-Y

Symmetric key

LX

Life time

T

Time stamp

Treg

Register time

NS_No

Serial number

H(*)

Hash function

Explanation The unique ID of the node X The virtual ID of node X The key of node X shared by a group of other nodes in the network The key kept secretly by node X The symmetric key used between node X and Y The life time of the identity of node X Time stamp of this message when generated The time when the node register with AAA server Generated by the home authentication server and assigned to the registered mobile device Calculate the Hash value of the parameters inside, * means all the parameters in the message

Home registration

There are two phases in this procedure. One is how the MR register with the AAAH and the other is how the MNN register and access to the intent MR securely.

2012

First, we talk about the MR registration procedure. The MR in a NEMO is responsible for the mobility management of the MNNs access to it, so it should register with the AAAH first in the system initialization phase. The steps of MR registration are as follows: Step 1 MRAAAH MR sends the message {PKAAAH (MR-Register-request, PKMR, IDMR, MNP, T, H (*))} to AAAH. Step 2 AAAH AAAH receives the message and checks the time stamp T and H(*) firstly, if the value of T is in the reasonable range and the value of H(*) received is the same as the result calculated by AAAH itself, AAAH will continue to deal with the request, otherwise it will discard the message. Then AAAH checks the ID of the MR. If the MR is legitimate, AAAH will register the ID, MNP and Treg of the MR, use ID to compute the certificate for the MR, and also compute the VID of the MR in the format as ‘[email protected]’. virtualname=(IDMR XOR Treg). Step 3 AAAHMR AAAH sends the message {PKMR (KAAAH-MR, KMR-AR, VIDMR, SKMR-mnn, NS_No, H (*))} to MR. In this message, KAAAH-MR is used for the authentication when the MR roams to other AAA servers. KMR-AR is the session key between MR and AR; VIDMR used for the anonymity of the NEMO; SKMR-mnn used for the MNN access control; NS_No is a sequence number generated by AAAH to mark the communication sequence between MR and AAAH. We will explain the use of this notation later. H (*) is used for checking the integration of the message. MR receives the message, and uses its secret key SKMR to decrypt it. Then the MR checks the H (*) and keeps the keys. The registration procedure of MNN is similar as that of MR. At first, MNN will get the MNP broadcast of the MR, and then the MNN uses the MNP as its own MNP to register with the AAAH. The steps of MNN registration are as follows: Step 1 MNNAAAH MNN sends the message {PKAAAH (MNN-Registerrequest, PKMNN, IDMNN, MNP, T, H (*))} to AAAH. Step 2 AAAH After checking the T, H (*) and ID of the MNN in the receiving message, AAAH puts the ID, Treg and L in an MNN list. The value of L will be decreased in every second. When it gets to 0, the related record in the list will be deleted. The MNN information in the list is grouped by

Issue 2

ZHANG Jie, et al. / AAA authentication for network mobility

the MNP of the MNNs. And the content of the MNN-list will be changed dynamically with the login or logout of MNNs. The example of the list is shown in Table 2. Table 2 MNP 0:0:0:1 0:0:0:1 0:0:0:2

The structure of the MNN list in AAAH

ID 44-45-53-54-00-00 00-25-14-89-54-23 54-87-12-74-63-56

Treg 10:30:29-2011-06-10 10:33:59-2011-06-10 10:38:29-2011-06-10

L/min 10 6 2

After that, AAAH uses IDMNN to make the certificate for MNN and also make the VID of the MNN in the format as ‘[email protected]’. virtualname= (IDMNN XOR Treg). Step 3 AAAHMNN AAAH sends the message {PKMNN (VIDMNN, PKMR-mnn, LMNN, H (*))}. In this message, VIDMNN is used for the anonymity of the MNN; PKMR-mnn is used for the MNN to access the chosen MR. Step 4 MNNMR MNN sends the message {PKMR-mnn (IDMNN, IP)} to the MR. MR uses SKMR-mnn to get the IDMNN and puts its IP address in the related routing tables and mobility management tables. 2.3 First authentication When a NEMO moves into the range of an AAAF in the first time, the MR will authenticate with the AAAF and bind the care-of address (CoA) with the HA at the same time. AAAF sends the authentication request and the binding update (BU) message to AAAH, then the AAAH will give the copy of the MR certificate to AAAF and send the BU message to the HA. AAAF keeps the MR information in its cache for a certain time. The procedure is shown in Fig. 2:

Fig. 2

83

After checking the T and H(*), AAAF finds the address of the AAAH through the VIDMR, and sends the authentication message { PKAAAH(KAAAH-MR(NS_No, IDMR, MNN_list_request, BU_request)), T, H(*)} to AAAH. Step 3 HAAAAHAAAF AAAH checks the certificate of the IDMR and also checks if the NS_No is correct. Then it will give a part of its MNN-list which has the same MNP as the MR, and assign a new NS_No to the MR. Besides, AAAH will generate the session key KHA-MR used between HA and MR. After that, AAAH sends the BU request message to HA {PKHA(BU_request, KHA-MR, T, H(*))}. And at the same time, AAAH sends the authentication response to AAAF {PKAAAF(CertificateMR, NS_No new, MNN-list, KAAAH-MR (KHA-MR))} Step 4 AAAFMR AAAF keeps the copy of the certificate, the new NS_No and the MNN-list of the MR in its MR cache. The cache has a limited capacity, for example, it can only store 10 records. And the cache follows a first-in-first-out rule when it is full. Then AAAF makes a new VID for the MR following its network name. For example, in Fig. 1, when the NEMO roams from ‘abc.com’ to ‘lmn.com’, the new VID given by AAAF is ‘[email protected]’. So, every MR has two VIDs, including ‘[email protected]’ and ‘[email protected]’, which given by AAAH and the new AAAF respectively. This is useful in the re-authentication procedure later. Moreover, AAAF also generate the symmetric key KAAAF-MR between AAAF and MR, and the session key KMR-AR between MR and the new AR. Then, AAAF sends the authorization message to MR {PKMR (KAAAF-MR, KMR-AR, VIDnew, KAAAH-MR (KHA-MR, MNN-list)), T, H(*)}. Step 5 HAMR HA binds the CoA with the MRs HoA and sends the BU_ack to MR{KHA-MR(BU_ack), T, H(*)}. Then MR uses KMR-AR to communicate with the new AR, and uses KHA-MR to communicate with HA.

The authentication procedure of roaming NEMO

Step 1 MRAAAF MR sends the authentication request and BU request to AAAF, the message includes {PKAAAF (VIDMR, PKMR, T, KAAAH-MR(NS_No, IDMR, MNN_list_request, BU_request), H(*)). Step 2 AAAFAAAH

2.4

Re-authentication

This part will describe two scenarios, one is that the NEMO roams from one AAAF to another AAAF, and the other is that the NEMO roams back to the AAAF which it has accessed before.

84

The Journal of China Universities of Posts and Telecommunications

When the NEMO roams from one AAAF to another, the authentication procedure is similar with that in Sect. 2.3. The difference is that the new AAAF will send the authenticate request to the last AAAF according to the VIDnew of the MR instead of sending to the AAAH. If the last AAAF still has the information of the MR in its cache, it will do the same work as the AAAH. Otherwise, the authenticate request will be sent to the AAAH according to the home VID of the MR. When the NEMO roams back to the AAAF it has accessed before, the AAAF will recognize it, because the AAAF will check the cache first. If there is a corresponding record of the MR in the cache, the AAAF will authorize the MR by itself without sending messages to AAAH. The key technique to realize this feature is the synchronization of the MNN-list among the AAA servers. The procedure of this mechanism is described in Fig. 3.

record, it has three values which are ‘add’, ‘update’, and ‘delete’, where ‘add’ means a new MNN registers with the AAAH; ‘update’ means an MNN renews before its L gets to zero; ‘delete’ means an MNN logs out from AAAH. The procedure of the MNN-list synchronization between AAAH and AAAFs in Fig. 3 is described as follows: 1) The MR, i.e. the NEMO, roams from lmn.com to xyz.com. After authenticating the MR from AAAFlmn.com and authorizing the MR, AAAF-xyz.com sends the Synchronization_Update_Request to AAAH. And AAAH adds the address of the AAAF-xyz.com to the corresponding Multicast-AAAF-list. 2) MR continues roaming to the efg.com. AAAF-efg.com dose the same work as AAAF-xyz.com, and the AAAH adds the address of AAAF-efg.com into the multicast-AAAF-list. 3) The record of MR has been deleted from the cache of AAAF-lmn.com. AAAF-lmn.com sends the Synchronization_ Update_Cancellation to the AAAH, and AAAH deletes the address of AAAF-lmn.com from the multicast-AAAF-list. 2.5

Fig. 3

The synchronization of MNN-list among AAAFs

When MR is under the AAAF of lmn.com, the AAAF copies the information of MR and the MNN-list from the AAAH. The AAAH adds the address of AAAF into the Multicast-AAAF-list. The copy of the MNN-list includes all the items shown in Table 2, and the value in the MNP filed is the MNP of the MR. When the status of MNN in the MNN-list changes in AAAH, AAAH will multicast a notification message to the AAAFs in the multicastAAAF-list under that MNP, and the last AAAF will farther send this message to the MR. To save the bandwidth resource, AAAH only multicasts the modified records to the AAAFs, instead of sending the whole MNN-list under a certain MNP. The format of the notification message is similar with the MNN-list in Table 2, except that it adds a new field-‘operation’-in every record. The ‘operation’ item means the manipulation on this

2012

Identity renewal

When the L of an MNN gets close to zero, for example, there is one minute left, the MNN will start the identity renewal phase. MNN sends the Identity_Renew_Request message to AAAH {PKAAAH (IDMNN, VIDMNN(new,old), PKMR-mnn, MNP, T, H(*))}. AAAH receives the message and checks the parameters. If they are all correct, the AAAH sends the renewal response message back to the MNN and updates the L with the maximum value in the MNN-list, and then synchronizes this information among the AAAFs.

3 Analysis of the proposed scheme 3.1

Security performance

1) Communication key exchange: the secret key and the symmetric key system will protect the communication between two trustful nodes. Because only the communication node who has the decrypt key can receive the encrypted message and get the content in it. The scheme uses symmetric key between MR and its AAAH, and uses secret key between NEMO mobile router and the AAAFs, because the related entities has stronger computation power and the Internet part has more safety threats. The mobile nodes part uses the modified secret key

Issue 2

ZHANG Jie, et al. / AAA authentication for network mobility

scheme, which is that the mobile nodes only get the public key from AAAH and use it to access the MR. They do not need to do the encryption/decryption computation. This is because the computation power of mobile node equipments is weak and the secret key system is safer than the symmetric key system. 2) Replay attack: NS_No and T are used jointly to prevent the replay attack. When the AAA server receives an authenticate request, it will further deal with the message only if the time stamp T is in a reasonable range from now and the NS_No is the same with the one in the MR record, otherwise, the AAA server will discard the message. Under this condition, the attackers can only use the old NS_No s even if the time stamps are in the range. The attacker cannot calculate the new NS_No by itself, because the new NS_No is produced by AAA server randomly. Thus, the replay attack can be prevented. 3) Content integrity: the Hash value is used to protect the integrity of the content. Every message has a unique hash value through the Hash function. Two Hash values could be the same only when the two messages are exactly the same. So, when the communication node receives the message, it will calculate the Hash value of the content itself, and then compare the result with the Hash value in the message. If they are the same, it means the contents are correct, otherwise, the contents might be modified by attacker on the way. 4) MNN access control: the MNN-list and the PK/SKMR-mnn are used jointly to protect the secure access of the MNNs. AAAH generates the PK/SKMR-mnn pair, then it gives the SKMR-mnn to MR and gives the PKMR-mnn to every MNN which is qualified, registered and intented to access the corresponding MR. MR will only accept the MNNs which has the PKMR-mnn. Besides, the MNN-list in MR keeps synchronizing with the one in AAAH. When an MNN in the NEMO requests for the service in the Internet, the MR will check the MNN-list to see if the MNN is qualified in the list. 5) Privacy protect: according to the network secure requirement, the third party must not know the real information about the user and the service requested by the user to protect the privacy of the user [7]. The proposed scheme uses the VID to protect the privacy of the end users. In the network, only the AAAH knows the real information of the mobile user. When the mobile user roaming in foreign networks, it uses the virtual ID calculated by AAAH to communicate with the third party.

85

So the third party cannot get its identity and record its behavior. 3.2 Efficiency performance AAAF only need to check the identity of MRs instead of every MNN. It can reduce the authentication delay remarkably on behalf of the whole network. And the secure access of the MNNs is protected by the secret key from AAAH and the MNN-list synchronization scheme. The synchronization phase is independent from the handover of the MR, so it will minimize the impact on the delay of handover. Besides, the multicast of the MNN-list notification only includes the changed part of the MNNs instead of the whole MNN-list, which keeps the message in a small size and hence to use the bandwidth efficiently. The MR information cache we introduced in AAAF can prevent the big delay when AAAF is far away from AAAH [5,8]. Because when NEMO roams across the AAAFs, the new AAAF can authenticate the MR from the old AAAF, which is the nearest AAAF of it. And in the procedure of re-authentication, AAAF can authorize the MR by itself without the help of AAAH as long as the corresponding record is still in its cache, which can also decrease the authentication latency. To test the performance of our scheme, we compare the authentication delay with other similar proposals [5–6,8]. The experiment was tested on the OPNET simulation software. The comparison result is shown in Fig. 4. In the experiment, the test environment is a 5 km×5 km wireless scenario. The setting of parameters is shown in Table 3. Table 3

The setting of parameters in the simulation

Number of nodes AAA AR MR MNN 9

9

1

0-2

Transmitter and Receiver Simulation Min Data rate/ Band Power/ time/min width/ frequency/ (bit ⋅ s −1 ) W kHz MHz 1 024

10

30

100

50

There are 9 AAA servers, and every AAA server is accompanied with an AR. AAA_1 will be the home AAA server of the roaming NEMO. The tested NEMO, which includes an MR and some optional MNNs, will roam from AAA_1 to AAA_9 at the speed of 100 m/min, and stay at each AAA server for three minutes. The simulation time will last for 50 min.

86

The Journal of China Universities of Posts and Telecommunications

2012

synchronization mechanism, which are independent from the NEMO handover authentication. However, in other schemes, the authentication delay is just the sum of the delays of every mobile node.

4 Conclusions

(a) Authentication latency comparison with MR

This paper proposes a new AAA based authentication scheme. It is tailored for the NEMO network architecture. The scheme specifies how every step would be carried on including home registration, first authentication, re-authentication and MNN identity renewal. This scheme can protect the communication between NEMO and the Internet from malicious attackers, and it can control the secure access of the MNNs. Besides, it reduces the authentication time delay and improves the network efficiency greatly by using the MNN-list synchronization and the AAAF cache mechanism. The result has been proved by the comparison with other related studies via OPNET simulations. Acknowledgements

(b) Authentication latency comparison with MR and MNN Fig. 4 Authentication latency vs. number of hops

Fig. 4(a) shows the authentication delays of an MR when it moves from one AAAF to another. It can be seen that, as the number of hops between AAAH and AAAF increasing, the time delay in our scheme is smaller than that in the authorize ticket scheme [6] and fast handoff scheme [8]. The reason is that, in our scheme, the new AAAF will authenticate the MR from the last AAAF which is always one hop away. And the LMAN [5] scheme uses the local AAA authorization without any help of any other AAA servers, but the ticket computation in AAAF and MR will take some extra time, so the time delay of MR authentication in LMAM [5] is almost the same with ours. However, the other three schemes have not considered how can the MNNs be authenticated or securely access the NEMO. Because they do not have any special mechanism for MNN control, we can only suppose that the MNNs are authenticated in the same way as the MR. So we assume there are two MNNs in the NEMO, the comparison of the authentication delay of the whole NEMO is shown in Fig. 4(b). It can be seen that our scheme is the optimized one, because in our scheme, the MNNs do not need to be authenticated at the handover phase. They access the NEMO by secret key mechanism and the MNN-list-

This work was supported by the National Nature Science Foundation of China (60873190, 60973111, 61003279), the National Science and Technology Major Project (2009ZX03005-002-02, 2010ZX03007-003-04, 2010ZX03006-005-02).

References 1. Devarapalli V, Wakikawa R, Petrescu A, et al. Network mobility (NEMO) basic support protocol. RFC3963. 2005 2. Vollbrecht J, Calhoun P, Farrell S, et al. AAA authorization framework. RFC 2904. 2000 3. Aboba B, Blunk L, Vollbrecht J, et al. Extensible authentication protocol (EAP). RFC 3748. 2004 4. Phang S Y, Lee H J, Lim H. A secure deployment framework of NEMO (network mobility) with firewall traversal and AAA server. Proceeding of the 2007 International Conference on Convergence Information Technology (ICCIT’07), Nov 21−23, 2007, Gyeongju, Republic of Korea. New York, NY, USA: ACM, 2007: 352−357 5. Chuang M C, Lee J F. LMAM: a lightweight mutual authentication mechanism for network mobility in vehicular networks. Proceeding of the Asia-Pacific Services Computing Conference (APSCC’08), Dec 9−12, 2008, Yilan, China. Piscataway, NJ, USA: IEEE, 2008: 1611−1616 6. Moon J S, Lee S H, Lee I Y, et al. Authentication protocol using authorization ticket in mobile network service environment. Proceeding of 3rd International Conference on Human-Centric Computing (HomanCom’10), Aug 11−13, Cebu, Philippines. Piscataway, NJ, USA: IEEE, 2010: 6p 7. Moon J S, Lee I Y, Yim K B, et al. An authentication and authorization protocol using ticket in pervasive environment. Proceeding of the IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA’10), Apr 20−23, 2010, Perth, Australia. Piscataway, NJ, USA: IEEE, 2010: 822−826 8. Shi D, Tang C. A fast handoff scheme based on local authentication in mobile network. Proceedings of the 6th International Conference on ITS Telecommunications (ITST’06), Jun 21−23, 2006, Chengdu, China. Piscataway, NJ, USA: IEEE, 2006: 1025−1028

(Editor: WANG Xu-ying)