The Portland State University
Secure Mobile Networking Project

Before our project very little work had been done to integrate security and network-layer mobility into real systems that tackle the issues of secure enclaves. The work that we have undertaken results in the development of a high performance Secure Mobile Network and insights into its use as part of the National Information Infrastructure. Our goals have included tight integration of Mobile-IP and IPSEC so that (almost ...) all packets originating from a Mobile-IP wireless node can be protected under an IPSEC umbrella, be the Mobile Node at home, or away. We have also investigated other security, redundancy and wireless network reliability issues, with the overall goal of developing a system with multiple security defense and redundancy mechanisms. This has included several generations of ad hoc routing protocols, redundant Home Agents, old Wavelan (non-IEEE) drivers, wireless signal strength caching in new Linux and BSD drivers and other ideas and technologies. See below for more information.

This project, originally funded by DARPA, has been underway since July 1995. At this point in time, work continues under the direction of Jim Binkley and Suresh Singh . Please see Suresh Singh's software download page for recent work from Suresh including ATCP, SACK, and FACK FreeBSD ports.

The PSU CS department has a new security effort with a group of cooperating faculty. Please see PSU Center for Information Assurance (PSUCIA) for the new page on our information assurance center.

Current Secure Mobile Network work includes: improving the adapatibility of our Mobile-IP implementation on ipaq/linux, and FreeBSD. and further investigation of how to integrate KAME BSD IPSEC and PSU Mobile-IP.

DARPA Project Documentation

PSU project code distributions

We have made several distributions of our Mobile-IP system for various FreeBSD versions and a partial distribution for Linux. We also have released some wireless-oriented applications including urld and wscan.

urld - a wireless application for broadcast of web pages

urld is a program that runs on WIN32, linux, and freebsd. It is intended for the distribution of web pages in a broadcast domain or "cell". You can download an archive for it that includes src and binaries, plus installation information. See ABOUT.txt for an overview of the application.

wscan - wireless signal strength scanner

wscan is a X-11/visual 802.11 wireless signal-strength display tool. You can download a tar archive for it that allows you to build it on Linux or FreeBSD. We also have an ipkg/package for linux/ipaqs running familiar.

Mobile-IP releases

As of Dec. 2003, We have made a new release for FreeBSD 4.9 , and other recent versions. 4.9 supports NAT to some extent, and 5.2 does not support NAT. features in the 4.9 release include the following:

1. combined Mobile-IP/NAT/DHCP. The Mobile-IP Mobile Node daemon is able to work behind a NAT box and yet maintain a Mobile-IP fixed IP address accessable from the Internet. This is an experimental version (for NAT), and will have to be redone for FreeBSD 5.X.

2. Integration of PSU Mobile-IP with KAME IPSEC. A Mobile-Node can have a 2-way ESP tunnel between itself and its partner Home Agent.

3. Integrated use of DHCP by the mobile node daemon. A Mobile Node can act as its own foreign agent. mnd acts directly as a dhcp client.

The release includes binaries for Mobile-IP daemons, source for Mobile-IPv4, source for the altered FreeBSD kernel, and patches for porting/updating the next FreeBSD kernel, as well as configuration examples, including IPSEC examples. Note that the release does not require IPSEC, but it can be used as a feature, or as a replacement for the flawed 802.11 WEP protocol.

The Linux partial release(includes mnd only) is also available and documentation is found therein. We have been successful recently with the IEEE wavelan cards and have linux working with redhat 6.0, 6.1, 6.2, 7.0, with both old and new IEEE/wavelan cards and various drivers. We are working on an arm processor version for the Compaq IPAQ handheld running linux (not released). The linux version of mnd does not have as many features as the FreeBSD version. Recently, we have added an experimental capability that allows mnd to use DHCP when there are no agents available on a local link.
(old) Our 2.2.8 FreeBSD release (summer98) extends the combined IPSEC/Mobile-IP system from summer of 1997. It extends the functionality to include the two protocols HARP, MADRP, and also a DHCP/IPSEC mechanism that allows a Mobile Node to securely operate across an IP-spoofing firewall. ISA and PCMCIA WaveLAN(TM) (pre-IEEE) drivers are also at the same ftp site.

For the 2.2.8 release, the entire Mobile-IP system is divided into two parts. The bulk of the system is available at our ftp site at PSU. The export-controlled cryptographic portion is available from a controlled MIT site. Both parts must be downloaded to make the whole release (although the Mobile-IP portions can be built without using the cryptographic additions). For the MIT portion, you must first click on the link named "this form" and then answer the questions to get at the code.

Overview information (included in the release) can be obtained separately; you can read a short description at BLURB or longer versions in two READMEs at README and README.summer98

The summer 98 release is accessible via the following two URLs:

Project Papers

A Miscellany of Security Links

Wireless and Mobile Links

For further information, contact:
Jim Binkley