Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University."— Presentation transcript:

1 Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University

2 Spring 2001CS444N2 TRIAD approach Host on network gets temporary local name Host still contactable through home network –Home directory service is like a home agent –Home directory provides a redirect to temporary name If mobile host moves –Relay agents can forward packets for fast handoff –Local relay agents are like foreign agents Still contactable through real name at home network –Must register new address with home service –This is important if MH and CH both move –After how long do you re-contact home base?

3 Spring 2001CS444N3 TRIAD advantage? +Changes all made at naming level +Implies traffic doesn’t need to flow through home net –But this assumes smart correspondent hosts Ultimately not much difference between TRIAD and mobile IP for mobility (There’s no free lunch.)

4 Spring 2001CS444N4 TCP-level mobility support Use dynamic DNS for initial name lookup If name changes during a connect, use TCP migrate option If name changes between DNS lookup and TCP connection, then do another DNS lookup

5 Spring 2001CS444N5 TCP-level advantages and disadvantages +No tunneling +No need to modify IP layer +Possibly more input from applications -Requires secure dynamic DNS -Scalability issue not entirely dismissable -What if both endpoints are mobile? -Need to modify multiple transport layers -More transport-level changes required than IP-level additions -Security issues more severe (1 st paragraph of Section 5 is false) -Requires application-level changes for DNS retries

6 Spring 2001CS444N6 Overall TCP-level questions Are IP address changes a routing responsibility or an application responsibility? Is this really end-to-end? With dynamic DNS requirements, application-level changes, and TCP changes, why not just do DNS retry every time a connection fails?

7 Spring 2001CS444N7 What do you need for mobile routing? A way to translate from name to location –Through a name service like DNS? Inform name service whenever you move Reverse name lookups may even work Lots of updates for a global name service –Through a “home base” like Mobile IP and TRIAD? “Home agent” that knows where you are Packets may take a longer route or else you need mobile-aware correspondent hosts

8 Spring 2001CS444N8 What do you need for fast handoffs? Local agents? –Until they lead to long forwarding chains –Should still notify name service or home base Mobile-aware correspondent hosts? –Maintain bindings of names with real locations? –Mobile host or foreign agents may update this information –Communicate change directly to non-mobile end-point –A problem if both endpoints are mobile –May ultimately have to contact name service or home base again How do you know when to do that –After how many packets? –Continuous use of home base solves this problem at expense of slower paths

9 Spring 2001CS444N9 Providing networks for visitors The flip side of mobility Several questions: –For small or medium-sized institutions, who will create and maintain special visitor networks? –Can we instead leverage our own existing networks? But do you trust visitors to use your own network? Solution requirements: –Enough security to make system administrators content –Ease of use and deployability No special hardware or software on mobile hosts No special hardware in network

10 Spring 2001CS444N10 Our visitor network solution Subnet(s) of existing net dedicated to visitors Inverse firewall (a “prison-wall”) –Visitor packets can’t get out unless authenticated –Life inside the subnet may be harsh Only requires browser with secure socket layer

11 Spring 2001CS444N11 SPINACH illustration

12 Spring 2001CS444N12 SPINACH vulnerabilities Window of vulnerability: –One user leaves system before lease times out –Another user spoofs previous user’s IP/MAC address information Solutions: –Can be fixed with network hardware –May be reduced with “pings” from router to hosts –May be reduced with shorter leases –But users like longer leases Better solution might be PANS [Miu & Bahl, USITS 2001]

13 Spring 2001CS444N13 PANS Protocol for Authorization and Negotiation of Services Client can download necessary software from local agent Client and “gateway” negotiate session key Packets tagged with this key to prevent unauthorized traffic Overhead of packet tagging doesn’t seem too severe

14 Spring 2001CS444N14 SPINACH lessons learned Security is a spectrum with parameters –Airtight/awkward …….. Weak protection/easy to use –We aim for the middle in this case –With further facilities (software download, etc), ease of use migrates towards more secure solutions

Download ppt "Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University."

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
IP Mobility Support Basic idea of IP mobility management

IP Mobility Support Basic idea of IP mobility management
Mobile IPv4 Courtesy of Scott Midkiff with Virginia Tech Mary Baker with Stanford (Now HP)

Mobile IPv4 Courtesy of Scott Midkiff with Virginia Tech Mary Baker with Stanford (Now HP)
Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101

Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
ConnectionMigration 818L Network Centric Computing Spring 2002 Ishan Banerjee.

ConnectionMigration 818L Network Centric Computing Spring 2002 Ishan Banerjee.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

Similar presentations

Ads by Google