AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

Chapter 8. AAA and Security for Mobile IP

In Chapter 5 we described Mobile IP as one of the most prominent methods for providing mobility for IP network users. We also explained some of the security measures provided for Mobile IP control signaling, such as authentication of Mobile IP transactions between the mobile node and Mobile IP agents and between Mobile IP agents themselves. We described how authentication extensions can be calculated and added to the registration messages to provide integrity protection (authentication) for these messages. However, as mentioned there, calculation of those authentication extensions requires pre-established trust relationships (e.g. security associations including shared secrets) between the mobile node and Mobile IP agents. Unfortunately, Mobile IP base specification [MIP3344] does not provide any details on how these SAs are established. The implication is that, using the base specification alone, if by time of Mobile IP registration the mobile node has not yet established any security associations with its HA or the current FA, it cannot calculate any of those authentication extensions. In this chapter we focus on solving the problem of establishing the security associations required for Mobile IP signaling.

From an administrative point of view, when dealing with large networks serving many roaming mobile nodes, it is not scalable to manually configure security associations between a mobile node and all foreign agents or even between ...