REAL - TIME PAYMENTS FOR MOBILE IP

ABSTRACT: With a large number of network operators and service providers, it is necessary to guarantee Payment and remove any complex trust relationships involved in billing. The present authentication schemes in mobile IP do not scale well for large number of nodes. This paper presents a scheme based on hash-chains which allows for fast authentication in real time accounting of network users by mobile nodes. This system will eliminate problems of fraud in mobile networks and need of inter -operator billing agreements. INTRODUCTION: The emergence of new Internet services through wireless handheld devices demand a better quality of services. In mobile IP based networks payments for usage of network resources may take place after the services are used and call detail records (CDRS) must be exchanged by the operators for billing purposes. This becomes a complicated process when a large number of nodes exist. In the micro mobility protocols, signaling messages have the potential to create or modify routing table entries within the routers in the network and therefore must be authenticated prior to any changes to the tables. Failure to implement proper security procedures can allow malicious nodes to masquerade as legitimate hosts and carry out denial-of-service attacks.

This new scheme allows a user to arrive in a new access network and avail themselves of network services by paying the service providers in real time. Now this article presents the current approaches to security in mobile-IP networks, followed by an ideal set of mobility requirements for next generation networks. MOBILITY SUPPORT IN IP NETWORKS: Mobile IP is a network layer protocol that is completely transparent to the higher layers and does not require any changes to the existing Internet hosts or routers. In a mobile IP network a roaming Mobile Node (MN) has two network addresses. The first address is Home Address (HA) which remains unchanged and the second one is Care of Address (COA) which keeps on changing. An MN using its HA appears to be able to receive packets in foreign network through Home Agent (HA) when a host roams into a new COA and the data grams are delivered to the MN through foreign agent (FA). Rapid proliferation in number of wireless devices has led to considerable research in micro mobility protocols. The main aim of protocol is to minimize the number of signaling messages that have to be carried over the core network to support host mobility. Micro mobility architectures support mobility within a local network or domain. When the MN moves between two separate networks, we have to employ the mobile IP protocols.

SECURITY IN MOBILE-IP NETWORKS: 1.HAWAII:

It is a micro mobility proposal offered by Lucent Technologies. The HAWAII scheme divides the network infrastructure into a number of hierarchically arranged domains. A domain is connected to the Internet via a domain root router and may consist of several routers and base stations. A HAWAII node must be able to verify the authenticity of signaling messages originating from a MN and must be able to generate authenticated replies that the MN can also verify. There are three separate security associations. They are : the first between base stations and MN, the second between base stations and HA and the third between HA and MN. 2.AAA: This is the current approach to provide security and trusted communication based on authentication, authorization and accounting (AAA) this is under development in IETF (Internet Engineering Task Force). The following figure shows the entries involved in authenticating and registering a MN in a foreign network using the AAA infrastructure.

MICROPAYMENTS USING HASH CHAINS:

A user generates a hash chain of length N by applying a hash function N times to a random value PN the root of the hash chain. The rooter commits to the chain by digitally signaling the anchor with her private key. For each payment the user releases the hash value P1. The receiver can apply the same hash function to the value P1 to obtain the anchor P0. Since the hash function is one way only the user could have generated the hash value. The figure-2 shows the overall payment process when user generates a chain of length N. the user commits to the anchor P0, the length of the chain, the value of each hash and the vendor at which she wishes to spend the chain. Prior to payment the user forwards the commitment to the vendor, who can verify its authenticity off line. For each micro payment the user releases the next payment hash in the chain. The vendor can redeem the hashes at the broker with whom the user has an account at a later date by presenting the highest payment hash along with the signed commitment.

UNBALANCED ONE WAY BINARY TREE:

The UOBT scheme is an efficient hash scheme where the root of each chain is derived from another hash chain. The scheme is ideal when a large number of hashes are needed and the device has limited storage capabilities, only the tree root value has to be stored on the device to be able to reconstruct the entire UOBT where P100 100 is the tree root. The hash function h1 is repeatedly applied to this value to obtain the backbone hash chain [P100 100 p1 100]. Each of these hash values is used to secret root value for deriving the individual sub chains by applying the hash function h1. For example the value P2 100 is the root of P2 chain which consists of values P2 100, P2 99 and so on, until the anchor of that chain P20 is reached.

The result is a UOBT with a backbone chain length of 100, with each sub chain also consisting of 100 hash values and an overall hash chain tree consisting of 10,000 hashes. The signed commitment consists of a hash of the concentration of the anchors of each of the sub chains [P10, P20, ------, P99, P100] signed with the private key of user or broker.

PROTOCOL OVERVIEW: A mobile user registers with the service provider to obtain a unique network address for the access network in which he/she currently finds him/herself. This address serves as the new COA. The user subsequently purchases provider specific payment tokens from his/her broker via the Gate Way (GW) node. The GW authenticates the BK commitment and broadcasts the payment details to the routing nodes within the access network. In order to be able to receive incoming calls, the mobile node sends an authenticated update of its new COA to its chosen Location management server (LS). It also attaches the number of payment tokens the location server requires to keep the COA information. In addition to the existing fixed servers in the network, a new category of mobile users handle data calls differently from voice calls. To make a data call, the MN obtains the IP address of the destination node of querying a Domain Name Server (DNS) and forwards data grams toward the destination via the GW node in the access network. For voice calls, the MN first pays its LS to obtain the current COA and then forwards data grams to the CN via GW. In each case, the MN attached the required amount of payment token along with each data gram. The hash values perform a function, and are used by the routing nodes in the access network. The payment parameters are removed by the GW node. The service providers periodically deposits the highest payment hash in each chain used by an MN with its broker to redeem payment for network usage.

DESIGN GOALS: The design goals for our authentication and accounting solution for mobile IP based networks are follows 1:Real time payment 2:authentication and router updates 3:Light weight cryptographic procedures 4:Offline payment verification 5:Identified payment tokens 6:Personal mobility

7:Location privacy CONCLUSION: It is believed that in the future there will be a large number of micro and pico cellular mobile networks based on IP, which will provide the next generation of telecommunications. These networks will require secure and scalable AAA provisioning. This solution provides an efficient means of authentication of signaling messages and accounting of resources in such networks. REFERENCES: A.Campbell, et al., Comparison of IP Micromobility Protocol, IEEE Wireless Communication., Vol. 9, no.1, Feb. 2002, PP. 72-82. D. O Mahony, M. Peirce, and H. Tewari Electronic Payment systems for E-commerce, 2nd ed., Artech House, 2001. S. Yen., L. Ho , and C. Huang, Internet Micropayment Based on Unbalanced One-way Binary Tree, July 1999.