Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

Published byKerry Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli."— Presentation transcript:

1 Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli

2 Mobopts, IETF67, San Diego2 Outline Why Need Location Privacy? How to Protect the Location Privacy? –Pseudo Home Address –Dynamic SPI –Home Binding Update –RR signaling –Correspondent Binding Update What is different from original operation?

3 Mobopts, IETF67, San Diego3 Analysis of Location Privacy in MIP6 IP Address Location Privacy and Mobile IPv6: Problem Statement : –draft-ietf-mip6-location-privacy-ps-04.txt

4 Mobopts, IETF67, San Diego4 Pseudo Home Address pHoA Requirements: –Secure –Routable –Dynamic pHoA = Prefix_m || Enc(Kph_i, interface ID) Kph_i = HMAC_SHA1(Kph, IPsec sequence number) where, Kph is the symmetrical key between MN and HA, and Prefix_m is one of home network prefixes

5 Mobopts, IETF67, San Diego5 Dynamic SPI SPI update After getting BU and BA, HA and MN change their SPIs respectively in order to protect the profiling attack. new SPI = (the current SPI + SPI_increment) SPI_increment = First(8, HMAC_SHA1(Kph, the current SPI)) If SPI_increment = 0, then set SPI_increment = 1

6 Mobopts, IETF67, San Diego6 Home Binding Update Home Binding Update with IPsec Transport Mode (i) BU message: IPv6 header source = CoA destination = HA Destination option header Home Address option (pHoA) ESP header in transport mode (with dynamic SPI) Mobility header Home Binding Update Alternative CoA option (CoA) SA in Home Agent: SA_in (IN, spi_a’, home_agent, ESP, TRANSPORT): source = home_address & destination = home_agent & proto = MH

7 Mobopts, IETF67, San Diego7 Home Binding Update Home Binding Update with IPsec Transport Mode (ii) BA message: IPv6 header source = HA destination = CoA Destination option header Home Address option (pHoA) ESP header in transport mode (with dynamic SPI) Mobility header Home Binding Acknowledgement SA in Home Agent: SA_out (OUT, spi_b’, home_address, ESP, TRANSPORT): source = home_agent & destination = home_address & proto = MH

8 Mobopts, IETF67, San Diego8 Home Binding Update Home Binding Update with IPsec Tunneling Mode BU message: IPv6 header source = CoA destination = HA ESP header in Tunnel mode (with dynamic SPI) source = HoA destination = HA Mobility header Home Binding Update Alternative CoA option (CoA) BA message: IPv6 header source = HA destination = CoA ESP header in transport mode (with dynamic SPI) source = HA destination = HoA Mobility header Home Binding Acknowledgement

9 Mobopts, IETF67, San Diego9 RR signaling CoTI/CoT no change HoTI in MN-HA path: IPv6 header source = CoA destination = HA ESP header in tunneling mode IPv6 header source = pHoA destination = CN Mobility header HoTI HoTI in HA-CN path: IPv6 header source = pHoA destination = CN Mobility header HoTI

10 Mobopts, IETF67, San Diego10 RR signaling HoT in CN-HA path: IPv6 header source = CN destination = pHoA Mobility header HoT HoT in HA-MN path: IPv6 header source = HA destination = CoA ESP header in tunneling mode IPv6 header source = CN destination = pHoA Mobility header HoT

11 Mobopts, IETF67, San Diego11 Correspondent Binding Update BU message IPv6 header source = CoA destination = CN Destination option pHoA Mobility header Seq# home nonce index care-of nonce index Enc(Kbm, iHoA) First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU))) where –Kbm = SHA1 (home keygen token | care-of keygen token) ; no change –home keygen token = First (64, HMAC_SHA1(Kcn, (pHoA | nonce | 0))) –care-of keygen token = First (64, HMAC_SHA1(Kcn, (CoA | nonce | 1))); no change –The identity address iHoA could be the real HoA or the first pHoA when established the session.

12 12 What is different from original operation? CN side: Original RR | With additional option -----------------------------------+-------------------------------- | 1) check the packet MUST contain | the same a unicast routable home address | | 2) the Sequence Number field in | the same the Binding Update is greater | than the Sequence Number | received in the previous valid | Binding Update. | | 3) a Nonce Indices mobility option | the same MUST be present | | 4) the correspondent node MUST | In the network i, we use the re-generate the home keygen | same pHoA_i in HoTI_i and BU_i token and the care-of keygen | messages, and CoTI and CoT as token from the information | usual, so the new method can contained in the packet. It | generate the valid Kbm and then then generates the binding | pass the step. management key Kbm and uses | it to verify the authenticator | field in the Binding Update | | 5) create/update the BU entry | first decrypt the new item Enc(Kbm, iHoA), according to HoA | get the iHoA, then create/update | the BU entry according to the iHoA. | BINDING CACHE: pHoA  HoA iHoA CoA Lifetime Seq

13 13 What is different from original operation? HA side: Operation is almost the same as the original, but the key for searching the binding cache is the pHoA instead of the real HoA. MN side: The additional operation is that MN needs to generate a pHoA at every new location and store/update the pHoA in the binding update list. BINDING UPDATE LIST: pHoA iHoA CN HoA CoA Lifetime Seq# BINDING CACHE: pHoA HoA CoA Lifetime Seq#

14 Q & A Thank You

Download ppt "Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
These slides are available on-line at:

These slides are available on-line at:
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.

Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

Similar presentations

Ads by Google