Secure the Signaling Messages of Mobile IPv6

Mobile IPv6 (MIPv6) is designed for IP mobility management based on host, applying IPSec/IKE as a default security solution. Actually, till now there are other ways to protect the data traffic and signaling for host-based approaches. RFC 4285 proposes an alternate method for securing MIPv6 signaling messages between Mobile Nodes and Home Agents by an extension called authentication option, and recently IETF Mobility EXTensions for IPv6 (MEXT) working group adopts a WG draft which specified a means of security for MIPv6 based on Transport Layer Security (TLS). This paper presents the IPSec/IKE and authentication option security mechanism, and analyzes the problem occurred in MIPv6 working with IPSec/IKE. The security mechanism based on TLS is introduced and analyzed. Then a comprehensive comparison between the three means is given. Finally, we show the prototype implementing and testing with the TLS scheme. To the best of our knowledge, no papers have published TLS based MIPv6 signaling security implementation results.