Mobile personal firewall

More and more activities (such as, e-commerce, e-learning, e-chat, etc.) rely on mobile devices. It is an important issue on how to protect mobile users engaged in mobile services. Unfortunately, the conventional firewalls are inappropriate for mobile networks because of the limited computing and communication capabilities of mobile devices. Furthermore, with a conventional firewall, a guardian is not able to monitor/control dynamically the mobile node´s activities when the mobile node roams. In this paper, we introduce a new concept of mobile personal firewall and propose a concrete scheme that matches mobile environment and exploits mobile network facilities. When a mobile node (MN) roams into a foreign network managed by a mobility anchor point (MAP), the home agent (HA) will authorize the MAP to serve as a security proxy. The HA will negotiate with the MAP on the security association and then transfer to the MAP the defined security rules that will be applied on all communications to the MN (via the MAP). The MAP could send the MVs traffic logs to the HA. The MVs guardian could dynamically monitor the MVs activities by retrieving the MVs traffic logs through the HA. If necessary, the MVs guardian could update the security rules so that the MVs activities could be controlled dynamically. All the operations are transparent to the MN, and the MN will be served in the way specified by his guardian no matter where he roams.