AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility
by Mahsa Nakhjiri, Madjid Nakhjiri
8.2. Mobile IPv4 Extensions for Interaction with AAA
Now that we have shown the highlights of the Mobile IP-AAA interaction, we can go into more detail on the extensions that are being added to the Mobile IPv4 registration messages to support the process.
When discussing Mobile IPv4 registration in Chapter 5, we described the three Mobile IPv4 authentication extensions as specified by RFC 3344 [MIP3344]:
Mobile-Home Authentication extension
Mobile-Foreign Authentication extension
Foreign-Home Authentication extension.
We also explained the Mobile-IP agent advertisement challenge extension and Mobile-Foreign challenge extension that are exchanged between the FA and the MN to provide replay protection for the foreign network during registration request. As we mentioned, these challenge extensions are described by RFC 3012 [MIPCHAL3012] that is currently being revised into a new RFC [3012bis].
The RFC 3012 also provided an interesting extension called generalized Mobile IP Authentication extension, for use of a third party verification infrastructure (that we guess is a general term for AAA infrastructure!) to help the FAs and HA to verify the mobile node's credentials. When the verification infrastructure is a AAA infrastructure, this extension is further specified as the MN-AAA Authentication extension. Adding the MN-AAA authentication extension to the registration request is a powerful concept, since it provides a way of creating all the trust relationships needed for secure operation ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access