Establishing secure access and communications in a hierarchical mobile IPv6
(HMIPv6) network, when a mobile node is roaming into a foreign network, is a
challenging task and has so far received little attention. Existing
solutions are mainly based on public key infrastructure (PKI) or
identity-based cryptography (IBC). However, these solutions suffer from
either efficiency or scalability problems. In this paper, we leverage the
combination of PKI and certificate-based cryptography and propose a
hierarchical security architecture for the HMIPv6 roaming service. Under
this architecture, we present a mutual authentication protocol based on a
novel cross-certificate and certificate-based signature scheme. Mutual
authentication is achieved locally during the mobile node?s handover. In
addition, we propose a key establishment scheme and integrate it into the
authentication protocol which can be utilized to set up a secure channel for
subsequent communications after authentication. As far as we know, our
approach is the first addressing the security of HMIPv6 networks using such
a hybrid approach. In comparison with PKI-based and IBCbased schemes, our
solution has better overall performance in terms of authenticated handover
latency.