Mobility and Security: The Tussles Continue

The Networking 2009 conference took place from the 11th to the 15th May 2009 in Aachen, Germany. Attached to the conference were a couple of workshops; the 2nd International Workshop on Mobile and Wireless Networks Security (MWNS’09) was one of them. I had the honor to give the keynote speech about “Mobility and Security: The Tussles Continue”. I have chosen this title because I noticed a fairly huge gap between what is standardized and what finds it way into deployment and the gap from research to deploy in the area of mobility is almost insane. So, I was wondering what the value of a lot of standardization & research efforts are (other than being nice on paper, which is already suffient for a lot of people).

I produced a slide set that went through some of the mobility protocols and asked around what the deployment situation is (unless I knew it already). Mobility is particularly interesting because a lot of the folks working on this topic have a good understanding of network layer protocols although only certain application layer protocols benefit from it. Unfortunately, persons with knowledge of network layer protocols AND application layer protocols are hard to find and one of the favorite applications, namely voice-over-IP, is also a fairly complex beast from a business and regulatory point of view (as I had to learn with my involvement in IP-based emergency service).

Anyway, here is the slide set:


When you click through the slides you will notice that I don’t see a bright future for HIP and MIP. My main argument is that the incentives are not right. Now, you would probably wonder why I contribute to these protocols. Well, I think that they are technically a good idea. I still hope that Dual Stack Mobile IPv6 will see some deployment IFF some of the protocol design bugs are fixed, namely

  1. Mobile Node to Home Agent Security needs to be much less complex to implement.
  2. Route Optimization has to work in the current Internet (i.e., one that is full of middleboxes).

If these two aspects cannot be fixed for MIPv6 then I don’t see a reason why someone would even think about deploying it. (Please note that my thinking about Proxy Mobile IP is significantly different because the deployment incentives are easier to understand for those who are in the position to deploy it. It is, however, less interesting for researchers…).

It would be interesting to get your feedback to my slide set.

[poll id=”3″]

Update (23. July 2009): Christian Schlatter noticed that some of the links in the presentation cannot be clicked at (and they are not shown either). So, here is the Powerpoint slide set.

1 thought on “Mobility and Security: The Tussles Continue

  1. To add a recent data point related to my presentation:
    http://washingtontechnology.com/articles/2009/08/24/web-dod-releases-ipv6-profile.aspx?s=security_270809

    Citing paragraphs from the article:

    The Defense Department has released Version 4.0 of the IPv6 Standard Profiles for IPv6 Capable Products as part of an update to the Defense Information Technology Standards Registry (DISR) Baseline Release, Version 09-2.0.

    “While we still want to encourage implementation of Mobile IPv6 in products, feedback from several vendors indicated that we were being too aggressive in this area,” said Ed Jankiewicz, a senior research engineer with SRI International at Fort Monmouth’s Branch Office for IPv6 Research Supporting DISA Standards Engineering. “MIPv6 is not as mature as other parts of IPv6, and the market incentives are not yet there to prompt vendors to action. We had some strong language regarding support for Route Optimization in previous versions, and we have stepped back from that.”

Leave a Reply

Your email address will not be published. Required fields are marked *