FPKIN: Firewall Public Key Infrastructure for NEMO


  • amer Sami Hasan
  • Zaid Hashim Jaber






Network mobility, Route optimization, Public key Infrastructure, firewall, Network performance


Network mobility (NEMO) is an important requirement for internet networks to reach the goal of ubiquitous connectivity. With NEMO basic support protocols, correspondent entities suffer from a number of limitations and problems that prevent route-optimization procedures to be established between the correspondent nodes and mobile network nodes associated with NEMO. The goal is to alleviate the signaling load and execute the route-optimization steps on behalf of the correspondent entities that are not sophisticated enough to support route optimization. This paper introduces a new architecture that uses firewall as a new entity with new mobility filtering rules and acts as root certificate server supporting PKI infrastructure. The PKI-firewall executes the route-optimization procedure on behalf of these correspondent entities depends on CA distributed to its mobile end nodes. User entities is reachable via optimized path approved by mobile node or user CA As a result of completing the above procedure, performance degradation will be reduced, especially when signaling storm occurs; applying these modifications will increase the security, availability and scalability of NEMO optimization and enable wider NEMO deployment. An analytical model is used to validate the new proposed framework and understand the behavior of this framework under different network scenarios.



lang=X-NONE style='font-size:8.0pt;color:windowtext'>

field-begin'> ADDIN EN.REFLIST

style='mso-element:field-separator'>[1] L. Dang, W. Kou, N. Dang, H. Li, B. Zhao, and K. Fan, "Mobile IP registration in certificateless public key infrastructure," IET Information Security, vol. 1, no. 4, pp. 167-173, 2007.

[2] C. Perkins, "RFC 3344: IP mobility support for IPv4, IETF, http://tools.ietf.org/pdf/rfc3344.pdf.," 2002.

[3] D. Johnson, C. Perkins, and J. Arkko, "RFC 3775: Mobility support in IPv6," IETF, http://tools.ietf.org/pdf/rfc3775.pdf., 2004.

[4] V. Devarapalli, R. Wakikawa, A. Petrescu, and P. Thubert, "RFC 3963: Network Mobility (NEMO) Basic Support Protocol. IETF, http://tools.ietf.org/pdf/rfc3963.pdf.," ed: IETF, http://tools.ietf.org/pdf/rfc3963.pdf., 2005.

[5] S. S. Hasan and R. Hassan, "IPv6 Network Mobility Route Optimization Survey," American Journal of Applied Sciences,, vol. (8), pp. 579-583, 2011.

[6] P. Nikkander, J. Arkko, T. Aura, G. Montenegro, and E. Nordmark, "RFC 4225: Mobile IP version 6 route optimization security design background," IETF, http://tools.ietf.org/pdf/rfc4225.pdf., 2005.

[7] S. S. HASAN, R. HASSAN, and F. E. ABDALLA, "A NEW BINDING CACHE MANAGEMENT POLICY FOR NEMO AND MIPV6," Journal of Theoretical and Applied Information Technology, vol. 36, no. 1, 2012.

[8] S. Krishnan, Y. Qiu, N. Steinleitner, and G. Bajko, "Guidelines for firewall administrators regarding MIPv6 traffic," IETF, Internet-Draft., March 14 2011

[9] C. J. Bernardos, I. Soto, M. Calderón, F. Boavida, and A. Azcorra, "Varon: Vehicular ad hoc route optimisation for nemo," Computer Communications, vol. 30, no. 8, pp. 1765-1784, 2007.

[10] S. M. Bellovin and W. R. Cheswick, "Network firewalls," Communications Magazine, IEEE, vol. 32, no. 9, pp. 50-57, 1994.

[11] I. Nikolaidis, "Network security essentials: applications ond standards [Books]," Network, IEEE, vol. 14, no. 2, pp. 6-6, 2000.

[12] P. J. Li and C. S. Zhi, "A Mobile IPv6 firewall traversal scheme integrating with AAA," in IEEE, WiCOM, 2006, pp. 1-6: IEEE.

[13] F. Le, S. Faccin, B. Patil, and H. Tschofenig, "RFC 4487: Mobile IPv6 and Firewalls: Problem Statement," IETF, http://tools.ietf.org/pdf/rfc4487.pdf.2006.

[14] X. Cui, A. Makela, and P. McCann, "Proxy Correspondent Node Operation for Mobile IPv6 Route Optimization, draft-cui-mext-route-optimization-cn-proxy-00(work in progress)." IETF, http://tools.ietf.org/html/draft-cui-mext-route-optimization-cn-proxy-00., 2011.

[15] M. Watari, T. Ernst, R. Wakikawa, and J. Murai, "Routing optimization for nested mobile networks," IEICE transactions on communications, vol. 89, no. 10, pp. 2786-2793, 2006.

[16] J. K. Kim, K. Park, and M. Kim, "On multicast routing based on route optimization in network mobility," Computational Science and Its Applications–ICCSA 2007, pp. 834-843, 2007.

[17] R. Kong, J. Feng, and H. Zhou, "Route Optimization for Network Mobility Based Aeronautical Network Using Correspondent Router," International Journal, 2011.

[18] P. Thubert, M. Molteni, C. Ng, H. Ohnishi, and E. Paik, "Taxonomy of Route Optimization models in the NEMO Context," work in progress). Internet Draft (draft-thubert-nemo-ro-taxonomy-02), Internet Engineering Task Force, 2004.

[19] P. Richard, A. Csinger, B. Knipe, and B. Woodward, "Method of and apparatus for providing secure distributed directory services and public key infrastructure," ed: Google Patents, 1999.

[20] J. McNair, I. F. Akyildiz, and M. D. Bender, "Handoffs for real-time traffic in mobile IP version 6 networks," 2001, vol. 6, pp. 3463-3467 vol. 6: IEEE.


[22] S. S. Hasan and R. Hassan, "Enhancement of Return Routability Mechanism for Optimizedâ€NEMO Using Correspondent Firewall," ETRI Journal, vol. 35, no. 1, pp. 41-50, 2013.

[23] K. Wang and J. Huey, "A cost effective distributed location management strategy for wireless networks," Wireless Networks, vol. 5, no. 4, pp. 287-297, 1999.

[24] J. McNair, I. F. Akyildiz, and M. D. Bender, "An inter-system handoff technique for the IMT-2000 system," 2000, vol. 1, pp. 208-216 vol. 1: IEEE.

[25] J. Xie and I. F. Akyildiz, "A novel distributed dynamic location management scheme for minimizing signaling costs in Mobile IP," Mobile Computing, IEEE Transactions on, vol. 1, no. 3, pp. 163-175, 2002.

[26] C. Makaya and S. Pierre, "An analytical framework for performance evaluation of IPv6-based mobility management protocols," Wireless Communications, IEEE Transactions on, vol. 7, no. 3, pp. 972-983, 2008.

[27] C. Makaya and S. Pierre, "An architecture for seamless mobility support in IP-based next-generation wireless networks," Vehicular Technology, IEEE Transactions on, vol. 57, no. 2, pp. 1209-1225, 2008.

[28] W. K. Lai and J. C. Chiu, "Improving handoff performance in wireless overlay networks by switching between two-layer IPv6 and one-layer IPv6 addressing," Selected Areas in Communications, IEEE Journal on, vol. 23, no. 11, pp. 2129-2137, 2005.



View Full Article: