12.1 INTRODUCTION

Several important security implications for Mobile IP are explained in this chapter. VPN and firewall are two of the most widely used security technologies nowadays. Since they are not designed for mobile terminals, careful considerations are needed to be effective even for mobile terminals. In the next section, Mobile IP with VPN is considered. Since no concrete work has been done for Mobile IPv6 (MIPv6) with VPN so far, Mobile IPv4 (MIPv4) with VPN is briefly described. Since it is expected that some problems which might occur in MIPv6 to coexist with VPN will be similar to those in MIPv4 environments, considerations of MIPv4 with VPN will help readers to understand situations for MIPv6 with VPN in the future. Section 3 describes cryptographically generated address. As described in Chapter 10, the default security mechanism for mobile nodes in MIPv6 Binding Update is return routability. It tries to prove the ownership of home addresses by mobile nodes. However, it exposes weakness to various attacks such as man-in-the-middle attack. Thus, stronger security mechanisms for the proof of ownership of home addresses are needed. Cryptographically generated address receives widest consensus as an optional security mechanism for MIPv6. Firewall traversal problem is described in Section 4.

12.2 VPN PROBLEMS AND SOLUTIONS IN MIPv4