Simulation Tests 116

Each Simulation will be run for 60 seconds in simulation time for the results to be comparable.

Also to limit any other external factors from influencing the results, the network connections and nodes all behave with the same level of delay (100ms) and processing speed. This creates a level playing field to calculate latency and effectiveness.

To simulate potential opportunities for attack another binding update will be sent after 5 data packets have been exchanged. If the Attacker or Mobile Node has had no reply within 2 seconds it will resend the connection request.

If the attacker hijacks communication it will delete any duplicate packets to have only a single ongoing dialogue and to reduce network load. The first messages that the nodes send are not included in the results.

The nodes, Attacker and Mobile Node, begin by sending a Request message to the Correspondent Node. This is replied to with an Acknowledgement message and then once that is received the node will send a Binding Update request. For the Mobile to complete the request the Correspondent must reply with a Binding acknowledgement message. However if the Attacker can spoof the Mobile Nodes address and identity it received the binding Acknowledgement it can update the location on the Mobile Node to the Home Agent redirecting all traffic to the Attacker.

To prevent this various existing and proposed security solutions will be implemented to stop the Attacker from impersonating, hijacking, redirecting data and preventing denial of service to the Mobile Node.

Each solution will be tested with the network on its own and with a variety of attacks in differing network configurations.

The main attack to be performed will be a false Binding Update.

However as currently existing security techniques are tested, then so are current methods of bypassing them. Then the proposed security solutions are tested with the same attacks so if they can withstand them.

The following is a list of the simulations that will be run, which will cover the network in its various configurations, different attacks and the security solutions:

The scenarios shown in Table 1 are explained here in more detail:

The first simulation of every scenario is a control to gather data that can then be compared to other scenarios. Controls

Simulation 1: Control. Standard network in 4 configurations for based line establishment.

Simulation 2: Control. Standard network attacked in 4 configurations with direct attack methods. Cryptographically Generated Addresses

Simulation 3: Cryptographically Generated Addresses (CGA) impact on standard network in 4 configurations. Simulation 4: CGA impact on attacker using its own CGA address. This Attack is called CGA1. Simulation 5: CGA impact on attacker attempting to spoof the MNs Home Agent. This Attack is called CGA2. Return Routability

Simulation 6: Return Routability (RR) on control network. Simulation 7: RR with attacker using HA as HoT. This Attack is called RR1. Simulation 8: RR with attacker using it’s self to spoof the HA. This Attack is called RR2. Distributed Authentication Protocol

Simulation 9: Distributed Authentication Protocol (DAP) with control network.

Simulation 10: DAP with attack

Dual Identity Return Routability

Simulation 11: Dual Identity Return Routability (DIRR) with control network.

Simulation 12: DIRR with 1st attack.

Simulation 13: DIRR with 2nd attack.

Combined Simulations.

What you see blow is the simulation number, the security combination used and the attacks mounted:

Simulation 14: CGA+RR – Control

Simulation 15: CGA+RR – cga attack 1 and rr attack 1 Simulation 16: CGA+RR – cga attack 2 rr attack 1

Simulation 17: CGA+RR – cga 1 rr 2

Simulation 18: CGA+RR – cga 2 rr 2

Simulation 19: CGA+RR+DAP – Control

Simulation 20: CGA+RR+DAP – cga 1 rr 1

Simulation 21: CGA+RR+DAP – cga 2 rr 1

Simulation 22: CGA+RR+DAP – cga 1 rr 2

Simulation 23: CGA+RR+DAP – cga 2 rr 2

Simulation 24: CGA+DIRR+DAP – Control

Simulation 25: CGA+ DIRR +DAP – cga 1 rr 1 Simulation 26: CGA+ DIRR +DAP – cga 2 rr 1 Simulation 27: CGA+ DIRR +DAP – cga 1 rr 2 Simulation 28: CGA+ DIRR +DAP – cga 2 rr 2

Introduction of Mobile Home Agent What you see blow is the simulation number, the security combination used and the attacks mounted: Simulation 29: Mobile Home Agent (MHA) – Control

Simulation 30: MHA – Attack

Simulation 31: CGA impact on standard network in 2 configurations with MHA. Simulation 32: CGA impact on attacker using its own CGA address with MHA. Simulation 33: CGA impact on attacker attempting to spoof the MNs Home Agent with MHA. Simulation 34: RR on control network with MHA. Simulation 35: RR with attacker using HA as HoT with MHA Simulation 36: RR with attacker using it’s self to spoof the HA with MHA. Simulation 37: DAP with control network with MHA.

Simulation 38: DAP with attack with MHA

Simulation 39: DIRR with control network with MHA. Simulation 40: DIRR with 1st attack with MHA. Simulation 41: DIRR with 2nd attack with MHA. Combined Simulations with Mobile Home Agent.

What you see blow is the simulation number, the security combination used with The Mobile Home Agent

and the attacks mounted:

Simulation 42: CGA+RR with MHA. – Control Simulation 43: CGA+RR with MHA. – cga 1 rr 1 Simulation 44: CGA+RR with MHA.– cga 2 rr 1 Simulation 45: CGA+RR with MHA. – cga 1 rr 2 Simulation 46: CGA+RR with MHA. – cga 2 rr 2 Simulation 47: CGA+RR+DAP with MHA. – Control Simulation 48: CGA+RR+DAP with MHA. – cga 1 rr 1 Simulation 49: CGA+RR+DAP with MHA. – cga 2 rr 1 Simulation 50: CGA+RR+DAP with MHA.– cga 1 rr 2 Simulation 51: CGA+RR+DAP with MHA.– cga 2 rr 2 Simulation 52: CGA+DIRR+DAP with MHA. – Control Simulation 53: CGA+ DIRR +DAP with MHA. – cga 1 rr 1 Simulation 54: CGA+ DIRR +DAP with MHA. – cga 2 rr 1 Simulation 55: CGA+ DIRR +DAP with MHA. – cga 1 rr 2 Simulation 56: CGA+ DIRR +DAP with MHA. – cga 2 rr 2