The IETF NEtwork MObility (NEMO) working group has considered how to enable an entire network to move from one location to another. Mobile Virtual Private Network (VPN) has been developed to secure mobile user's communication between untrusted external networks and the protected private internal network. However, the IETF's mobile VPN does not address how to support NEMO. In addition, it is not suitable for real-time applications. In this paper, we propose architecture and protocols to support VPN in NEMO, which is called Secure NEMO (SeNEMO). The proposed SeNEMO, based on Session Initiation Protocol (SIP), is specifically designed for real-time applications over VPN. It allows an entire network to move and still maintains session continuity. In addition to analyzing the security vulnerabilities, we also propose analytical models to evaluate the performance of the proposed SeNEMO. The analysis is validated by extensive simulations. The results show that the proposed SeNEMO can reduce signaling cost significantly.
