Methods and apparatus for securing proxy Mobile IP
First Claim
1. In a network device supporting Mobile IP, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
- receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request;
ascertaining whether the source MAC address is in a table identifying one or more source MAC addresses; and
composing a registration request including a home address field including the source IP address on behalf of the node according to whether the source MAC address is in the table, wherein the node does not support Mobile IP, wherein composing a registration request comprises appending a MAC address extension to the registration request, the MAC address extension including the source MAC address.
2 Assignments
0 Petitions
Accused Products
Abstract
An invention is disclosed that enables proxy Mobile IP registration to be performed in a secure manner. Various security mechanisms may be used independently, or in combination with one another, to authenticate the identity of a node during the registration process. First, an Access Point receiving a packet from a node verifies that the source MAC address identified in the packet is in the Access Point'"'"'s client association table. In addition, as a second mechanism, the Access Point (or Foreign Agent) ensures that a one-to-one mapping exists for the source MAC address and source IP address identified in the packet. As a third mechanism, a binding is not modified in the mobility binding table maintained by the Home Agent unless there is a one-to-one mapping in the mobility binding table between the source MAC address and the source IP address.
147 Citations
32 Claims
-
1. In a network device supporting Mobile IP, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request; ascertaining whether the source MAC address is in a table identifying one or more source MAC addresses; and composing a registration request including a home address field including the source IP address on behalf of the node according to whether the source MAC address is in the table, wherein the node does not support Mobile IP, wherein composing a registration request comprises appending a MAC address extension to the registration request, the MAC address extension including the source MAC address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network device supporting Mobile IP, comprising:
-
a processor; and a memory, at least one of the processor or the memory being adapted for; receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request; ascertaining whether the source MAC address is in a table identifying one or more source MAC addresses; and composing a registration request including a home address field including the source IP address on behalf of the node according to whether the source MAC address is in the table, wherein the node does not support Mobile IP, wherein composing a registration request comprises appending a MAC address extension to the registration request, the MAC address extension including the source MAC address. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. In a network device supporting Mobile IP, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request; ascertaining whether the source MAC address is in a client association table identifying one or more source MAC addresses; and composing and sending a registration request including a home address field including the source IP address on behalf of the node according to whether the source MAC address is in the client association table, wherein the node does not support Mobile IP, wherein composing a registration request includes appending a MAC address extension to the registration request, the MAC address extension including the source MAC address. - View Dependent Claims (20, 21)
-
-
22. In a network device supporting Mobile IP, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request; ascertaining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mapping table; and composing and sending a registration request having a home address field including the source IP address on behalf of the node according to whether a one-to-one mapping between the source MAC address and the source IP address exists in the mapping table, wherein the node does not support Mobile IP, wherein composing a registration request includes appending a MAC address extension to the registration request, the MAC address extension including the source MAC address. - View Dependent Claims (23, 24)
-
-
25. In a network device supporting Mobile IP, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address, wherein the packet is not a registration request; ascertaining whether the source MAC address is in a client association table identifying one or more source MAC addresses; determining whether an entry that exists for the node in a mapping table indicates a one-to-one mapping between the source MAC address and the source IP address; and composing and sending a registration request having a home address field including the source IP address on behalf of the node if it is determined that an entry that exists for the node in the mapping table indicates a one-to-one mapping between the source MAC address and the source IP address and it is ascertained that the source MAC address is in the client association table, wherein the node does not support Mobile IP, wherein composing a registration request includes appending a MAC address extension to the registration request, the MAC address extension including the source MAC address. - View Dependent Claims (26)
-
-
27. In a Home Agent, a method, comprising:
-
receiving a registration request, the registration request including a source MAC address and a source IP address of a node; determining whether an entry that exists for the node in a mapping table indicates a one-to-one mapping between the source MAC address and the source IP address; registering the node with the Home Agent if it is determined that an entry that exists for the node in the mapping table indicates a one-to-one mapping between the source MAC address and the source IP address; and composing and sending a registration reply including the source IP address and the source MAC address, wherein the registration reply includes an extension that includes the source MAC address. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A Home Agent, comprising:
-
a processor; and a memory, at least one of the processor or the memory being adapted for; receiving a registration request, the registration request including a source MAC address and a source IP address of a node; determining whether an entry that exists for the node in a mapping table indicates a one-to-one mapping between the source MAC address and the source IP address; registering the node with the Home Agent if it is determined that an entry that exists for the node in the mapping table indicates a one-to-one mapping between the source MAC address and the source IP address; and composing and sending a registration reply including the source IP address and the source MAC address, wherein the registration reply includes an extension that includes the source MAC address.
-
Specification