Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting
The Context Transfer Protocol Protocol seamoby-ctp (3) is a protocol used whan a MN is moving (or may be moving) from one router to another, allowing state information to be transferred between edge mobility devices. Examples of state information that could be useful to transfer include AAA information, security context, QoS properties assigned to the user, Robust Header Compression information, etc. [96] explains the main reasons why Context Transfer procedures may be useful in IP networks.
[109] describes the protocol, but security details are missing. We assume that the protocol will be fully specified within the next 6 months, or we will make assumptions about the missing details. The current proposal seems to be enough to construct a model for verification purposes. It proceeds roughly as follows: assume that a mobile node MN moves from one previous access router pAR to a new one, nAR, and that the two ARs have established a secure channel in advance (for instance over IPSec). To be more specific, we restrict ourselves to the case in which the context transfer is request by MN, the mobile node. Then either one or both of the pAR and nAR authenticates MN and authorizes the MN's credentials before authorizing the context transfer and release of context to the mobile. This should prevent the possibility of rogue MNs launching DoS attacks by sending large number of CT requests as well as causing a large number of context transfers between ARs. Another consideration is that the mobile provides an authentication ``cookie'' to be included with the context transfer message sent from the pAR to the nAR and confirmed by the MN at the nAR.
The most important properties here are temporal properties, for instance, if the context of a MN is moved to a certain AR, then the MN has indeed requested the context transfer. The protocol also has authentication and secrecy requirements, including that the ARs authenticate the MN and vice-versa, and that the MN authenticates the authentication cookie (sent originally by itself) presented by the new AR.
For related drafts see [108] and [184].
Protocol seamoby-ctp should provide Key Agreement, 3P-Authorization, and a property that may be expressed as a Temporal Formula (G1-3,6,7,12,20).