 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The home agent authenticates the requests based on RFC 3344—IP Mobility Support for IPv4 (August 2002). The mobile home authentication is verified and the authentication algorithm and key are retrieved by checking the security association indexed by the security parameter index (SPI) value. This verification results in a 128-bit key and the authentication algorithm with which to compute an MD-5 message digest over the registration request. The Mobile IP home agent supports both HMAC-MD5 and keyed-MD5 authentication algorithms. When the result of this computation matches the 128-bit authenticator, the mobile-home extension is authenticated.
If a security association is configured for the foreign agent, the foreign-home authentication extension is verified; otherwise, authentication success is based only on the mobile-home authenticator.
The home agent checks the identification (ID) field used for matching registration requests with response and protection against replay attacks. The home agent uses timestamp-based replay protection and the ID field represents a 64-bit Network Time Protocol (NTP)-formatted time value. By default, the timestamp must be within 7 seconds of the home agent configured time value.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |