Efficient solution to decrease the effect of DoS attack against IP address ownership proof in Mobile IPv6

In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim´s IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.