Defeating Internet attacks and Spam using "disposable" Mobile IPv6 home addresses

We propose a model of operation for next generation wireless Internet, in which a mobile host has hundreds of “disposable” Mobile IPv6 home addresses. Each correspondent is distributed a different disposable home address. If attacked on a given home address, the mobile user can block packets to that address and become unreachable to the attacker. Blocking one address does not affect other addresses. Other correspondents can still reach the mobile host. A new home address can also be requested via e-mail, instant messaging, or directly from the target host using a protocol that we develop. This model is especially useful against battery exhausting Denial-of-Service (DoS) attacks and CPU exhausting distributed DoS attacks, since it seems to be the only viable solution, currently. We show however that this model can also be used to defeat other attacks and also to stop spam.

💡 Research Summary

The paper proposes a novel defense mechanism for next‑generation mobile IPv6 environments that leverages the enormous address space of IPv6 to create “disposable” home addresses. In the standard Mobile IPv6 (MIPv6) model a mobile node has a fixed home address (HoA) in its home network and a care‑of address (CoA) that changes as it moves. The home agent maintains a HoA‑>CoA binding and tunnels packets addressed to the HoA to the current CoA. After route optimization, the correspondent can communicate directly with the mobile node.

The authors identify two particularly damaging denial‑of‑service (DoS) threats for battery‑powered mobile devices: (1) battery‑exhaustion attacks, where an attacker continuously sends packets to the victim’s HoA, preventing the device from entering power‑save mode and forcing it to generate reply packets; and (2) CPU‑exhaustion attacks, where high‑cost protocols such as TCP SYN floods, SIP INVITE storms, or IKEv2 initiation requests force the device to perform expensive cryptographic or protocol processing. Experiments show that a simple ICMP flood can drain a smartphone’s battery in 3–4 hours, while IKEv2 cookie mechanisms are ineffective against large‑scale distributed attacks that use legitimate source addresses. Traditional defenses—firewalls, IPsec, or authentication—cannot stop the energy consumption caused by packet reception, because the victim still has to receive and possibly acknowledge the malicious traffic.

To mitigate these threats, the authors suggest that each mobile node pre‑generates hundreds of random IPv6 home addresses, all bound to the same home network. When a contact (friend, service, or business) needs to reach the mobile node, the node supplies a unique disposable HoA to that contact. If a particular HoA becomes the target of an attack, the mobile node instructs its home agent to drop all traffic destined for that address while leaving all other HoAs untouched. Because each correspondent uses a distinct HoA, blocking one address does not disrupt any other ongoing sessions. The victim can later reactivate the blocked address or request a fresh one.

The paper also describes a lightweight protocol for requesting new disposable HoAs. Requests can be sent via e‑mail, instant messaging, or directly through a custom “home‑address‑distribution” protocol that includes a nonce and timestamp to prevent replay attacks. This protocol works without a public‑key infrastructure (PKI), relying instead on temporary challenge‑response verification performed by the home agent.

Beyond battery and CPU DoS, the same disposable‑address approach is applied to SPIT (spam over IP telephony). Spam callers are forced to use a blocked HoA, effectively silencing them without additional filtering. The model also limits location‑privacy leakage: an attacker who probes a single HoA cannot infer the mobile node’s current CoA because the home agent will drop the probe after the HoA is disabled, and other HoAs continue to operate normally.

Implementation considerations are discussed. Maintaining thousands of HoA‑CoA bindings imposes memory and processing overhead on the home agent; efficient data structures and periodic garbage collection are required. Frequent binding updates when the mobile node changes its CoA must be propagated for all active HoAs, which may increase signaling traffic. The authors propose caching strategies and batch updates to mitigate this cost. Security analysis highlights the need to protect the HoA‑request channel from spoofing and to ensure that address revocation messages are authenticated, even in the absence of PKI.

In conclusion, the “disposable home address” model exploits IPv6’s vast address space to provide fine‑grained, per‑contact isolation of traffic. By allowing a mobile node to block a single compromised address while keeping the rest of its communication channels alive, the approach offers a practical defense against battery‑draining and CPU‑draining DoS attacks, SPIT, and certain privacy attacks. The paper identifies open challenges—scalability of the home agent, user‑friendly address management, and robust authentication for address distribution—that must be addressed before large‑scale deployment.