The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.08 - August (2011 vol.10)
pp: 1113-1130
Tuan-Che Chen , National Tsing Hua University, Hsinchu
Jyh-Cheng Chen , National Chiao Tung University, Hsinchu
Zong-Hua Liu , National Tsing Hua University, Hsinchu
ABSTRACT
The IETF NEtwork MObility (NEMO) working group has considered how to enable an entire network to move from one location to another. Mobile Virtual Private Network (VPN) has been developed to secure mobile user's communication between untrusted external networks and the protected private internal network. However, the IETF's mobile VPN does not address how to support NEMO. In addition, it is not suitable for real-time applications. In this paper, we propose architecture and protocols to support VPN in NEMO, which is called Secure NEMO (SeNEMO). The proposed SeNEMO, based on Session Initiation Protocol (SIP), is specifically designed for real-time applications over VPN. It allows an entire network to move and still maintains session continuity. In addition to analyzing the security vulnerabilities, we also propose analytical models to evaluate the performance of the proposed SeNEMO. The analysis is validated by extensive simulations. The results show that the proposed SeNEMO can reduce signaling cost significantly.
INDEX TERMS
Network mobility (NEMO), mobile virtual private network (VPN), security, session initiation protocol (SIP), performance analysis.
CITATION
Tuan-Che Chen, Jyh-Cheng Chen, Zong-Hua Liu, "Secure Network Mobility (SeNEMO) for Real-Time Applications", IEEE Transactions on Mobile Computing, vol.10, no. 8, pp. 1113-1130, August 2011, doi:10.1109/TMC.2010.219
REFERENCES
[1] V. Schena and G. Losquadro, "FIFTH Project Solutions Demonstrating New Satellite Broadband Communication System for High Speed Train," Proc. IEEE Vehicular Technology Conf., pp. 2831-2835, May 2004.
[2] "WirelessCabin Project," http:/www.wirelesscabin.com, 2011.
[3] V. Devarapalli, R. Wakikawa, A. Petrescu, and P. Thubert, "Network Mobility (NEMO) Basic Support Protocol," IETF RFC 3963, Jan. 2005.
[4] C.E. Perkins, "IP Mobility Support for IPv4," IETF RFC 3344, 2002.
[5] S. Vaarala and E. Klovning, "Mobile IPv4 Traversal Across IPsec-Based VPN Gateways," IETF RFC 5265, June 2008.
[6] S.-C. Huang, Z.-H. Liu, and J.-C. Chen, "SIP-Based Mobile VPN for Real-Time Applications," Proc. IEEE Wireless Comm. and Networking Conf. (WCNC '05), pp. 2318-2323, Mar. 2005.
[7] Z.-H. Liu, J.-C. Chen, and T.-C. Chen, "Design and Analysis of SIP-Based Mobile VPN for Real-Time Applications," IEEE Trans. Wireless Comm., vol. 8, no. 11, pp. 5650-5661, Nov. 2009.
[8] S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol," IETF RFC 2401, Nov. 1998.
[9] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, "SIP: Session Initiation Protocol," IETF RFC 3261, June 2002.
[10] D. Harkins and D. Carrel, "The Internet Key Exchange (IKE)," IETF RFC 2409, Nov. 1998.
[11] J.-C. Chen, Y.-W. Liu, and L.-W. Lin, "Mobile Virtual Private Networks with Dynamic MIP Home Agent Assignment," Wireless Comm. and Mobile Computing, vol. 6, no. 5, pp. 601-616, Aug. 2006.
[12] J.-C. Chen, J.-C. Liang, S.-T. Wang, S.-Y. Pan, Y.-S. Chen, and Y.-Y. Chen, "Fast Handoff in Mobile Virtual Private Networks," Proc. IEEE Int'l Symp. World of Wireless Mobile and Multimedia Networks (WoWMoM '06), pp. 548-552, June 2006.
[13] D. Collins, Carrier Grade Voice over IP, second ed. McGraw-Hill, Sept. 2002.
[14] H.-J. Lim, D.-Y. Lee, and T.-M. Chung, "Comparative Analysis of IPv6 VPN Transition in NEMO Environments," Proc. Int'l Conf. Computational Science and Its Applications, pp. 486-496, May 2006.
[15] T.K. Tan and A. Samsudin, "Efficient NEMO Security Management via CAP-KI," Proc. IEEE Int'l Conf. Telecomm. and Malaysia Int'l Conf. Comm. (ICT-MICC '07), pp. 140-144, May 2007.
[16] A. Dutta, F. Vakil, J.-C. Chen, M. Tauil, S. Baba, N. Nakajima, and H. Schulzrinne, "Application Layer Mobility Management Scheme for Wireless Internet," Proc. IEEE Int'l Conf. Third Generation Wireless and beyond (3G Wireless), pp. 379-385, May 2001.
[17] D. Vali, S. Paskalis, A. Kaloxylos, and L. Merakos, "An Efficient Micro-Mobility Solution for SIP Networks," Proc. IEEE GLOBECOM, pp. 3088-3092, Dec. 2003.
[18] S. Pack, X. Shen, J.W. Mark, and J. Pan, "Mobility Management in Mobile Hotspots with Heterogeneous Multihop Wireless Links," IEEE Comm. Magazine, vol. 45, no. 9, pp. 106-112, Sept. 2007.
[19] C.-M. Huang, C.-H. Lee, and J.-R. Zheng, "A Novel SIP-Based Route Optimization for Network Mobility," IEEE J. Selected Areas Comm., vol. 24, no. 9, pp. 1682-1690, Sept. 2006.
[20] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, "The Secure Real-Time Transport Protocol (SRTP)," IETF RFC 3711, Mar. 2004.
[21] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, "MIKEY: Multimedia Internet KEYing," IETF RFC 3830, Aug. 2004.
[22] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko, "Diameter Base Protocol," IETF RFC 3588, Sept. 2003.
[23] S.-T. Wang, "SIP-Based Mobile VPN over Network Mobility (NEMO)," master's thesis, Nat'l Tsing Hua Univ., June 2007.
[24] M. Garcia-Martin, M. Belinchon, M. Pallares-Lopez, C. Canales, and K. Tammi, "Diameter Session Initiation Protocol (SIP) Application," IETF RFC 4740, Nov. 2006.
[25] P. Srisuresh, J. Kuthan, J. Rosenberg, A. Molitor, and A. Rayhan, "Middlebox Communication Architecture and Framework," IETF RFC 3303, Aug. 2002.
[26] M. Handley and V. Jacobson, "SDP: Session Description Protocol," IETF RFC 2327, Apr. 1998.
[27] J.-C. Chen and T. Zhang, IP-Based Next-Generation Wireless Networks. John Wiley and Sons, Jan. 2004.
[28] H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications," IETF RFC 3550, July 2003.
[29] J. Bilien, E. Eliasson, J. Orrblad, and J.-O. Vatn, "Secure VoIP: Call Establishment and Media Protection," Proc. Second Workshop Securing Voice over IP, June 2005.
[30] D. Geneiatakis, T. Dagiuklas, G. Kambourakis, C. Lambrinoudakis, S. Gritzalis, S. Ehert, and D. Sisalem, "Survey of Security Vulnerabilities in Session Initiation Protocol," IEEE Comm. Surveys Tutorials., vol. 8, no. 3, pp. 68-81, Apr.-June 2006.
[31] D. Sisalem, J. Kuthan, and S. Ehlert, "Denial of Service Attacks Targeting a SIP VoIP Infrastructure: Attack Scenarios and Prevention Mechanisms," IEEE Networks, vol. 20, no. 5, pp. 26-31, 2006.
[32] S. Salsano, L. Veltri, and D. Papalilo, "SIP Security Issues: The SIP Authentication Procedure and its Processing Load," IEEE Networks, vol. 16, no. 6, pp. 38-44, Nov. 2002.
[33] D. Geneiatakis, G. Kambourakis, C. Lambrinoudakis, T. Dagiuklas, and S. Gritzalis, "A Framework for Protecting a SIP-Based Infrastructure against Malformed Message Attacks," Computer Networks, vol. 51, no. 10, pp. 2580-2593, July 2007.
[34] D. Geneiatakis and C. Lambrinoudakis, "An Ontology Description for SIP Security Flaws," Computer Comm., vol. 30, no. 6, pp. 1367-1374, Mar. 2007.
[35] E. Rescorla, SSL and TLS: Designing and Building Secure Systems. Addison Wesley, 2001.
[36] T. Taleb, H. Nishiyama, N. Kato, and Y. Nemoto, "Securing Hybrid Wired/Mobile IP Networks from TCP-Flooding Based Denial-of-Service Attacks," Proc. IEEE GLOBECOM, pp. 2907-2911, Dec. 2005.
[37] D. Geneiatakis, G. Kambourakis, and T. Dagiuklas, "A Framework for Detecting Malformed Messages in SIP Networks," Proc. 14th IEEE Workshop Local and Metropolitan Area Networks, Sept. 2005.
[38] J. Xie and I.F. Akyildiz, "A Novel Distributed Dynamic Location Management Scheme for Minimizing Signaling Costs in Mobile IP," IEEE Trans. Mobile Computing, vol. 1, no. 3, pp. 163-175, July-Sep. 2002.
[39] W. Ma and Y. Fang, "Dynamic Hierarchical Mobility Management Strategy for Mobile IP Networks," IEEE J. Selected Areas Comm., vol. 22, no. 4, pp. 664-676, May 2004.
[40] R. Rummler, Y.W. Chung, and A.H. Aghvami, "Modeling and Analysis of an Efficient Multicast Mechanism for UMTS," IEEE Trans. Vehicular Technology, vol. 54, no. 1, pp. 350-365, Jan. 2005.
[41] S. Fu, M. Atiquzzaman, L. Ma, and Y.-J. Lee, "Signaling Cost and Performance of SIGMA: A Seamless Handover Scheme for Data Networks," Wireless Communications and Mobile Computing, vol. 5, no. 7, pp. 825-845, Nov. 2005.
[42] Y.-B. Lin, "Reducing Location Update Cost," IEEE/ACM Trans. Networks, vol. 5, no. 1, pp. 25-33, Feb. 1997.
[43] D. Gross and C.M. Harris, Fundmentals of Queueing Theory. John Wiley and Sons, 1998.
[44] P. Calhoun, T. Johansson, C. Perkins, T. Hiller, and P. McCann, "Diameter Mobile IPv4 Application," RFC 4004, Aug. 2005.
[45] "The Network Simulator - ns-2," http://www.isi.edu/nsnamns, 2011.
[46] M.M. Zonoozi and P. Dassanayake, "User Mobility Modeling and Characterization of Mobility Patterns," IEEE J. Selected Areas Comm., vol. 15, no. 7, pp. 1239-1252, Sept. 1997.
[47] Y. Fang and I. Chlamtac, "Teletraffic Analysis and Mobility Modeling of PCS Networks," IEEE Trans. Comm., vol. 47, no. 7, pp. 1062-1072, July 1999.
21 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool