The doctoral dissertations of the former Helsinki University of Technology (TKK) and Aalto University Schools of Technology (CHEM, ELEC, ENG, SCI) published in electronic format are available in the electronic publications archive of Aalto University - Aaltodoc.
Aalto

Secure Mobility at Multiple Granularity Levels over Heterogeneous Datacom Networks

Jukka Ylitalo

Dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Faculty of Information and Natural Sciences for public examination and debate in Auditorium T2 at Helsinki University of Technology (Espoo, Finland) on the 14th of November, 2008, at 12 noon.

Overview in PDF format (ISBN 978-951-22-9531-9)   [4411 KB]
Dissertation is also available in print (ISBN 978-951-22-9530-2)

Abstract

The goal of this thesis is to define a set of changes to the TCP/IP stack that allow connections between legacy applications to be sustained in a contemporary heterogeneous datacom environment embodying multiple granularities of mobility. In particular, the thesis presents a number of solutions for flow mobility, local mobility, network mobility, and address family agility that is mobility between different IP versions. The presented mobility solutions are based on the so-called identifier-locator split approach. Due to the split, the mobile and multi-homed hosts that employ the presented solution are able to simultaneously communicate via multiple access networks, even supporting different IP versions and link layer technologies.

In addition to the mobility solutions, the thesis also defines a set of weak and strong security mechanisms. They are used to protect the mobility protocols from redirection, Denial-of-Service (DoS), and privacy related attacks. The defined security mechanisms are tightly bound to the presented mobility architecture, providing alternative ways to optimize mobility management signalling. The focus is on minimizing end-to-end signalling latency, optimizing the amount of signalling and optimizing packet forwarding paths. In addition, the architecture provides identity and location privacy for hosts.

The presented work defines one specific kind of engineering balance between the security, privacy, and efficient mobility signalling requirements. This thesis indicates that the added security, indirection, backwards compatibility, and inter-operable mobility solutions can overcome several of the current TCP/IP restrictions. The presented mobility architecture also provides a migration path from the existing Internet architecture to a new cryptographic-identifier-based architecture.

This thesis consists of an overview and of the following 9 publications:

  1. Jukka Ylitalo, Tony Jokikyyny, Tero Kauppinen, Antti J. Tuominen, and Jaakko Laine. 2003. Dynamic network interface selection in multihomed mobile hosts. In: Ralph H. Jr. Sprague (editor). Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS-36). Big Island, Hawaii, USA. 6-9 January 2003. IEEE Computer Society. Published on cd-rom, abstracts p. 315. ISBN 0-7695-1874-5. © 2003 IEEE. By permission.
  2. Jukka Ylitalo, Petri Jokela, Jorma Wall, and Pekka Nikander. 2002. End-point identifiers in secure multi-homed mobility. In: Alain Bui and Hacène Fouchal (editors). Proceedings of the 6th International Conference on Principles of Distributed Systems (OPODIS 2002). Reims, France. 11-13 December 2002. Suger, Saint-Denis, rue Catulienne, France. Université de Reims Champagne-Ardenne. Studia Informatica Universalis, volume 3, pages 17-28. ISBN 2-912590-26-4. © 2002 by authors.
  3. Pekka Nikander, Jukka Ylitalo, and Jorma Wall. 2003. Integrating security, mobility, and multi-homing in a HIP way. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS 2003). San Diego, CA, USA. 6-7 February 2003. Internet Society, pages 87-99. ISBN 1-891562-16-9. © 2003 The Internet Society. By permission.
  4. Jukka Ylitalo, Jan Melén, Pekka Nikander, and Vesa Torvinen. 2004. Re-thinking security in IP based micro-mobility. In: Kan Zhang and Yuliang Zheng (editors). Proceedings of the 7th International Conference on Information Security (ISC 2004). Palo Alto, CA, USA. 27-29 September 2004. Springer. Lecture Notes in Computer Science, volume 3225, pages 318-329. ISSN 0302-9743. ISBN 3-540-23208-7. © 2004 by authors and © 2004 Springer Science+Business Media. By permission.
  5. Vesa Torvinen and Jukka Ylitalo. 2004. Weak context establishment procedure for mobility and multi-homing management. In: David Chadwick and Bart Preneel (editors). Proceedings of the Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004). Windermere, UK. 15-18 September 2004. Springer, pages 111-123. ISBN 0-387-24485-9.
  6. Jukka Ylitalo and Pekka Nikander. 2004. BLIND: A complete identity protection framework for end-points. In: Bruce Christianson, Bruno Crispo, James A. Malcolm, and Michael Roe (editors). Proceedings of the 12th International Workshop on Security Protocols. Cambridge, UK. 26-28 April 2004. Springer. Lecture Notes in Computer Science, volume 3957, pages 163-176. ISSN 0302-9743. ISBN 3-540-40925-4. © 2004 by authors and © 2004 Springer Science+Business Media. By permission.
  7. Jukka Ylitalo, Patrik Salmela, and Hannes Tschofenig. 2005. SPINAT: Integrating IPsec into overlay routing. In: JD Cantarella (editor). Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005). Athens, Greece. 5-9 September 2005. IEEE Computer Society, pages 315-326. ISBN 0-7695-2369-2. © 2005 IEEE. By permission.
  8. Jukka Ylitalo and Pekka Nikander. 2004. A new name space for end-points: Implementing secure mobility and multi-homing across the two versions of IP. In: Olga Casals, Jorge Garcia-Vidal, Jose M. Barcelo, and Llorenç Cerdà (editors). Proceedings of the Fifth European Wireless Conference: Mobile and Wireless Systems beyond 3G. Barcelona, Spain. 24-27 February 2004. SCI UPC, pages 435-441. ISBN 84-7653-846-4. © 2004 by authors.
  9. Jukka Ylitalo, Jan Melén, Patrik Salmela, and Henrik Petander. 2008. An experimental evaluation of a HIP based network mobility scheme. In: Jarmo Harju, Geert Heijenk, Peter Langendörfer, and Vasilios A. Siris (editors). Proceedings of the 6th International Conference on Wired/Wireless Internet Communications (WWIC 2008). Tampere, Finland. 28-30 May 2008. Springer. Lecture Notes in Computer Science, volume 5031, pages 139-151. ISSN 0302-9743. ISBN 978-3-540-68805-1. Based on the current authors invention of applying the delegation of signalling rights scheme to the moving network context: Jari Arkko, Jukka Ylitalo, and Pekka Nikander. Addressing mechanisms in mobile IP. United States Patent 20030084293, May 2003.

Keywords: IPv4, IPv6, security, privacy, multi-homing, flow mobility, local mobility, network mobility

This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.

© 2008 Helsinki University of Technology

Last update 2011-05-26