Mobile IPv6 in 3GPP2 Two mechanisms for protecting Binding Updates adopted IPsec with IKE Mobility option auth protocol Manual keying is an issue 3GPP2 uses stream ciphering algorithms for all encryption AES-CTR Stream ciphers more optimal over wireless links Manual keying should not be used with stream ciphers Security vulnerability Two options Prohibit manual IPsec keying in 3GPP2 Use block ciphers when manual IPsec keying is used with Mobile IPv6 Use stream ciphers for everything else Every IPsec implementation is guaranteed to implement block cipher algorithms AES-CBC |