Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Mobile IPv6 Security Microsoft Security Workshop 5 November 2002 Tuomas Aura, Michael Roe, Greg O’Shea (Microsoft.

Similar presentations


Presentation on theme: "1 Mobile IPv6 Security Microsoft Security Workshop 5 November 2002 Tuomas Aura, Michael Roe, Greg O’Shea (Microsoft."— Presentation transcript:

1 1 Mobile IPv6 Security Microsoft Security Workshop 5 November 2002 Tuomas Aura, Michael Roe, Greg O’Shea (Microsoft Research, UK) Jari Arkko (Ericsson Research)

2 2 Outline 1.Mobile IPv6, route optimization 2.Attacks on mobile IPv6 3.How to prevent these attacks 4.More attacks 5.An improved protocol 6.Conclusions

3 3 Internet Protocol (IPv6) ■ Data sent in IP packets, routed through the Internet ■ Source spoofing possible AB source = B destination = A …

4 4 Mobility ■ How to communicate after mobile leaves home? AB C Current location Home Correspondent

5 5 source = A destination = C original: source = B destination = A Mobile IPv6 ■ Mobile always uses the same address A ■ Home agent forwards packets ■ Any address can become mobile A B C Correspondent Current location tunnel source = B destination = A Home

6 6 Route Optimization A B C Home Current location tunnel source = B destination = C For A Routing header Correspondent source = C destination = B This is A I'm at C 2. Binding Update (BU) 3. following packets 1. first packet source = C destination = B This is A Home address option

7 7 Route Optimization ■ Important optimization ■ Any IPv6 node can be a correspondent, any address can be mobile ■ Binding Update (BU) sent before or during communication ■ Often BU triggered when mobile receives a tunneled packet

8 8 False Binding Updates A B C source = C destination = B This is A I'm at C False BU Stolen data Attacker

9 9 Spoofed data The Basic Attack A B C source = C destination = B This is A I'm at C False BU Stolen data Attacker source = C destination = B This is A ■ Highjack old connections or open new ■ A, B and C can be any Internet nodes

10 10 Man-in-the-Middle Attack A B C False BU Attacker ■ Observe and modify data False BU This is B I'm at C This is A I'm at C

11 11 BU Authentication ■ The obvious answer: PKI + IPSec ■ No global PKI ■ Should IPSec authenticate the home address or the care-of address? ► The obvious answer is the home address ► Later, we will see that both must be involved

12 12 Creating trust from nothing? ■ How authenticate between any two IPv6 nodes, without adding infrastructure? ■ Some IP-layer infrastructure available: ► IPv6 addresses ► Routing infrastructure ■ Address-based CAM [O'Shea,Roe2001] ■ Routing-based “weak” authentication

13 13 BU Authentication – v.1 ■ Send a key in plaintext AB C Current location Home Correspondent secure tunnel 2. K 1. BU 3. BU, h (K, BU) reject accept

14 14 Is that good enough? ■ Use K only to authenticate BU from mobile to correspondent, not for anything else ■ The weak authentication, CAM, and other protocols discourage lying about who you are ■ Still possible to lie about where you are!

15 15 Flooding Attack ■ Flood target by redirecting data streams A B C source = C destination = B This is A I'm at C False BU Unwanted video stream Target bbc.co.uk Video stream Attacker

16 16 Flooding Attack - ACKs ■ Spoof TCP-like ACKs, one per window ■ No TCP Reset will be sent! A B C False BU Unwanted video stream Target bbc.com Attacker source = C destination = B This is A ACK False acknowledgments

17 17 BU Authentication – v.2 ■ Ask C whether it wants to be A A C Current location Home Correspondent secure tunnel 2a. K0 1. BU 3. BU, h (K0,K1,BU) reject accept 2b. K1 B

18 18 Is that good enough? ■ Not possible to lie, all information in BUs is true ■ Second order attacks against the authentication mechanisms – denial of service!

19 19 Exhausting State Storage C Attacker Correspondent 2a. K0 1. BU 2b. K1 B lost source = D destination = B This is E I'm at D ■ Correspondent will remember K0, K1 ■ Flood correspondent with false BUs

20 20 BU Authentication – v.3 ■ Stateless correspondent A C Current location Home Correspondent secure tunnel 2a. K0 = h (N, A) 1. BU 3. BU, h (K0,K1,BU) reject accept 2b. K1 = h (N, C) B N periodically changing nonce

21 21 Reflection and amplification ■ Two DDoS packets become one ■ IP trace-back cannot find the attacker A C Current location Home Correspondent secure tunnel 2a. K0 1. 2b. K1 B E DDoS Attacker

22 22 BU Authentication – v.4 ■ Balanced message flows A C Current location Home Correspondent 2a. K0 1b. BU 3. BU, h (K0,K1,BU) accept 2b. K1 B secure tunnel 1a. BU

23 23 Current Mobile IPv6 Draft ■ Return Routability (RR) test for HoA and CoA HoA CoA HA CN 2a. HoT 1b. CoTI 3. BU 2b. CoT CN ESP tunnel 1a. HoTI 4. BA

24 24 Unnecessary BUs ■ Tunneled packets trigger BUs  Spoofed packets to home address trigger true but unnecessary BUs A B C Home source = B destination = A Current location E Attacker spoofed packet tunnel unnecessary BU

25 25 Unnecessary BUs ■ Repeat for DoS ■ Against a mobile or against any node ■ Attack against any BU protocol ► Public-key protocols more vulnerable ■ Defense: limit the amount of resources used for BU authentication, revert to non-optimized routing

26 26 Significance – for academics ■ New types of requirements, assumptions and attacks  Existing protocols not usable  Applicability of formal methods and analysis tools is limited ■ New insights and design principles ■ Zero configuration, zero user interaction (no pop-ups, no user education)

27 27 Significance – for everyone else ■ Mobile IPv6 is not the only way to do mobility ■ Other approaches may suffer from the same types of problem ■ Even if you aren’t using mobile IPv6, the new techniques may still be useful

28 28 Security Protocol Engineering ■ The difficult part: threat analysis, security requirement analysis ■ The fun part: protocol design ■ Results: ► Protocol specs, standard drafts ► New analysis and design principles

29 29 Summary ■ Analyze and solve new problems created by new technology (mobility) before it is deployed ■ Security was the blocking issue in Mobile IPv6 standardization in IETF – not any more ■ Bombing attacks (redirecting data to unwilling recipients) could destroy the Internet – the Return Routability Test has wider applications


Download ppt "1 Mobile IPv6 Security Microsoft Security Workshop 5 November 2002 Tuomas Aura, Michael Roe, Greg O’Shea (Microsoft."

Similar presentations


Ads by Google