IP Security for Mobile Nodes and their Home Agents
The culture of the original Internet was one of trust. –Leonard Kleinrock
In this chapter, we discuss how a mobile node and its home agent establish and maintain an IPsec security association. There are two key security problems in mobile node and HA interaction. First, a mobile node must be able to establish a security association with its home agent. The second problem concerns how IPsec itself is used to secure various types of traffic between the two nodes. The first problem is addressed by manual or dynamic keying. The second problem is addressed by means of specifying how to construct packets using both IPsec and Mobile IP. We address each of these separately.
As we explained earlier, the Mobile IP working group was chartered to specify the details of both key establishment and securing the messages used for effecting Binding Cache management. In the previous chapter, we discussed the Return Routability protocol for establishing the security association between a mobile node and an arbitrary correspondent node on the Internet for route-optimized communication. It turns out that IPsec can be assumed for the purpose of both key exchange and securing the binding updates from a mobile node to its home agent. This is primarily facilitated by the presumed trust model; it is anticipated that any Mobile IP ...