Presentation on theme: "Security Issues In Mobile IP"— Presentation transcript:
1Security Issues In Mobile IP Zhang ChaoTsinghua UniversityElectronic Engineering
2OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats4.Open issues
3OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats4.Open issues
4What is Mobile IP?Mobile IP is a protocol developed by IETF, aimed to solve the mobility problem of network node.Mobile IP enables a wireless network node to move freely from one point of connection to the Internet to another, without disrupting the TCP end-to-end connectivity.
5How Mobile IP works?When an MN moves from home link to a foreign link, it acquires an IP address from the FA, namely CoA. It also keeps its own Home address.Registration, MN tells HA its new CoA, .All the packets aimed to MN from CN will be sent to MN’s HA with the original home address, and HA will forward them according to CoA of MN with tunneling.
6OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats4.Open issues
7DoS attackWhen a bad guy send fake registration request to HA, using its own address as CoA,1.the attacker will receive all the packets belongs to MN2.all the connection to the MN will fail
8Solution to DoSMobile IP requires all the registration message between MN and HA should be under strict authentication.“Keyed MD5” as the default authentication algorithm , symmetrical key algorithm .MN and HA negotiate the same secret key before registration, and use it to produce a 16 bit message digest. The HA will check whether the digest received equals to the digest calculated by itself.
9Replay AttackBad guy saves the old valid registration message of MN, and re-send it to HA.Then the HA will forward packets to the old CoA, rather than the new allocated CoA of MN.Solution：Identification Domain in registration messagesTime StampNonces
10DoS attack from MNA malicious MN could lie about its CoA and in this way mount a DoS attack against another node in the Internet.The cheated HA will wrongly direct the traffic to the victim node.However , such an attack is easy to traced since the MN must use its own Security Association information.
11TCP-Syn FloodingBad guy uses fake IP addresses to send TCP-syn packets, occupies the resources of the systems that open TCP service.TCP-Syn flooding cannot be totally solved unless the TCP protocol be re-designed.Mobile IP usually uses Ingress Filtering to control the access to relieve the Flooding. However, it means that the assumption of Mobile IP “Routing is independent on Source Address ” fails.Some adaptations：Use care-of address as source address ( Mobile IPv6)Tunnel reverse
12OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats4.Open issues
13Mobile IPv6 MN select CoA itself, no need for FA Binding Update Binging AcknowledgeCorresponding Node want to communicate with MN, request sent to HA then forward to MNMN reply with the new CoA informationCN binding the CoA to HAMN can directly communicate with CN, without a triangular routing.
14Security of Mobile IPv6 Using extension header No FA The process that CN receive the Binding Update information is vital ：possible to be attackedSome generic security problems, but not specific for Mobile IPv6.
15Threats against Mobile IPv6(1) If the attacker know the Home Address of the MN, it can send a fake Binding Update to CN, directing the connection to itself.
16Threats against Mobile IPv6 (2) Attacker using BU message to direct flooding packets to the victim node.
17Threats against Mobile IPv6(3) When attacker is on the route between MN and CN, it can modify the BU messages to mount inter-person attacks.
18Threats against Mobile IPv6(4) Attacker sends millions of fake BU message to CN and HA, to occupy the storage and CPU.
19SolutionsThese threats all lead from the fact that CN cannot authenticate or understand Binding Update messages, and can be solved by Authentication mechanism.When the MN and CN share the same Security Authority, IPSEC can be deployed to authenticate.In practical situation, MN and CN usually do not have the same SA, Return Routability Procedure
20RRP mechanismReturn Routability Procedure: authenticate the CoA and HA belongs to the same MN.
21Mobile IPv4 versus Mobile IPv6 Triangular routing,CN cannot understand the BU messageRouting Optimization, RRP provide protection for BU messages between MN and CN even not share the same Security AuthorityWhen use Ingress Filtering to defeat DoS attack , Reverse Tunneling should be deployed to make sure the packets sent by CN can reach the MNWhen use Ingress Filtering to defeat DoS attack, no need for Reverse TunnelingBetter coexistence with the Ingress Filtering policyAddress Resolution Protocol, easily to be attacked.Using Neighbor Discovery Protocol ,better robustness and security.Foreign Agent , a potential threatNo FA
22OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats4.Open issues
23Open issues Location Privacy of MN --no mechanism existed in Mobile IP specifications to fix it, usuallysolved by Bi-directional tunneling.Protection of the MN-CN signaling--IPSEC , costly and relies on a public key infrastructure--Purpose-Built Keys (PBK), still under research--Cryptographically Generated Address (CGA), complementary toRRP, but costly