A low-cost packet originator verification for metering at access-routers

Abstract

To provide a mobile device wireless last hop access to packet switched networks, authentication is a necessary pre-requisite for most charging and billing solutions. A lot of work has already been done to establish an initial user and device authentication both within a single administrative domain and across several administrative domains. Unfortunately, initially authenticating the mobile device and even ensuring mutual authentication with the involved access-router does not prevent all types of fraud. Similar to the well-known IMSI-Catcher attack in GSM networks, a malicious mobile node in IP-based networks may spy on the IP-address of a node with access to the wired part of the network. Such an attack is of considerable advantage for a malicious node since it can send traffic free of charge, masquerading as the mobile node by spoofing its IP-address. In this paper, we evaluate different existing protocols to prevent such fraud and finally propose, by presuming an initial device authentication, a new low-cost packet originator verification for accessrouters. Such an approach suits realtime-responsive traffic and is even extendable to support the metering of traffic per device over different access technologies. © Springer-Verlag Berlin Heidelberg 2003.