Please Whitelist This Site? I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :) If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads. If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK. Thanks for your understanding! Sincerely, Charles Kozierok Author and Publisher, The TCP/IP Guide

NOTE: Using software to mass-download the site degrades the server and is prohibited. If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The TCP/IP Guide  9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)       9  TCP/IP Internet Layer (OSI Network Layer) Protocols            9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)                 9  Internet Protocol Mobility Support (Mobile IP)

Mobile IP Efficiency Issues 1 2 Internet Control Message Protocol (ICMP/ICMPv4 and ICMPv6)

Security is always a concern in any internetworking environment these days, but is especially important with Mobile IP. There are a number of reasons for this, which are related to both how the protocol is used and the specific mechanisms by which it is implemented.

In terms of use, security was kept in mind during Mobile IP's development because mobile devices often use wireless networking technologies. Wireless communication is inherently less secure than wired communication, because transmissions are sent “out in the open” where they can be intercepted. It's also easier for malicious users to possibly disrupt the operation of wireless devices than when they connect using wires.

In terms of operation, Mobile IP has a number of risks due to it using a registration system and then forwarding datagrams across an unsecured internetwork. A malicious device could interfere with registration process, causing the datagrams intended for a mobile device to be diverted. A “bad guy” might also interfere with the data forwarding process itself, by encapsulating a bogus datagram to trick a mobile node into thinking it was sent something that it never was.

For these reasons, the Mobile IP standard includes a limited number of explicit provisions to safeguard against various security risks. One security measure was considered sufficiently important that it was built into the Mobile IP standard directly: authentication of Registration Request and Registration Reply messages. This authentication process is accomplished in a manner somewhat similar to how the IPSec Authentication Header (AH) operates. Its goal is to prevent unauthorized devices from intercepting traffic by tricking an agent into setting up, renewing or canceling a registration improperly.

All Mobile IP devices are required to support authentication. Nodes must use it for requests and agents must use it for replies. Keys must be assigned manually as there is no automated system for secure key distribution. The default authentication method uses HMAC-MD5 (specified in RFC 2403), which is one of two hashing algorithms used by IPSec.

Mobile IP Efficiency Issues 1 2 Internet Control Message Protocol (ICMP/ICMPv4 and ICMPv6)