Security analysis and concept for the multicast-based handover support architecture MOMBASA

The multicast-based mobility architecture, MOMBASA, has proven to be an efficient and elegant approach for achieving low latency handover with minimum packet loss in mobile Internet communications (Festag, A. et al., Proc. Performance Tools, p.212-19, 2002). The original MOMBASA specification, however, did not include any precautions against malicious attacks on its protocol operation. We present the principal results of a security analysis of the MOMBASA architecture and describe our security concept to counter the identified threats. A main focus is put on attacks against the MOMBASA protocol operation coming into the access network from two main sources: the public Internet and the wireless link. The design of our security concept is specifically suited to ensuring a seamless handover by augmenting the predictive handover functionality of MOMBASA with an accompanying predictive distribution of authentication keys. Furthermore, the security concept includes a rate control mechanism for traffic destined for idle mobile nodes in order to limit the risks of potential denial of service (DoS) attacks against the paging mechanism. While our security measures effectively counter the identified threats from the wireless link and the Internet, first measurements with our prototype implementation show only negligible degradation of handover performance compared to unsecured MOMBASA operation.