Mobile IPv6 Security Measures | Exam 400-251 | Cisco

Security Measures for Mobile IPv6

Prev Question Next Question


Which three options are security measures that are defined for Mobile IPv6? (Choose three.)



Click on the arrows to vote for the correct answer

A. B. C. D. E. F.


Mobile IPv6 (MIPv6) is a protocol that allows mobile devices to roam between different networks while maintaining their IP address and network connectivity. Security is an essential aspect of MIPv6 as it involves the transmission of sensitive information, such as the mobile node's location and the home agent's address. The security measures that are defined for MIPv6 are as follows:

A. IPsec SAs are used for binding updates and acknowledgements: Mobile nodes and home agents use IPsec security associations (SAs) to secure the binding update and acknowledgement messages. The binding update message is used by the mobile node to notify its new location to the home agent, while the acknowledgement message is used by the home agent to confirm the binding update. IPsec provides data confidentiality, integrity, and authentication for these messages.

C. Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication: MIPv6 uses the Encapsulating Security Payload (ESP) protocol in transport mode to secure the data traffic between the mobile node and the home agent. ESP provides confidentiality and integrity protection for the payload of the IP packets, and non-NULL payload authentication ensures that the payload is not empty.

E. IPsec SAs are used to protect dynamic home agent address discovery: When a mobile node moves to a new network, it needs to discover the address of the home agent for that network. The home agent address discovery process is vulnerable to attacks such as spoofing and interception. Therefore, MIPv6 uses IPsec SAs to protect this process from such attacks.

F. IPsec SAs can be used to protect mobile prefix solicitations and advertisements: Mobile prefix solicitations and advertisements are used by mobile nodes to discover the prefixes that are available on a network. These messages are vulnerable to attacks such as spoofing and interception. Therefore, IPsec SAs can be used to protect these messages from such attacks.

Option B is incorrect because the use of IKEv1 or IKEv2 is not mandatory for connections between the home agent and mobile node. However, IKEv1 or IKEv2 can be used to establish the IPsec SAs.

Option D is incorrect because Mobile IPv6 control messages are not protected by SHA-2. However, SHA-2 can be used as a hashing algorithm within the IPsec protocol.