1.1 Overview of FPMIPv6

The core idea of Fast Proxy Mobile Internet Protocol Version Six (FPMIPv6), which is a Network based local mobility management architecture, is that the mobile node is not involved in any IP layer mobility-related signalling [19–24]. The mobility management architecture supports movement of IPv6 mobile nodes locally with in a domain without requiring mobility support in the network stack of mobile node. A mobile node keeps its IP address constant as it moves from link to link, avoiding signalling overhead and latency associated with changing IP address. Because mobility is managed by the network on the behalf of the mobile node, specifically software for localized mobility management is not required on the mobile node, whereas IP-layer movement detection software may be necessary, and driver software for link-layer mobility is mandatory. “IP mobility for nodes that have mobile IP client functionality in the IPv6 stack as well as those nodes that do not, would be supported by enabling Proxy Mobile IPv6 protocol functionality in the network” [25]. The core functional entities of this protocol are Local Mobility Anchor (LMA) and Mobility Access Gateway (MAG). MAG performs the mobility-related signalling on behalf of the mobile nodes attached to its access links. It is usually the access router for the mobile mode, that is, the first-hop router in the Localized Mobility Management infrastructure. The responsibility of MAG is tracking mobile node in the local mobility domain (LMD) and detecting of mobile nodes inter into access network and out from access link; it initiates the binding registrations to LMA. LMA within the core network maintains a collection of routes for each mobile node connected to the LMD. The routes point to MAGs managing the links where the mobile nodes are currently located. Packets sent or received to or from the mobile node are routed through tunnels between the LMA and the corresponding MAG. The LMA is a topological anchor point for the addresses assigned to Mobile Nodes in the LMD, which mean packets with those addresses as destination are routed to the LMA.

1.2 IEEE 802.21 media independent handover (MIH)

As discussed earlier, IEEE 802.21 working group has built the MIH framework so that upper layers can abstract the heterogeneity aspects of different technologies and interact with them via a unified interface. To handle the particularities of each technology, 802.21 maps this generic interface to a set of media-independent Service Access Points (SAPs) whose purpose is to collect information and control the link behaviors during handovers. In addition, a set of remote interfaces (terminal-network and network-network) are defined to transfer the information stored at the operators’ network to the appropriate locations [13].

A MIH-enabled node consists a functional entity between link layer and upper layers called Media Independent Handover Function (MIHF). This logical entity functions as an abstraction layer between all upper layers’ mobility management protocols (here called MIH users) and different link layer technologies through media independent interface by obtaining information from lower layers through media specific interfaces(see Fig 1).

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 1. High level media independent handover architecture.

https://doi.org/10.1371/journal.pone.0262696.g001

Different functional modules have been defined and layered into Service Access Points (SAPs) to provide interface for MIHF to communicate with upper layers (MIH users) and lower layer radio access technologies [26, 27].

Service Access Points (SAPs)—define both media-independent and media-specific interfaces which are intended to access the services provided by each MIH functional entity. Specifically, the SAPs include:

• MIH-SAP, a media independent SAP that provides a uniform interface for higher layers with MIHF, which is particularly defined for MIH-USER to access the services provided by MIHF layer regardless of access technology.
• MIH-LIN-SAP, a media specific SAP interfaces MIHF with media specific links. For the MIHF to provide media independent event service (MIES) and media independent command service (MICS) for a specific link layer technology, media specific SAP (MIH-LINK-SAP) has defined for a specific link layer.
• MIH-NET-SAP, provides the exchange of information between local MIHF and remote MIHF. Particularly, the Media Independent Handover protocol are defined by IEEE 802.21 working group here. The protocol defines message exchange between two MIHF functional entities to provide remote MIH services [28]. Additionally, for the exchange of MIH messages between the local and remote MIHFs, some network communication functions are defined which provide transport services over the data plane.

1.3 Integration of FPMIPv6 and MIH

FPMIPv6 is a network layer mobility support solution which provides a fast handover interaction framework and defines the related signaling messages format to reduce handover delay and packets loss. However, to implement and deploy FPMIPv6 in large scale, it should consider the link layer operations and specific access technology. As we take this in to consideration, it still has the following problems: (1)Lack of definition of handover triggers events. For example, FPMIPv6 just gives port message to notify the imminent handover in PMAG-initiated mode, which does not provide the operation in detail. (2) Lack of candidate network discovery and selection mechanism which may result in the handover failure. (3)Lack of handover execution procedure and link-layer specific operations in detail. (4)Lack of detailed explicit heterogeneous handover mechanism [29]. Due to these problems, FPMIPv6 should incorporate other mechanisms such as MIH to support heterogeneous handover.

There are several schemes benefits from the cross layer design of layer 2 (L2) MIH framework and layer 3 (L3) FPMIPv6 protocol to optimize handover latency, packet loss or the overall handover performance [30].

While the basic scenario addressed by PMIPv6 considers MNs with just one interface, [RFC5213] also allows a MN to connect to the same PMIPv6 domain through different interfaces. This limited support of multi-interfaced MNs or heterogeneous handover is not fully specified, since the MAG needs to obtain/guess additional information from the MN, in order to decide whether to treat a MN’s interface attachment as a handover or as new interface attachment (i.e. meaning the creation of a new mobility session and, therefore, the allocation of new home network prefixes to the MN). The use of IEEE 802.21 Media Independent Handover (MIH) Services [IEEE80221] may help in obtaining this additional information. The MIH assisted PMIPv6 protocols enable MAG to deal with multi-technology scenarios [30].

Several schemes have been proposed to integrate the network-based PMIPv6 with MIH framework to optimize the handover performance [31]. These schemes are shown to be fit for heterogeneous network handover and their performance is analytically justified or demonstrated in computer simulation. Despite the fact that the schemes are promising to improve the handover latency, packet loss or seamless communication; there are gaps while considering security perspective of the schemes. These security threats would briefly be discussed under section II of this paper.

As a main objective, it is to briefly discuss security threats of local mobility management protocol and we are concerned to design security solutions. Nevertheless, FPMIPv6 is robust for local mobility management; vulnerabilities in either interface (MAG or LMA interfaces) may entail new security threats that go beyond those already exist in IPv6. Objectives of the potential attacks may be to consume network services at the cost of legitimate mobile node, possibly impersonate the mobile node from a position of off-link, operate under non-existing identity, or cause denial of service to the mobile node or to the localized mobility management domain as a whole [11].

FPMIPv6 does not provide all inclusive security solutions, in particular, it doesn’t have a secure and seamless handover features together. This work extends “HIH-enabled Network Only” handover model to enhance its security so that it holds security and seamless handover requirements in one. The proposed “MES-FPMIPv6: MIH-Enabled and Enhanced Secure Fast Proxy Mobile IPv6 Handover Protocol for 5G Networks” also reduces wireless signaling overhead and handover latency MN between the MAGs, as compare to solutions proposed as of this work. The major contributions of this paper work are summarized as follows:

• Enhancing security solutions and improving performance of handover local mobility for 5G applications. As a security enhanced and performance optimized solution, we propose a scheme that mitigates the identified security breaches of the MIH-enabled FPMIPv6 model.
• Reducing overhead of wireless link of the mobile node during handover by extending and enhancing security of Network Only MIH model.
• We have exhaustively discuss security threats of FMIPv6 with respect to security requirements, for which we proposed solutions and obviously contributes the research of the field.
• We simulated the proposed scheme under Avispa and analyzed under BAN Logic, security protocol verification tools, in order to evaluate the reliability of the protocol, which proves the validity of the scheme and would also contribute to the methods of security protocols verification.
• The security of the protocol is analytically illustrated and a performance of handover and authentication Processes is mathematically demonstrated. As one of the basic requirements, mobility management should minimize signaling overhead, handover delay and power consumption of the mobile node. The proposed scheme improves wireless link overhead (mobile node overhead) by 6–86% as cell radius, wireless failure probability and number of hop vary.

The remaining part of the paper is organized as follows: The paper comes up with brief discussion of problem statements (threats associated with PMIPv6) in the following section II. Section III will be a brief of related researches where as IV, which has different sub titles, will be the security solutions proposed for the identified threats. Section V and VI are security analysis and formal security under protocols verification tools respectively, whereas section VII is performance analysis. VIII is numerical results and comparison and the final section includes conclusion.

2.1 Compromised MAG and LMA

Provided that the mobile node (MN) is to handover from neighbor/candidate network with in a local mobility domain and its handover request is served, a compromised LMA can ignore route binding update from the candidate network’s MAG in order to deny service to MN. In addition to that, a compromised LMA may also direct all handover request to a single MAG or forward all data plane traffics to a single MAG by manipulating its routing table. This may result to denial of service. The compromised MAG may falsely send route binding update request to LMA, pretending that the mobile node has sent the request for handover. Moreover, the compromised MAG may trick a LMA in to believing that large number of MNs has attached to the MAG which results in denial of service. All these threats apply not only to a compromised MAG, but also to an attacker that manages to counterfeit the identity of legitimate MAG in interaction with mobile node and LMA which can be categorized as impersonation.

2.2 Impersonated MAG and LMA

An intruder who be able to impersonate these two entities, can forge, modify, or drop route update packets so as to cause an establishment of incorrect routes or the removal of routes that are in active use. It may also consume network services at the cost of legitimate mobile node.

2.3 Impersonated Mobile Node (MN)

An attacker that is able to forge the mobile node identity of a mobile node can trick a MAG into believing there is a handover request from a legitimate user or redirecting data plane packets for the mobile node to the attacker. The attacker can launch such an impersonation attack against a mobile node that resides on the same access link with the attacker, or against a mobile node on a different link. If the attack is on the same link with attacker, there would be no route update signaling between MAG and LMA; because the redirection of packets from the mobile node to the attacker is internal to the MAG [30].

Off-link impersonation requires the attacker to fabricate handover signaling of the mobile node and thus trick the MAG into believing that the mobile node has handed over onto the MAG’s access link. The attack is considered to be one of the attacking scenarios if both the attacker and the mobile node are on separate links that connect to different MAGs.

2.4 Man-in-the-middle attack

As one of the major attacks for mobile node handover, an attacker that can interpose between a mobile node and a MAG during link- and/or IP-layer Hanover signaling, may be able to launch a man in-the-middle attack on the mobile node by tricking the mobile node into believing that it has a legitimate connection with the localized mobility management domain. This enables the attacker to intercept, inspect, modify, or drop data plane packets from or to the mobile node.

2.5 Replay attack

An adversary can resend a handover request message sent earlier from legitimate user in order to use the network free in the expense of legal MN or to impersonate.

2.6 Verifier impersonation

The attack that an adversary creates independent connection with the victims and sends messages between them, causing them to think that they are directly talking to each other over local mobility domain while indeed the whole conversation is manipulated by the attacker [32].

2.7 Server stolen-verifier

Server stolen-verifier attack: if the authentication server stores the MN’s verification table, the authentication scheme would be vulnerable to stolen-verifier attacks. An intruder could forge a valid identity after somehow stealing the stored verifier.

2.8 Location privacy

Keeping the MN’s IP address or Mobile node identity fixed and easily accessible over the FPMIPv6 domain, during initial connection attachment or when executing handover procedure, may result in MN’s location privacy unprotected.

4.1 MIH enabled FPMIPv6 handover model

There are several schemes benefits from the cross layer design of IEEE 802.21 MIH framework and layer 3 (L3) PMIPv6 protocol to optimize handover latency, packet loss or the overall handover performance. These schemes rely on PMIPv6 properties to exploit the MIH services and MIHF capabilities to enhance heterogeneous networks handover. The integration of FPMIPv6 and MIH is classified in to different categories and their operations are detailed using signaling flow diagram in [31].

We (authors of this paper) adapted a PMIPv6 assisted MIH Using MIHF at Network Side Only Handover model for which we have proposed a security solution by improving few of the protocol flow. The main idea of this proposed by handover model is to provide fast handover for the MN regardless of the presence or absence of IP mobility functionality as well as MIH functionality at the MN, which fully maintains the main objective of FPMIPv6 network-based mobility management. i.e Avoiding involvement of MN from local mobility management signaling or related signaling to reduce signaling overhear and power consumption of resource limited MN.

For the purpose of our security solution, we have amended the MIH-Net-HO-candidate-Query request and MIH-Net-HO-candidate-Query response commands, which would be implicitly managed by the Serving MAG instead of the mobile node. Here is where the change of flow of the protocol has been made. A generalized procedural flow of the MIH based PMIPv6 handover protocol is illustrated in Fig 2 for which its detail will be presented along with proposed security solutions.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 2. MIH-based PMIPv6 handover scheme.

https://doi.org/10.1371/journal.pone.0262696.g002

4.2 Preliminaries and notations

Let G₁, G_T be two cyclic groups of order q. One can say that a map is called a n-linear mapping if it satisfies the following properties:

1. If a₁,a₂,…, a_n ∈Z and g ∈ G₁, then we have .
2. If the elements g ∈ G₁ are all generators of their groups G₁, then ) is a generator of G_T.

4.3 Pre-shared parameters and assumptions

Pre-shared parameters are considered as security credentials shared with mobile node during subscription or shared among network entities during network planning. These are mainly stored in both authentication center and mobile node in secure manner so that the entities can access during handover request or when authentication is needed for any other procedures. The proposed scheme design assumptions and the parameters that are considered to be shared during subscription or during network planning are generally discussed as follows:

• K: a shared private key between mobile node and the home authentication system (AAA server) that obtained during subscription through Extensible Authentication Protocol (EAP), Transport Layer Security (TLS) and Evolved Packet Core-Authentication and Key Agreement (EPS-AKA) for WiFi, WiMAX, and LTE or LTE-A respectively.
• KI: newly introduced as unique Key Identifier which is a pointer to the key K that has to be changed or re-assigned after each successful execution of handover protocol or after each successful attachment. Assume KI is known to both MN and AAA server.
• It is assumed that there is a secret key K*_MAG-LMA shared between the LMA and the MAG, which enables establishment of a secure channel between the two entities or allows them to authenticate each other, where * denotes C or S.
• There is an assumption that there would be established secure channels between LMA and AAA server.
• It is also assumed that there is a shared secret key K_MIH-AAA between MIH server and AAA server.
• Key derivation functions (KDF) and Crypto algorithms that are cryptographic hash functions that generate one or more secret keys from a secret value such as a main key (K).
• There would be a lookup table for indexed random generated numbers resides at MN and AAA server, which is for freshness of generated keys during handover.

4.4 Pre-Handover key agreement

Pre-Handover Key Agreement is executed during network planning or before the mobile node joins FPMIPv6 domain. It is intended to agree on handover authentication keys in advance of handover MN mobility or crossing the territory of candidate MAG so as to reduce latency occurred due to key agreement and a unique a identity assignment to core entities. Unless we have strong and secure handover protocol with secure key agreement and distribution solution, an attacker who is able to forge the identity or who can access the control signal of these two entities can impersonate them to consume the resource in the expense of legitimate nodes or interpose in a mobile node’s communications. Hence, using the keys and the identities shared during pre-handover key agreement, the authors have proposed an authentication protocol so that AAA server (Authentication, Authorization, and accounting server), which is considered to be managed under internet service provider, would authenticate the core entities.

In developing the key agreement protocol, we assume that n − 3 number of MAGs, a MIIS server and an LMA have a diameter interaction with the AAA server. As a main objective of the key agreement, MAGs, LMA, MIH-serve and AAA server share group key K_group. This shared group key shall be used for multi-cast or broadcast media independent handover messages/ commands among MIH supporting entities, which would significantly reduces number of messages sent per handover process. It also functions as mutual authentication key among MAGs and LMA, which is ultimately reduces computational and communication cost that could be incurred due to farther key agreement between each MAG and LMA. A brief procedural discussion of the pre-attachment key agreement steps is detailed as follows, having the preliminary parameters under section 4.2.

1. AAA server publishes cyclic groups G₁, G_T (generators g, g_T, order q) where Discrete Log (DL) problem is hard, with an efficient n-linear map e in which (n − 2)^th, (n − 1)^th and n^th entities are considered to be LMA, MIH server and AAA server respectively.
2. For i = 1, …n − 3, MAG_i chooses a_i ∈ Z_q, computes and broadcasts over the network where AAA also publishes .
3. Subsequently, all MAGs and the servers compute a shared key .
4. AAA server generates a sequence of number, which symbolized as SQN in the protocol message flow, and broadcasting it to all group members as it will be used to assure freshness of messages broadcasting among the group during handover.

In general, these procedures are said to be pre-handover key agreement, because they are executed during network planning or before attachment of mobile node to the FPMIPv6 domain and also considered as preparation phase for the handover process in which delay due to the key agreement would be reduced.

4.4.1 Secure MIH enabled PMIPv6 handover protocol.

As it has been already covered; the mobile node, MAG and LMA are the parties that are vulnerable to threats due to local mobility of the node with in a domain. While the mobile node crosses a boundary of serving network, it would be authenticated to new network for service access. The mobility entities are also authenticated by the server through executing procedures that are defined under this section using predetermined parameters and keys the entities agree on. Moreover, they themselves authenticate each other on identities received from AAA. The proposed protocol (Figs 3 & 4) covers mutual authentication of MN, MAG and LMA during handover by ensuring the overall secure flow of control plane signalling and challenging the parties mainly through Message Authentication Code verification method. Information gathering, resource checking, resources preparation, and resource release are core handover processes for which Media Independent Handover (MIH) protocol is mainly needed to integrate with PMIPv6 local mobility management scheme. While the network performing handover on the behalf of the MN, these processes are executed through MIH commands to fill gaps due to media dependence in heterogeneous networks. Once these are performed via MIH services, the remaining handover procedures are managed through the conventional PMIPv6 handover scheme by adding security solutions as enhancement. To elaborate the procedural execution of the protocol fully, a detailed steps of each operation of the proposed security solution for the local mobility management protocol are presented as follows(see Table 1 for symbol notation description):

1. Handover Triggering: As illustrated in the protocol flow diagram of Fig 3, when the MN sense weak signal strength using its L2 mechanisms, it generates a handover triggering message and informs the serving network. This Handover triggering message is accompanied by security credentials such as predetermined random numbers table index (x:TableIndex), mobile identity obtained during preceding handover or initial attachment, hashed message authentication code through shared key during registration phase (MN-AAA-KEY) and key identifier (KI). An interface (IF-2) of MN sends the handover triggering message to serving MAG’s Point of Service (POS) that structured as: where M1 = HMAC(MN-AAA-KEY, (LookUpTable_x ∥ MN-ID_i) ⊕ KI_i), M_auth = HMAC(K_MN-SMAG-Auth, OTP_i ∥ MN-ID_i), K_i = Crypto-Alg-2(MN-AAA-KEY, LookUpTable_x ∥ KI_i) and K_MN-SMAG-Auth is an authentication key shared between MAG and MN in similar fashion as shown in steps ahead.
2. Information Retrieving Request: After receiving the handover indication message from the MN, the serving network entity (POS), verifies an identity of the MN and sends MIH-Get-Information-request command to Media Independent Information Service (MIIS) server, which is to retrieve information about neighbouring networks through MIH functional modules. MN’s identity is verified by serving MAG through validating its authentication code as:
   HMAC(K_MN-SMAG-Auth, SMAG-ID ∥ MN-ID_i) = M_auth?
   The message sent to MIIS would be compiled by encrypting serving network MAG identity (SMAG-ID), MN-ID_i and M1 through shared key K_SMAG-AAA between serving network MAG and authentication server, assuming it was agreed on in advance. The signaling message is framed and sent as follows: where M2 = HMAC(K_SMAG-AAA, SMAG-ID ∥ M1) and M3 = E(x: TableIndex ∥ SMAG-ID ∥ MN-ID_i ∥ M1) as M3 is encrypted under the key K_SMAG-AAA.
3. Before responding to the information request of serving network, MIIS server relays the message from MAG to AAA server by adding its own digested identity to verify legitimacy of the mobile node and the MAG so that a network congestion due to falsely generated requests from adversaries or compromised entities would be reduced. The message received by AAA server would be forwarded as: where M4 = HMAC(K_SMAG-AAA, SMAG-ID).
4. Identity Verification: Through message authentication mechanism, the AAA server verifies MN’s and MAG’s legitimacy which is mainly depend on secrecy of pre-shared keys among these parties. By verifying M2 and M4, the authentication server computes new identity (MN-ID_x+y) using MN-AAA-KEY, old MN ID (MN-ID_i) and predetermined random number from lookup table for which its index is chosen and sent to the server. The following are equated or computed at this stage:
   Note that y is a predefined number through which the randomness of a number chosen from lookup table is increased or maintained.
5. Provided that there is shared group key K_group, the authentication server/AAA server sends a serving MAG ID and index of sequence of numbers that shared to the parties of the group in advance by encrypting under the shared group key. i.e.
6. Information Retrieving Response:
   The MIIS sends back MIH-Get-Information-Response to serving network MAG which includes neighbouring candidate networks status, SQN_SQN-index and its message authentication code hashed via group key. The message is framed as:
   A1 = HMAC(K_group, SMAG-ID ∥ SQN-index).
7. Resource Query:
   Up on receiving the Information Retrieving message, the serving MAG equates HMAC(K_group, SMAG-ID ∥ SQN-index) = A1?, to verify whether the messenger is really a legitimate entity of the network group or not.
   Consequently, the serving network MAG, specifically POS sends MIH-N2N-HO-Query-Resources-request to the all candidate networks in group to assure availability of resources to host MN in handover process. The request message would be constructed as shown below:
   MIH-N2N-HO-Query-Resources-request ∥ E(SMAG-ID ∥ SQN-index)_K_group ∥ M5, where M5 = HMAC(K_group, SMAG-ID ∥ SQN_SQN-index).
8. Resource Query Response:
   The candidate networks compute an authentication code HMAC(K_group, SMAG-ID ∥ SQN_SQN-index) and compare with M5 to verify the messenger is a trusted group member. Once that is confirmed, the candidates respond to the resource query by forwarding MIH-N2N-HO-Query-Resources-response ∥ M6 = HMAC(K_group, C*MAG-ID ∥ SQN_SQN-index) to the serving network, where * would be n − 3 number of MAGs of the candidate networks.
   The serving network MAG authenticates the candidate networks on their digested identities C*MAG-ID as it computes this as:
   As a last step for L2 attachment to a selected candidate network, the serving network MAG sends MIH-N2N-HO-Query-Commit-request to a candidate network with enough resource capability so that quality of service is maintained. Once the candidate network responds to the query, completion of L2 attachment is guaranteed.
9. De-registration:
   The serving network sends a De-registration Proxy binding Update (PBU) to Local Mobility Anchor (LMA) through pre-established secure channel to de-registered the MN from its network for which LMA sends a De-registration Proxy Binding Acknowledgment (PBA) in response to the PBU. At this step, LMA starts to buffer all data linked to MN from Corresponding Node (CN) which would be forwarded to the MN when L3 handover procedures are finalized.
10. Router solicitation: MN sends a router solicitation to obtain an home network IPv6 prefix (HNP). As one of security credentials to be sent, the mobile node computes a new MN ID, which is dynamic for the sake of maintaining privacy requirements, in the same procedure with AAA server. MN also computes L3 handover procedures (FPMIPv6 procedures) authentication and signaling keys through pre-defined key generation functions and crypto algorithms. These are computed as follows:
    The solicitation signal with authentication codes hashed under the generated new MN-ID and authentication keys is delivered to the candidate MAG(C1MAG) as:
11. Proxy binding update (PBU): Receiving the router solicitation request, C1MAG sends a proxy binding update message to LMA.
    Adding its digested ID, i.e A₂ = HMAC(K_LMA-AAA, LMA-ID)) under pre-shared key, LMA forwards the message to authentication server.
12. Up on receiving PBU signal, AAA server validates MN’s, MAG’s and LMA’s identities through message authentication codes sent as validity accreditation from these entities. As discussed under Security Threats section of this paper, the compromised MAG may trick a LMA in to believing that large number of MNs have attached to the MAG. Here, because AAA verifies the mobile node identity before moving to the next procedure, MAG cannot trick LMA in to believing that large number of MNs have attached to it. AAA server verifies: where M8 = HMAC(MN-AAA-KEY, (LookUpTable_x+y ∥ MN-ID_i+1) ⊕ KI_i+1).
    After verifying a legitimacy of MN, candidate MAG and LMA; the authentication sever delivers a computed key K_MNLMA to LMA via pre-established secure channel. The server sends the key with a message, which is framed as M11 ∥ K_MN-LMA that would be forwarded to the MAG which the MN handover to. M10 would be computed as:
13. Proxy binding ACK (PBA):
    Once K_MNLMA and message attached with are received, LMA allocates home network prefix for the MN and creates an entry to binding cache. Subsequently, LMA encrypts HNP and its ID under K_MNLMA and sends to C1MAG compiling with M11, PBA and authentication Message A3, which would be constructed as A4 ∥ A3 ∥ PBA ∥ M11, for which A3 and A4 are computed in a way shown below:
    C1MAG compares the authentication message M8 attached to router solicitation request sent from MN with HMAC hashed from MN ID using the key K_{MN-C1MAG-Auth}. i.e
    Verifying the identity of MN through the above authentication code, MAG (C1MAG) send a message RouterAdvertisement ∥ M12, in response to router solicitation request to MN, where M12 = A4 ∥ A3 ∥ HMAC(K_{MN-C1MAG-Auth}, MN − ID_i+1 ∥ C1MAG-ID) ∥ E(C1MAG-ID)_K_{MN-C1MAG-Auth} ∥ OTP_i+1 as OTP_i+1 will be used for next hop/handover.
14. IP Configuration:
    Up on delivery of the message, MN authenticates MA and LMA through authentication codes received as follows:
    Eventually, router advertisement through which IP address of MN would be configured and traffic tunnelling between the MAG and LMA are executed while the the serving MAG (SMAG) sends MIH-N2N-HO-Complete-request in order to complete the handover process.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 1. Notations.

https://doi.org/10.1371/journal.pone.0262696.t001

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 3. Secure MIH enabled PMIPv6 handover protocol.

https://doi.org/10.1371/journal.pone.0262696.g003

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 4. Secure MIH enabled PMIPv6 handover protocol (continued).

https://doi.org/10.1371/journal.pone.0262696.g004

5.1 Resisting compromised MAG

During handover, a compromised serving MAG can cause denial of service by ignoring the presence of newly detected MN, redirecting to unknown entity pretending it is to LMA or de-registering existing MN from LMA entry table as it has handed-over to another mobility domain. For this threat to happen, MAG can ignore an attachment request of mobile node or it is when the MAG ignores a solicitation request from MN. In either of the cases, the MN waits a response (attachment success signal, router advertisement signal or traffic data) for predefined time interval. If the node does not receive any response with in predefined time interval or receives negative response from a serving MAG (SMAG), it indicates that the access router is compromised, failed or power turned off; then the MN sends a Handover control signal directly to LMA, digesting under key K_MN-LMA which would be shared during preceding handover with LMA.

As a result, the LMA starts data buffering and manages handover procedure with available candidate MAGs in the network mobility domain, in which security requirements are guaranteed or maintained, in the expense of local mobility protocol flow being out of order and handover delay. These proposed procedures can also be taken as a recovery procedures whenever a serving MAG fails to manage the handover process due to different circumstances. As a detail protocol flow of this solution shown is not shown explicitly in Figs 3 & 4 for such a scenario, it is summarized here below:

It is indicated in the protocol that the key is formed as: where KDF() is predetermined Key Derivation Function, x is selected by MN among pre-generated random numbers and y is a constant agree on, in advance. The reset of procedural execution steps are illustrated as follows:

1. From the instance MN learns serving MAG is not responding to handover request for the predefined time interval, it sends a handover/recovery request to LMA along with encrypted new random number(LookUpTable_x′+y) and key identifier(KI_i+1) using K_i which was shared initially or during preceding handover with AAA server, where x′ is newly selected table index. Here, even-though an intruder may access access x′, the LookUpTable_x′ will remain hidden to MN and AAA server because it is stored securely at either side only. The request would be compiled as:
   Recovery-Request ∥ H₁ ∥ E(KI_i+1 ∥ x′)_K_i, where H₁ = HMAC(K_MN-LMA, LMA-ID ∥ MN-ID), K_i = Crypto-Alg-2(LookUpTable_x+y, MN-AAA-KEY, KI_i).
2. Receiving the handover/recovery request from MN, LMA validates the legitimacy of the mobile node by computing:
   Subsequently, LMA hands-over the request to AAA so that the authentication server creates new group key K_group with the remaining group members with in local mobility domain, considering the compromised MAG as a leaving member of the group. A procedure of formation of new group key would be in the same way with section 4.4, except i^th compromised MAG’s is to be excluded.
3. The AAA server selects a new number from group sequence number list (SQN_SQN-index’), where SQN-index’ is newly selected index of predetermined number sequence. Encrypting under the new group key K_group, the server sends the selected index SQN-index’ and new mobile MN-ID_i+1. i.e E(MN-ID_i+1 ∥ SQN-index′ ∥ x’)_K_group.
4. Once the LMA receives the message, it sends a resource query MIH-N2N-HO-Query-Resources-request ∥ E(MN-ID_i+1 ∥ SQN-index′)_K_group ∥ H2) to candidate MAGs, where H2 = HMAC(K_group, SMAG-ID ∥ SQN_SQN-index’)
5. Verifying authentication message H2, the candidate MAGs respond to LMA with resource availability information including their authentication code in the form of: where * stands for numbers 1,2,3…..m for m number of candidate MAGs.
6. Finally, the LMA sends MIH-N2N-HO- Query-Commit- request for which the selected MAG responds with MIH-N2N-HO- Query-Commit- response and the remaining handover process is the same with section 4.4.1.

5.2 Resisting compromised LMA

Once LMA is compromised, it can redirect all packets or handover request signals to a single MAG, which results in denial of service. It may also ignore the handover request or IP tunneled packets from and/or to the mobile node. In our MIH assisted PMIPv6 mobility domain security protocol,redirecting MN handover request to a single MAG may be attempted when LMA may trick in to believing the mobile node that the MAG to handover to is really the one which sent MIH-N2N- HO-Query-Commit-response to the serving MAG. There is no any involvement for LMA in L2(MIH) handover execution procedures to manipulate message flow or identity of selected MAG when our proposed scheme is concerned. Beside that, at the beginning of L3 handover process, the selected MAG sends is hashed identity under preshared key K_C1MAG-AAA to AAA server. This will be verified. i.e. HMAC(K_C1MAG-AAA, C1MAG-ID ∥ M8) shall be verified by AAA server and MN at step l and m of section 4.4.1. As a result, a compromised LMA can not successfully trick MNs to redirect to a single non-selected MAG.

On the other hand, because there is no need for the LMA to involve in the L2 MIH message flow processes, there is no possibility to ignore handover request from MN.

5.3 Resistant to mobile node impersonation

An attacker that is able to forge an identity of a mobile node can trick a MAG into believing there is a handover request from a legitimate user or redirecting data plane packets to attacker. In the proposed scheme a mobile identity MN − ID_i is dynamically set and sent to the network by encrypting or hashing under shared keys during handover process. The mobile identity is possibly sent onto communication channels, ultimately to AAA server, in two cases in our handover scheme, i.e., during L2 attachment and router solicitation requests. In both cases, it is hashed as message authentication code for validity verification using a key MN-AAA-KEY which itself is derived from master key K obtained during initial authentication and encrypted under i^th key K_i that is generated as Crypto-Alg-2(LookUpTable_x+y, MN-AAA-KEY, KI_i) in case of L2 attachment request, where x and y are pre-generated pseudo-random number index and pre-defined constant. This guarantees a secrecy of MN-ID and there is no loophole for an attacker to copy fraudulently.

5.4 Resisting man-in-the-middle attack

An attacker that can interpose between a mobile node and a MAG during link- and/or IP-layer Hanover signaling, may be able to launch a man in-the-middle attack on the mobile node by tricking the mobile node into believing that it has a legitimate connection with the localized mobility management domain, which enables the attacker to intercept, inspect, modify, or drop data plane packets from or to the mobile node. During the proposed handover protocol execution there are only two messages communicated between MN and MAGs. One is to send a handover/L2 attachment request to serving MAG and the other is a query of router solicitation sent to selected candidate MAG. While requesting L2 attachment, the MN sends its and MAG’s digested identity to serving as MN’s identity is unique and dynamically fulfills freshness needs not to replay. MAG verifies this as shown bellow: HMAC(K_MN-SMAG-Auth, SMAG-ID ∥ MN-ID_i) = M_auth?

On the other hand, when the mobile node sends a router solicitation to the selected MAG, a new MN-ID_i+1 is set and hashed using newly generated key K_{MN-C1MAG-Auth} = Crypto-Alg-1(LookUpTable_x+y, MN-AAA-KEY, KI_i+1).

The message that would be sent to the MAG and then relayed to AAA server for authentication is Router-Solicitation ∥ M8 = HMAC(MN-AAA-KEY, (LookUpTable_x+y ∥ MN-ID_i+1) ⊕ KI_i+1).

Here, the server authenticates the MN on M8 and the MAG on authentication message M10 (see section 4.4.1).

As a response to solicitation request, an acknowledgment shall be sent to MN which includes authentication code, HMAC(K_{MN-C1MAG-Auth}, MN-ID_i+1 ∥ C1MAG-ID) as accreditation validation for MN.

For the man in-the-middle attacker to trick in to believing it is a legitimate, it should be able to generate these messages and obtain data plane security keys, which is practically undo-able or not polynomial time task.

5.5 Mitigating replay attack

An adversary can resend a handover request message sent earlier from legitimate user, in order to impersonate the MN and some other entities with in the local mobility network. The proposed scheme can mitigate this, as there are security credentials generated dynamically or newly assigned (fresh) whenever handover request is triggered. For the handover messages between authentication server and the MN, MN-ID_i is dynamically generated; where as LookUpTable_x, key identifier KI_i and shared key K_i are fresh for each complete handover process. In case of messages exchanged between MN and MAGs, authentication keys K_{MN-C*MAG-Auth}, K_MN-SMAG-Auth, and K_MN-LMA are newly generated so that replay attack can be resisted.

5.6 Verifier impersonation

This kind of impersonation is one of the scenarios for impersonation to happen. This is said to be happened when adversary creates independent connection with the victims and exchanges messages with, causing them to think that they are directly talking to each other. In our proposed secure handover protocol, to be successful with that, the adversary should at least be able to generated mutual authentication messages exchanged between MN and MAGs. MN authenticates a MAG it hands-over to on HMAC(K_{MN-C1MAG-Auth}, MN-ID_i+1 ∥ C1MAG-ID) and the MAG authenticates the MN on HMAC(K_{MN-C1MAG-Auth}, MN-ID_i+1). In addition to that, IDs of the MN and the MAG, which can be IP address of these parties, are included within authentication messages so that data plane IP packets will be tunneled by. The attacker has to get authenticated by MN as a MAG and has to own the same ID with that digested within authentication message in order it is said to be successful in Verifier Impersonation. Moreover, for communications among member groups(MAGs, LMA and AAA server), there is a fresh sequence of number(SQN_SQN-index) selected each time handover is triggered. As a result, the scheme is definitely considered as a resistant to the this threat.

5.7 Server stolen-verifier

Storing MN’s verification table may result in stolen-verifier attacks. In our proposed protocol, security credentials stored at authentication server and MN side are random number table LookUpTable_x, key identifier KI_i. An intruder may steal these parameters and then may forge an identity of the mobile node. But, the security keys which are derived from a security stored master key K have to be obtained for the intruder to be successful in forging MN’s identity as mobile node identity MN-ID_i is generated from LookUpTable_x, KI_i and the derived keys.

5.8 Location privacy

Over decades, location privacy has been a big concern for mobile users as it could be tracked easily. Exposing MN’s identity is one of the reasons for mobile node not to have Location Privacy. The proposed scheme mitigates this through assigning a identity of the MN dynamically and sending over network securely. Except the authentication server and MN itself, there is no entity which the mobile identity may be exposed to. This makes the scheme a solution to guarantee Location Privacy.

Keeping the MN’s IP address or Mobile node identity fixed and easily accessible over the PMIPv6 domain, during initial connection attachment or when executing handover procedure, may result in location privacy policy violation.

6.1 BAN logic analysis

BAN Logic is a well-known authentication logic created to assist a validation of authentication protocols which remains popular with many protocol designers. It is a set of rules for defining and analyzing knowledge & beliefs of involved parties in authentication protocol in a formal manner. Specifically, BAN logic helps security protocol designers to determine whether exchanged information is trustworthy, secured against eavesdropping, or both. Generally, an analysis based on BAN logic comprises three steps: (i) idealizing message flow of a protocol (ii) determining protocol assumptions and setting goals (iii) deriving beliefs with respect to the rules and proving the defined goals.

Before going in to details of logic analysis steps of ban logic, let’s briefly summarize a set rules and symbolic notations as follows:

• Notations:
• Message-meaning rule:
  : If P believes that it shares a a secret key K with Q, and if P receives a message containing X encrypted with K then P believes that Q once said X(see Table 2 for symbol notation description).
• Nonce-Verification Rule:
  : if P believes that X is a fresh message, and P believes that it was said by Q than P believes that Q believed once believed X.
• Jurisdiction Rule:
  : if P believes that the principal Q jurisdiction has a control over X and if P believes that Q believes it to be true, then P must believe in it also.
• Session Key Rule:
  : If the entity P believes that X is fresh and Q believes X, then P believes the secret K that is shared between both entities P and Q.
• Freshness-conjuncatenation Rule:
  : If the entity P believes that X is fresh, then P believes the freshness of (X, Y).
• Believe Rule 1:
  , if p believes X and P believes Y, then P believes a collection (X,Y).
• Believe Rule 2:
  , if p believes X and Y collectively, then P believes a X and Y individually.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 2. BAN logic notations and respective descriptions.

https://doi.org/10.1371/journal.pone.0262696.t002

1. i. Idealizing the Message Flow:
   Initially, the message of handover authentication processes for the proposed scheme would be idealized as follows:
   1. (M₁)  MN → SMAG:
       {L2-HO-Triggering, (x:TableIndex, MN-ID_i)K_i, (LookUpTable_x, MN-ID_i, KI_i)_MN-AAA-KEY, (OTP_i, MN-ID_i)K_MN-SMAG-Auth}
   2. (M₂)  SMAG → AAA:
       {(TableIndex, MN-ID_i)K_i, (SMAG-ID, (LookUpTable_x, MN-ID_i, KI_i)_MN-AAA-KEY)K_SMAG-AAA}
   3. (M₃)  AAA → SMAG:
       {(SMAG-ID, SQN-index)K_group }
   4. (M₄)  SMAG → C*MAG:
       {MIH-N2N-HO-Query-Resources-request, (SMAG-ID, SQN-index)K_group}
   5. (M₅)  C*MAG → SMAG:
       {MIH-N2N-HO-Query-Resources-response, (C*MAG-ID, SQN_SQN-index)K_group}
   6. (M₆)  MN → C1MAG:
       {Router-Solicitation,(LookUpTable_x+y, MN-ID_i+1, KI_i+1)_MN-AAA-KEY, (MN-ID_i+1)K_{MN-C1MAG-Auth}}
   7. (M₇)  C1MAG → LMA:
       {(C1MAG-ID, (LookUpTable_x+y, MN-ID_i+1, KI_i+1)_MN-AAA-KEY, (LMA-ID, PBU)K_C1MAG-AAA}
   8. (M₈)  LMA → AAA:
       {(C1MAG-ID, (LookUpTable_x+y, MN-ID_i+1, KI_i+1)_MN-AAA-KEY, (LMA-ID, PBU)K_C1MAG-AAA, (LMA-ID)K_LMA-AAA}
   9. (M₉)  AAA → LMA:
       {(LMA-ID, K_{MN-C1MAG-Auth}, MN-ID_i+1)K_C1MAG-AAA}
   10. (M₁₀)  LMA → C1MAG:
        {(LMA-ID, HNP)K_MN-LMA, (HNP, LMA, ID)K_MN-LMA, PBA, (K_{MN-C1MAG-Auth}, MN-ID_i+1)K_C1MAG-AAA}
   11. (M₁₁)  C1MAG → MN:
        {Router-Advertisement, (LMA-ID, HNP)K_MN-LMA, (HNP, LMA, ID)K_MN-LMA, (MN-ID_i+1, C1MAG-ID)K_{MN-C1MAG-Auth}}
2. ii. Assumptions:
   Initial assumptions, from which goals are derived, have to be set to prove the security of the proposed scheme using BAN logic as listed below:
   1. (A₁)
   2. (A₂)
   3. (A₃)
   4. (A₄)
   5. (A₅)
   6. (A₆)
   7. (A₇)
   8. (A₈)
   9. (A₉)
   10. (A₁₀)
   11. (A₁₁)
   12. (A₁₂)
   13. (A₁₃)
   14. (A₁₄)
   15. (A₁₅)
   16. (A₁₆)
   17. (A₁₇)
   18. (A₁₈)
   19. (A₁₉)
   20. (A₂₀)
   21. (A₂₁)
   22. (A₂₂)
   23. (A₂₃)
   24. (A₂₄)
3. iii. Goals:
   1. The proposed handover scheme should satisfy the following goals to prove its security under BAN logic, applying the assumptions and the set of rules defined.
   2. (G₁)
   3. (G₂)
   4. (G₃)
   5. (G₄)
   6. (G₅) AAA ∣≡ MN ∣≡ MN-ID_i+1
4. iv. Proofs:
   Now, utilizing BAN-Logic postulates rules and the assumptions, we prove or derive set goals.
   1. V1: From message M1, we know that
   2. V2: Having V1, A3 and referring message-meaning rule:
   3. V3: From A18, A20 and Freshness rule:
   4. V4: From V2, V3, and Nonce-verification rule:
   5. V5: Accordingly, based on V3, V4 and Session key rule, G1 will be proved as:
   6. V6: From massage M6, we know that
   7. V7: By taking the assumption A4, V6 and the message-meaning:
   8. V8: based on V7, A21 and Nonce-verification rule:
   9. V9: the second goal(G2) can be derived from V8 on A21:
   10. V10: From massage M11, one can deduce that:
   11. V11: By taking the assumption A4, V10 and the message-meaning rule:
   12. V12: Having the assumption A22, and Freshness rule:
   13. V13: Considering V11, V12 and and Nonce-verification rule:
   14. V13: then G3 shall be proved:
   15. V14: From message M1:
   16. V15: Referring assumption A1, V14 and the message-meaning rule:
   17. V16: From A5, A23, V15 and Nonce-verification rule:
   18. V17: as a result, using Session key rule: which is G4
   19. V18: From message M8:
   20. V19: Referring assumption V17, V18 and the message-meaning rule:
   21. V20: From A24, V19 and Nonce-verification rule G5 is achieved that:

6.2 Analysis under avispa

To illustrate the validity and security capability of the proposed protocol, the vulnerability of the protocol is strongly analysed under Automated Validation of Internet Protocols and Applications (AVISPA)tool. The protocol specification has five participants that are represented by five basic roles. These are mobile node (MN), Local Mobility Anchor (LMA), Serving Mobility Access Gateway (SMAG), Candidate Mobility Access Gateway (CMAG) and AAA server, where these entities are denoted as mn, router1, router2, server and lma respectively in the protocol simulation. Freshness, Secrecy and authenticity of of MN-ID_i, LookUpTable_x, KI_i, OTP_i, and SQN_SQN-idex are some of the defined goals. The server authenticates, MN, MAG as well as LMA on these security credentials and shared keys. MN and MAGs are also mutually authenticated each other on their Unique identities and their shared keys. These all together are set as analysis goals.

Unless animated, there is no guarantee that the message sent from the participants reaches the destination or received by the receiver entity. One can obtain all interleaving between MN, MAG, AAA server and LMA by animating the protocol on SPAN, which is edition and animation tool of AVISPA high-level security protocols verification environment. It also enables to trace the values of the variables whether the correct values are being exchanged within the simulated entities. Hence, the Authors prefer to show the procedural execution of source specification of the newly proposed protocol as it is illustrated in Fig 5. Depending on its pre-defined knowledge, an intruder may try to authenticate the mobile to itself by forging the authentication massages intended for another entity because the intruder is the network.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 5. Protocol execution simulation.

https://doi.org/10.1371/journal.pone.0262696.g005

Under all defined circumstances within the protocol specification, the proposed protocol is found to be SAFE in all back-ends of AVISPA against all possible attacks as shown in Fig 6.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 6. Avispa verification result.

https://doi.org/10.1371/journal.pone.0262696.g006

In GOAL section of the simulation result, it is reported that the goals are satisfied as specified. In other words, the intended security services are achieved. From specified model, one can retrieve modes of message and there is the possibility to check the values of the variables of each participant. The user chooses the variables of each role he wants to monitor. Accordingly, the author followed these procedures to validate the protocol and in general, strong authentication is considered and verified under aforementioned formal analysis session.

7.1 Handover delay analysis

The handover delay is the time interval between the moments when an MN loses connectivity with its serving MAG (SMAG) until the moment it receives the first packets from the candidate MAG (C*MAG). To analyze handover delay and Signaling Cost of the protocols for comparisons, we adapt the method in [29].

Suppose τ is inter-frame time, ρf is the frame error rate over the wireless link, where as Lp and Lf are the packet size (typically an IP packet) and frame size respectively, and D_wl is the wireless link delay.

Assume p_i,j is probability that the first frame sent from the MN arrived at Access Router (AR/MAG) successfully, which is i^th re-transmitted frame at the j^th re-transmission trial. Having this, a one-way frame transportation delay d_frame between the MN and the AR through the wireless link can be expressed as: (1) where i ≤ n, j ≥ i, and D_wl is mainly depending on L2 technology being utilized. (2)

Assuming k is the number of frames per packet over the wireless link, it can be expressed as: (3) where L_p and L_f are the packet size and the frame size, respectively.

From (1)–(3): (4)

Assuming there is no packet loss in case of wired links and will reach the destination without re-transmission, the one way packet transportation delay over the wired link d_wd(Lp) can be obtained as follows: (5) where BW_wired and D_wired are the bandwidth and the latency of wired links, respectively. A one-way packet transportation delay over a wired link through h hops can be expressed as: (6)

From [29] we learn that handover delay of Fast proxiy mobile IP version six (FPMIPv6) handover scheme is expressed as: (7)

As one of the selected schemes for comparison, MIH-SPFP [43] handover delay is defined as follows: (8) where d_wl(M_Auth-WL and d_wd(M_Auth-Wired are time delays due to authentication messages ove MIH-SPFP scheme over wirelesses and wired links respectively.

A handover delay of the proposed scheme incurs an additional time delay of t_Auth as compared to FPMIPv6, where t_Auth is a time required to complete the proposed handover authentication and security credentials processing. Assuming we are implementing HMAC SHA256 for all message authentication codes of our protocol and processing time is negligible, t_Auth would be determined as: (9) where D_wl(M_Pro-Auth-WL) and D_wd(M_{Pro-Auth-Wired}) are time delays due to authentication messages of proposed scheme over wirelesses and wired links respectively. (10)

7.2 Signaling cost analysis

In performing signaling cost analysis, we adopted [29] model, which was a model for a city assumed to have a rectangular surface area (a*b) and mobile node moves in an epoch-based pattern across the city. Suppose d_x and d_y represent the distance between adjacent horizontal roads and vertical roads, respectively. From this, expected epoch length can be expressed as: (11) where N_h = a/d_x and N_v = b/d_y.

Let N_x be the number of subnet crossings in an epoch for horizontal movements and N_y is for vertical movement. Number of expected subnet crossed by the mobile node can be evaluated as: (12) where (13) where as K₂ = 2r/d_y for which is r is a cell radius and there is at most m subnet crossing.

Suppose V_min and V_max are a minimum speed and maximum speed of mobile node respectively, expected time for an epoch can be defined as: (14)

Assuming the mobile node movement to the destination is uniformly distributed over [0, T₍ max)], the expected pause time E(T_p) is calculated as 0.5*T₍ max), where as the number of handover per unit time is expressed as: (15)

For wireless link transmission failing probability P_f, signaling cost of the given solution can be calculated as: (16) where S_FH-WL is the signaling cost of wireless link and S_FH-W is signaling cost of wired link.

Assuming the unit cost of on a wired link is β and wireless link is α, the signaling cost on wired and wireless links would be:

S_FH-WL = α*h₁*M_wl and S_FH-W = β*h₂*M_wired, where M_wl is total communicated message over wireless link, M_wired is over wired link, h₁ and h₂ are average distances between nodes in the network.

Having the above equations, a signaling cost of fast PMIPv6 handover solution can be expressed as follows: (17)

The signaling cost of MIH-SPFP solution is shown as follows: (18)

Similarly, we can calculate signaling cost of our proposed handover solution as follows, which would competitively be demonstrated numerically later. (19)

8.1 Handover delay analysis results

For the numerical calculations, we assumed wireless link layer frame error rate (ρf) varies from 0 to 0.6, L_P = 1500 bytes which is a typical IPv6 packet size, L_F = 127 bytes and user data L_D is known to be 120 bytes. It is also noted that the message authentication code functions through out the comparative schemes are supposed to be HMAC-SH256, wired link bandwidth (B_wired) is 10MHz, and delay over wired link (D_wired) is 35msec.

Fig 7(a) & 7(b) shows the handover latency as ρp varies and when wireless link delay differs. The higher ρp value, the higher handover delay due to re-transmission of packets, which is observed to be true for all the schemes under comparison. As shown in the Fig 7(b), the handover delay increases with wireless link delay as well. Comparatively, the standard FPMIPv6 without security solution has a better handover delay in the expense of fundamental security gaps as a trade off. Providing a security solution for the mobility management security threats, our proposed scheme is nearly selective as standard FPMIPv6. As discussed earlier, in our proposed protocol including L2 handover (MIH) and authentication procedures are fully managed by the network on the behalf of the mobile node. This decreases the wireless link delay and frame error rate significantly, which ultimately reduces over all handover delay.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 7. Handover delay comparison.

https://doi.org/10.1371/journal.pone.0262696.g007

8.2 Signaling cost analysis results

Here below, applying mathematical equations under section 7.2, a signaling cost for each handover protocol is illustrated numerically having parameters and assumptions listed in Table 3 above, for which we referred most of the values from MIH-SPFP [43]. An average speed of the mobile node is assumed to vary from 1–50m/s, where as cell radius r of a subnet network is considered to be 130m–310m. Number of hops among all entities in wired link is supposed to be 5–32, maximum number of subnet crossed(m) = 15, and probability of failure (ρ) is changed from 0.2 to 0.65. In addition, a wireless signaling unit cost β = 2, β = 1.5, and for the sake of security, each time MN reaches a road intersection, it has to take a pause for a random duration between 0 and T_max of which its maximum is assumed to be 100sec. Referring parameters in Table 3, we evaluated the performance of our proposed protocol in comparison with the selected schemes as shown in Figs 8–11. Fig 8 shows the handover over all signaling cost for the standard FPMIPv6, MIH-SPFP and the proposed schemes through out wireless and wired links communication. Here, as the subnet radius r decreases, the signaling overhead increase for all the schemes. The number of hops among the local mobility network increase with the signalling cost proportionally.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 3. Parameters list and corresponding values.

https://doi.org/10.1371/journal.pone.0262696.t003

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 8. Wireless and wired total signaling cost comparison.

https://doi.org/10.1371/journal.pone.0262696.g008

As the total signaling overhead is concerned, our protocol shows an increment 5.9% over the standard FPMIPv6 and 5–7% over MIH-SPFP protocols performance. This is because much of signaling overhead of our protocol goes to wired link as the it is network only handover scheme and wired link signaling cost increases exponentially as number of hops increases.

On the other hand, Fig 9 illustrates a signal overhead of wireless Link only. As clearly stated in the introduction section of this paper, the key objective of FPMIPv6 local mobility standard is to enable the network to manage a mobility of the mobile node on the behalf of it, which is eventually to reduce computational cost, power consumption and signaling cost of the mobile node. As the signaling link of the mobile node is wireless, analyzing the wireless link only overhead is crucial.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 9. Wireless link signaling cost comparison.

https://doi.org/10.1371/journal.pone.0262696.g009

The analysis was undertaken by varying subnet radius and number of hops, where as β = 2, α = 1.5, and failure probability p = 0.2 with all parameters remain the same with the initial setting. The result shows the proposed protocol is advantageous over both the standard FPMIPv6 and MIH-SPFP with an amount of 84.1% 86.9% respectively.

Fig 10 shows the handover failure probability effect on wireless link only. The wireless link failure probability varies from 0.2 to 0.65, the cell radius is set to 250m as the speed of the mobile is set to [1, 50] m/s, where as the number hops differs from 5 to 32. The signaling cost of fast handover is slightly higher than the standard handover, while the proposed solution is lower than others.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 10. Wireless failure probability vs wireless link signaling cost.

https://doi.org/10.1371/journal.pone.0262696.g010

As as handover failure probability P increases, the residence time that the MN resides in the serving network also increases so that the MN gets more time to complete the handover process. As a result, handover delay time increase and signaling overhead also added up due to re-transmission. Though, signaling overhead increases with failure probability, the proposed scheme is far better when wireless only signaling cost in concerned (see Fig 10). Thus, the proposed scheme aligns with the objective of the local mobility management and is preferably applicable to the resource limited mobile devices. Eventually, we analyzed a signaling cost effect of wireless link while the subnet radius r is varied from 130m to 310m. The wireless link failure probability 0.2, the speed of the mobile is set to [1, 50] m/s, where as the number hops is 10.

As radius of the subnet decreases, the border crossing rate to another subnet (serving network) for the MN decreases. This results in the lower handoff latency and signaling overhead for the fact that number of handover requests reduce. Computationally, as radius r decreases, handover per unit time E(N_c) reduces as it is a function of r as shown in Eqs (12)–(15) above. In particular, when referring the mobile node’s signaling overhead, the signaling cost of the proposed solution is lower than the other two as shown in Fig 11, which meets the target of the protocol design.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 11. Wireless failure probability vs wireless link signaling cost.

https://doi.org/10.1371/journal.pone.0262696.g011

At last, a comparison summary of our protocol with other schemes defined for network based local mobility management (PMIPv6) is shown in Table 4 below.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 4. Security and performance comparison of handover protocols.

https://doi.org/10.1371/journal.pone.0262696.t004