Presentation on theme: "1 Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering."— Presentation transcript:
1 Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering
2 OUTLINE l 1.Introduction l 2.Typical threats l 3. Mobile IPv6 and new threats l 4.Open issues
3 OUTLINE l 1.Introduction l 2.Typical threats l 3. Mobile IPv6 and new threats l 4.Open issues
4 What is Mobile IP? l Mobile IP is a protocol developed by IETF, aimed to solve the mobility problem of network node. l Mobile IP enables a wireless network node to move freely from one point of connection to the Internet to another, without disrupting the TCP end-to-end connectivity.
5 How Mobile IP works? l When an MN moves from home link to a foreign link, it acquires an IP address from the FA, namely CoA. It also keeps its own Home address. l Registration, MN tells HA its new CoA,. l All the packets aimed to MN from CN will be sent to MNs HA with the original home address, and HA will forward them according to CoA of MN with tunneling.
6 OUTLINE l 1.Introduction l 2.Typical threats l 3. Mobile IPv6 and new threats l 4.Open issues
7 DoS attack l When a bad guy send fake registration request to HA, using its own address as CoA, l 1.the attacker will receive all the packets belongs to MN l 2.all the connection to the MN will fail
8 Solution to DoS l Mobile IP requires all the registration message between MN and HA should be under strict authentication. l Keyed MD5 as the default authentication algorithm, symmetrical key algorithm. l MN and HA negotiate the same secret key before registration, and use it to produce a 16 bit message digest. The HA will check whether the digest received equals to the digest calculated by itself.
9 Replay Attack l Bad guy saves the old valid registration message of MN, and re-send it to HA. l Then the HA will forward packets to the old CoA, rather than the new allocated CoA of MN. l Solution Identification Domain in registration messages –Time Stamp –Nonces
10 DoS attack from MN l A malicious MN could lie about its CoA and in this way mount a DoS attack against another node in the Internet. l The cheated HA will wrongly direct the traffic to the victim node. l However, such an attack is easy to traced since the MN must use its own Security Association information.
11 TCP-Syn Flooding l Bad guy uses fake IP addresses to send TCP-syn packets, occupies the resources of the systems that open TCP service. l TCP-Syn flooding cannot be totally solved unless the TCP protocol be re-designed. l Mobile IP usually uses Ingress Filtering to control the access to relieve the Flooding. However, it means that the assumption of Mobile IP Routing is independent on Source Address fails. –Some adaptations l Use care-of address as source address ( Mobile IPv6) l Tunnel reverse
12 OUTLINE l 1.Introduction l 2.Typical threats l 3. Mobile IPv6 and new threats l 4.Open issues
13 Mobile IPv6 l MN select CoA itself, no need for FA l Binding Update l Binging Acknowledge l Corresponding Node want to communicate with MN, request sent to HA then forward to MN l MN reply with the new CoA information l CN binding the CoA to HA l MN can directly communicate with CN, without a triangular routing.
14 Security of Mobile IPv6 l Using extension header l No FA l The process that CN receive the Binding Update information is vital possible to be attacked l Some generic security problems, but not specific for Mobile IPv6.
15 Threats against Mobile IPv6(1) l If the attacker know the Home Address of the MN, it can send a fake Binding Update to CN, directing the connection to itself.
16 Threats against Mobile IPv6 (2) l Attacker using BU message to direct flooding packets to the victim node.
17 Threats against Mobile IPv6(3) l When attacker is on the route between MN and CN, it can modify the BU messages to mount inter-person attacks.
18 Threats against Mobile IPv6(4) l Attacker sends millions of fake BU message to CN and HA, to occupy the storage and CPU.
19 Solutions l These threats all lead from the fact that CN cannot authenticate or understand Binding Update messages, and can be solved by Authentication mechanism. l When the MN and CN share the same Security Authority, IPSEC can be deployed to authenticate. l In practical situation, MN and CN usually do not have the same SA, Return Routability Procedure
20 RRP mechanism l Return Routability Procedure: authenticate the CoA and HA belongs to the same MN.
21 Mobile IPv4 versus Mobile IPv6 Mobile IPv4Mobile IPv6 Triangular routing, CN cannot understand the BU message Routing Optimization, RRP provide protection for BU messages between MN and CN even not share the same Security Authority When use Ingress Filtering to defeat DoS attack, Reverse Tunneling should be deployed to make sure the packets sent by CN can reach the MN When use Ingress Filtering to defeat DoS attack, no need for Reverse Tunneling Better coexistence with the Ingress Filtering policy Address Resolution Protocol, easily to be attacked. Using Neighbor Discovery Protocol,better robustness and security. Foreign Agent, a potential threatNo FA
22 OUTLINE l 1.Introduction l 2.Typical threats l 3. Mobile IPv6 and new threats l 4.Open issues
23 Open issues l Location Privacy of MN -- no mechanism existed in Mobile IP specifications to fix it, usually solved by Bi-directional tunneling. l Protection of the MN-CN signaling --IPSEC, costly and relies on a public key infrastructure --Purpose-Built Keys (PBK), still under research --Cryptographically Generated Address (CGA), complementary to RRP, but costly