The Portland State University
Secure Mobile Networking Project
Before our project very little work had been done to
integrate security and network-layer
mobility into real systems that tackle the issues of secure enclaves.
The work that we have undertaken results in the development of a
high performance Secure Mobile Network and insights into its use as
part of the National Information Infrastructure.
Our goals have included tight integration of Mobile-IP and IPSEC so that
(almost ...) all packets originating from a Mobile-IP wireless node
can be protected under an IPSEC umbrella, be the Mobile Node at home,
or away. We have also investigated other security, redundancy and wireless
network reliability issues, with the overall goal of developing a system
with multiple security defense and redundancy mechanisms. This has
included several generations of ad hoc routing protocols,
redundant Home Agents, old Wavelan (non-IEEE) drivers, wireless signal
strength caching in new Linux and BSD drivers and other ideas and
technologies. See below for more information.
This project, originally funded by DARPA, has been underway since
July 1995. At this point in time, work continues under the direction
of Jim Binkley and
Suresh Singh .
Suresh Singh's software download page
for recent work from Suresh including ATCP, SACK, and FACK FreeBSD ports.
The PSU CS department has a new security effort with a group
of cooperating faculty. Please see
PSU Center for Information
for the new page on our information assurance center.
Current Secure Mobile Network work includes: improving the adapatibility
of our Mobile-IP implementation on ipaq/linux, and FreeBSD.
and further investigation of how to integrate KAME BSD IPSEC and PSU Mobile-IP.
DARPA Project Documentation
PSU project code distributions
We have made several distributions of our Mobile-IP system
for various FreeBSD versions
and a partial distribution for Linux. We also have released some
wireless-oriented applications including urld and wscan.
urld - a wireless application for broadcast of web pages
urld is a program that runs on WIN32, linux, and freebsd.
It is intended for the distribution of web pages in a broadcast
domain or "cell". You can download an archive for it that includes
src and binaries, plus installation information. See ABOUT.txt
for an overview of the application.
wscan - wireless signal strength scanner
wscan is a X-11/visual 802.11 wireless signal-strength display tool.
You can download a tar archive for it that allows you to build
it on Linux or FreeBSD. We also have an ipkg/package for linux/ipaqs
As of Dec. 2003, We have made a new release for FreeBSD 4.9 , and other recent versions.
4.9 supports NAT to some extent, and 5.2 does not support NAT.
features in the 4.9 release include the following:
1. combined Mobile-IP/NAT/DHCP. The Mobile-IP Mobile Node daemon is able
to work behind a NAT box and yet maintain a Mobile-IP fixed IP address
accessable from the Internet. This is an experimental version (for NAT),
and will have to be redone for FreeBSD 5.X.
2. Integration of PSU Mobile-IP with KAME IPSEC. A Mobile-Node
can have a 2-way ESP tunnel between itself and its partner Home Agent.
3. Integrated use of DHCP by the mobile node daemon. A Mobile Node can act
as its own foreign agent. mnd acts directly as a dhcp client.
The release includes binaries for Mobile-IP daemons, source for
Mobile-IPv4, source for the altered FreeBSD kernel, and patches for
porting/updating the next FreeBSD kernel, as well as configuration
examples, including IPSEC examples. Note that the release does not
require IPSEC, but it can be used as a feature, or as a replacement for
the flawed 802.11 WEP protocol.
The Linux partial release(includes mnd only) is also available and
documentation is found therein. We have been successful recently with
the IEEE wavelan cards and have linux working with redhat 6.0, 6.1, 6.2, 7.0,
with both old and new IEEE/wavelan cards and various drivers.
We are working on an arm processor version for the Compaq IPAQ handheld
running linux (not released). The linux version of mnd does not have as many
features as the FreeBSD version. Recently, we have added an experimental
capability that allows mnd to use DHCP when there are no agents
available on a local link.
(old) Our 2.2.8 FreeBSD release (summer98) extends the combined IPSEC/Mobile-IP system from summer of 1997. It extends the functionality to include the two protocols HARP, MADRP, and also a DHCP/IPSEC mechanism that allows a Mobile Node to securely operate across an IP-spoofing firewall. ISA and PCMCIA WaveLAN(TM) (pre-IEEE) drivers
are also at the same ftp site.
For the 2.2.8 release, the entire Mobile-IP system is divided into two
parts. The bulk of the system is available at our ftp site at PSU.
The export-controlled cryptographic
portion is available from a controlled MIT site.
Both parts must be downloaded to make the whole release
(although the Mobile-IP portions can be built without using
the cryptographic additions).
For the MIT portion, you must first click on the link named
"this form" and then answer the questions to get at the code.
Overview information (included in the release) can be obtained
separately; you can read a short description at
BLURB or longer versions in two READMEs at
The summer 98 release is accessible via the following two URLs:
"An Integrated IPSEC and Mobile-IP for FreeBSD" ,
Jim Binkley, Portland State University, PSU Technical Report 01-10,
"Authenticated Ad Hoc Routing at the Link Layer for Mobile Systems,"
Jim Binkley and William Trost, Wireless Networks 7, 139-145, 2001.
Kluwer Academic Publishers.
The following is an Internet Draft (draft-chambless-mobileip-harp-00.txt)
that describes an experimental protocol aimed at providing Home Agent
redundancy for Mobile-IP:
"HARP - Home Agent Redundancy Protocol",
Bjorn Chambless, Portland State University and
Jim Binkley, Oregon Graduate Institute, October 1997.
"Security Considerations for Mobility and Firewalls",
Jim Binkley, Portland State University and John Richardson, Intel.
"Dynamic Network Support for Mobile Computers,"
Jim Binkley, and
Proceedings of the Third ACM/IEEE International Conference
on Mobile Computing and Networking (MobiCom '97), Budapest, Hungary,
September 26-30, 1997.
A Miscellany of Security Links
Wireless and Mobile Links
For further information, contact:
- Jim Binkley