HONS 08/05
Development of Secure IPsec Tunnelling in a Mobile IP Architecture
Vincent Pau
Department of Computer Science
University of Canterbury
Abstract
Internet Protocol security (IPsec) is a widely accepted standard for securing IP network
traffic but has limited functionality in a Mobile IP environment. The aim of this research
is to develop a solution that enables mobile nodes to handoff IPsec tunnels in a transparent
manner when moving between different networks. Previous researches suggest two general
approaches to solving this problem: to run IPsec over Mobile IP, or to dynamically update
the IPsec tunnel endpoints. As part of this research, we proposed a variation of the
latter approach, whereby Mobile IP registration messages are used to update the IPsec
tunnel endpoints. The solution enables a mobile node to establish an IPsec tunnel once
and maintain the tunnel across handoffs. A testbed was developed for evaluating the
performance of the various approaches under different handoff conditions. The proposed
solution was implemented and tested successfully on the testbed, proving its feasibility.
The study also compares the performance of the proposed solution against running IPsec
over Mobile IP, and the current approach of re-establishing new IPsec tunnels. Although
the proposed solution is more complex compared to running IPsec over Mobile IP, the
results show that it is more efficient in terms of bandwidth overhead. The results also show
that the proposed solution has a lower handoff delay compared to the current approach of
re-establishing new IPsec tunnels.