An Enhanced Media-Independent Pre-authentication Framework for Preventing Packet Loss

Abstract

Media-Independent Pre-Authentication (MPA) is used as a secure handover optimization scheme working over any link layer. With MPA, a mobile node (the MN) can establish a security association with a candidate target network (CTN), obtain an IP address and other parameters from the CTN, and complete the binding update of any mobility management protocol with the new care-of address (nCoA) before performing a handover at the link layer. This can significantly reduce handover delay. However, the packets transmitted to the MN may be lost if a link layer handover occurs due to the link going down before the MN completes the binding update. The possible simultaneous mobility problem also gives rise to undesirable handover delay. In this paper, we design a framework called enhanced MPA (eMPA) by improving handover execution procedures of MPA. When a MN decides to perform handover at the link layer, it will request to create an IPSec tunnel between its nCoA and old access router (oAR) before deleting the proactive handover tunnel (PHT) that created between the MN and new access router (nAR). Then data packets sent to the oAR will be forwarded to the MN with the nCoA via nAR. Then the nAR will start to buffer those packets until the MN sends an explicit signal to stop buffering and flushes the packets after completing handover at the link layer. In addition, we present a binding update retransmission mechanism in the eMPA to resolve control plane packet timeout problem. With this mechanism, we can prevent packet loss during the handover.