Mobile IP Security
The previous chapters characterized Mobile IP as a routing protocol, and when it comes to
security, Mobile IP is no different. Just like other routing protocols, the security features in
Mobile IP are designed to authenticate routing peers and ensure the integrity of routing
update messages. As such, all the security methods in Mobile IP are designed to protect
only the control plane traffic, namely, the Registration Request (RRQ) and Registration
Reply (RRP).
In this chapter, we explore the two mechanisms that are used in Mobile IP to provide secure
communication among the different Mobile IP entities: authentication extensions and
replay protection. This chapter delves into the various components of the authentication
extension and illustrates precisely how messages are secured. You see why some
authentication extensions between certain Mobile IP entities (the Home Agent and Mobile
Node) are mandatory while some are not. You also see why replay protection is needed in
Mobile IP and how it is achieved with timestamps or nonces.
The most challenging trust relationship in Mobile IP is between the Mobile Node and
Foreign Agent (FA), simply because the Mobile Node cannot have a security relationship
with every FA to which it can roam. In this chapter, we look into clever mechanisms that
afford security between a FA and its visiting Mobile Nodes without requiring
preconfiguration of the Mobile IP entities.
The first part of the chapter assumes a static security relationship that is used in the
authentication extensions. Later in the chapter, we investigate different approaches to
dynamically administering a security association between Mobile IP entities. Specifically,
we look into ways to change the security association dynamically, or even to set up a
security association between Mobile IP entities when one does not already exist.
Mobile IP secures control traffic and does not interact with data traffic per se. However, Mobile
IP can easily be combined with existing protocols designed to secure data traffic, for
example, IP Security (IPSec). More detailed discussions of the integration of Mobile IP
with IPSec are covered in Chapter 7, “Metro Mobility: Cisco Mobile Networks,” and
Chapter 8, “Deployment Scalability and Management.

Get Mobile IP Technology and Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.