In the last few years, large advances in compute power and digital signal processing technology have made it possible for cellular WAN and ethernet-like radio LAN systems to appear and be deployed on networks. As always, the number of computer compute cycles seems to be increasing exponentially as the price of components goes down. This makes network security based on the authentication and encryption of every packet with algorithms such as Message Disgest 5 (MD5) and Data Encryption System with Cipher-Block Chaining Mode (DES-CBC) computationally feasible. Recent mobile radio research at the physical layer has focused on improving the performance and speed of radio hardware, and on making network layer mobility a possibility. There is much room for experimentation and research here as very little is known about the impact of day to day use of widespread radio LAN technology on all network layers and applications.
Recent research efforts have either focused on Mobile-IP or more rarely on network security, but as far as we know no one has attempted to combine the two in the agressive manner that we propose. Furthermore research in Mobile-IP and secure networking is in its infancy. Very few systems have been built, deployed and tested under real working conditions. IETF's Mobile-IP group is in the process of formalizing an SDNS was defined by the NSA and NIST as part of the Secure Data Network System. It was presumed to be part of the OSI suite and used variable length records in keeping with OSI design tenets. A possible failing is that it did not appear to support fragmentation. John Ioannidis and Matt Blaze have designed a secure IP-layer system called IPv4 Authentication Header .) Current work is far from completion but at this time it seems to mirror SwIPe. The IETF work is being done in conjunction with the IP next generation network layer protocols. We would use as much of IPSEC's work as possible in our system. Of course, they are not dealing with mobile and security layer integration, issues of robustness in mobile systems, or distributed access protocols.
Notable research in Mobile-IP has occurred in the past few years at IBM Watson . Two very different approaches were taken. IBM decided to use a topology in some ways similar to topologies proposed for mobile cellular data networks like GSM or CDPD. Mobile systems have ``home'' and ``away'' servers, where the home server is responsible for routing packets to the Mobile system's current location. The Columbia scheme was intended more for intra-domain (local enterprise) routing systems and was deemed not scalable enough by the IETF in terms of network addressing. Eventually the IETF's Mobile-IP working group decided to follow a modified form of IBM's model. However IBM's original notion of using source routing was rejected due to well-founded security concerns regarding source routing and also due to defects in the handling of source routing by Internet routers. This scheme was replaced with the current notion of Home Agent to Foreign Agent tunnels. The current Mobile-IP draft is in its ninth revision. There is hope that it is nearing the beginning of the RFC standardization process. Although there has been some effort at integrating security (following IPSEC and IP next generation work), it has been limited to the registration protocols intended for authentication between the Home Agent, Foreign Agent, and Mobile Node systems. We are not aware of any formal analysis techniques having been brought to bear on those protocols and propose to formally analyze the registration protocols and make sure they function securely with both one-way and two-way tunnels.
Recently protocols for cellular data traffic on the cellular phone systems have been developed and are beginning to be deployed. Examples Groupe Special Mobile (GSM) . Of course such systems are connection oriented and do not support broadcast in a general sense. They are also low speed (less than 20k baud). Still they are mobile systems and support both security in the form of authentication, key exchange, and encryption of user data. From the Internet point of view, they suffer from a terrible defect in that all such technologies are encapsulated at the link layer; i.e., their security mechanisms will not carry over from a remote cell system to an arbitrary destination host on the Internet. Furthermore their security mechanisms rely on the use of unpublished algorithms. We do not believe that security through obscurity compares to the open formal analysis techniques that we intend to use.
In addition to integration of Mobile-IP and network layer security, we intend to research two-way tunnels so that remote systems can hide their locations and make all exchanges with other remote "enclave" members secure. We also intend to create a rich network layer architecture that will allow for the easy implementation and distribution of access policy changes. In addition, we will make the Mobile-IP environment as robust as possible, in order to maximize the possibilities of communcation and prevent mobile network partition. One possible disadvantage in our work is that due to the current lack of direction in the Internet on key infrastructure, we intend to assume manual key distribution. However as optional work, we would like to investigate incorporating whatever key exchange protocols may have appeared in the latter stages of the project, possibly including key agile work done at MCNC. We would also investigate key exchange in an ad hoc environment.
back to Proposal Outline
Email to Jim Binkley:
jrb@cs.pdx.edu