1 DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad-hoc Network Jaehoon Jeong, ETRI ICACT.

Slides:

Advertisements

Similar presentations

1IETF57 MANET WG Ad Hoc IP Address Autoconfiguration Jaehoon Paul Jeong ETRI 16 th July th IETF.

Advertisements

IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)

1IETF57 DNSOP WG IPv6 Router Advertisement based DNS Autoconfiguration Jaehoon Paul Jeong ETRI 14 th.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.

Implementing IPv6 Module B 8: Implementing IPv6

IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IPv6 Network Security.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

1 Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks Jaehoon Jeong, ETRI ICOIN 2004.

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

1 IP Autoconfiguration for MANET Jaehoon Paul Jeong, ETRI Wireless Access Network and NS-2 Workshop.

1 Name Service in IPv6 Mobile Ad-hoc Network connected to the Internet Jaehoon Jeong, ETRI PIMRC 2003.

1 Autoconfiguration Technologies in IPv6 Mobile Ad Hoc Networks Jaehoon Jeong, ETRI

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn

CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

1 Name Directory Service based on MAODV and Multicast DNS for IPv6 MANET Jaehoon Jeong, ETRI VTC 2004.

1IETF-59 MANET WG Ad Hoc IP Address Autoconfiguration Jaehoon Jeong ETRI 3 rd February 2004 draft-jeong-adhoc-ip-addr-autoconf-01.txt.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Accelerating Service Discovery in Ad Hoc Zero Configuration Networking

Multicast DNS Draft-aboba-dnsext-mdns-00.txt. Outline Goals and objectives Scope of the multicast DNS DNS server discovery Non-zeroconf behavior Zeroconf.

Chapter Overview TCP/IP Protocols IP Addressing.

Research on IP Anycast Secure Group Management Wang Yue Network & Distribution Lab, Peking University Network.

21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.

Lecture 3a Mobile IP 1. Outline How to support Internet mobility? – by Mobile IP. Our discussion will be based on IPv4 (the current version). 2.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

IPv6 Address autoconfiguration stateless & stateful.

DNSNA: DNS Name Autoconfiguration for IoT Home Devices SeJun Lee, Jaehoon (Paul) Jeong, and Jung-Soo Park Sungkyunkwan University & ETRI.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

資管 Lee Lesson 13 IPv6 and Name Resolution. 資管 Lee Lesson Objectives IPv6 name-to-address and address-to-name resolution IPv6 name resolution support.

CMPT 471 Networking II Address Resolution IPv4 ARP RARP 1© Janice Regan, 2012.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Draft-engelstad-manet- name-resolution-00.txt IETF 57, Vienna MANET WG meeting Paal Engelstad, Telenor R&D / UniK.

1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)

Hyung-Min Lee ©Networking Lab., 2001 Chapter 8 ARP and RARP.

Local IPv6 Networking March 2000 Adelaide IETF Bob Hinden / Nokia.

The InetAddress Class Nipat J.. public class InetAddress  This class represents an Internet Protocol (IP) address.  An IP address is either a 32-bit.

CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.

IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.

1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.

© 2006 Cisco Systems, Inc. All rights reserved. BSCI v3.0—8-1 Implementing IPv6 Implementing Dynamic IPv6 Addresses.

1 Service Discovery based on Multicast DNS in IPv6 Mobile Ad-hoc Networks Jaehoon Jeong, ETRI VTC2003-Spring.

RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:

IPv6 Addressing – Extra Slides IPv6 workshop Krakow May 2012.

Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods.

Neighbor Discovery. IPv6 Terminology Additional subnets Router Host Neighbors Host Intra-subnet router Switch LAN segment Link Subnet Network.

Per-MS Prefix Model for IPv6 in WiMAX by Frank Xia Behcet Sarikaya Raj Patil Presented by Jonne Soininen.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

IPv6 Transition Mechanisms - 6DISS Workshop - 5 March 2006 IPv6 Transition Mechanisms, their Security and Management Georgios Koutepas National Technical.

Source-Specific Multicast (RFC4607) Author: H. Holbrook, Arastra, Inc. B. Cain, Acopia Networks Speaker: Wu Zhi Yu.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

VTC2003-Fall1 The Autoconfiguration of Recursive DNS Server and the Optimization of DNS Name Resolution in Hierarchical Mobile IPv6 Jaehoon Jeong, Kyeongjin.

Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.

IP: Addressing, ARP, Routing

Requirements for Ad Hoc IP Address Autoconfiguration

MAC Addresses and ARP 32-bit IP address:

ARP and RARP Objectives Chapter 7 Upon completion you will be able to:

Other Routing Protocols

Lecture 4a Mobile IP 1.

Chapter 5: Link Layer 5.1 Introduction and services

Presentation transcript:

1 DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad-hoc Network Jaehoon Jeong, ETRI ICACT 2004

2 Contents Introduction Related Work Name Service within IPv6 MANET Scenario of Name Service within MANET Authentication of DNS Message Procedure of Secure DNS Name Resolution Testbed for IPv6 MANET Conclusion

3 Introduction Name Service in Mobile Ad-hoc Network(MANET) MANET has dynamic network topology Current DNS can not be adopted in MANET!  Because it needs a fixed and well-known name server Idea of Name Service in MANET All the mobile nodes take part in name service  Every mobile node administers its own name information  It responds to the other node’s DNS query related to its domain name and IP address

4 Related Work (1/2) : Link-Local Multicast Name Resolution (LLMNR) DNS service based on IP multicast in link-local scoped network IETF DNSEXT working group item Each node performs the role of DNS name server for its own domain name. LLMNR SenderLLMNR Responder LLMNR query message (What is IPv6 address of “host.private.local.”?) - It is sent in link-local multicast LLMNR response message (IPv6 address of “host.private.local.”) - It is sent in link-local unicast Verification of LLMNR response - Does the value of the response conform to the addressing requirements? - Is hop-limit of IPv6 header 1? If the result is valid, then the Sender caches and passes the response to the application that initiated DNS query. else the Sender ignores the response and continues to wait for other responses.

5 Related Work (2/2) : Autoconfiguration Technology IP Interface Configuration Name Service Translation between host name and IP address Generation of unique domain name IP Multicast Address Allocation Service Discovery Unicast Service Multicast Service Autoconfiguration Technology IP Interface Configuration Name Service Service Discovery IP Multicast Address Allocation

6 Ad-hoc Name Service System for IPv6 MANET (ANS) ANS provides Name Service in MANET MANET DNS Domain ADHOC. MANET IPv6 Prefix IPv6 Site-local Prefix  FEC0:0:0:0::/64 Architecture of ANS System ANS Responder It performs the role of DNS Name Server ANS Resolver It performs the role of DNS Resolver

7 ANS System (1/2)

8 ANS System (2/2) Main-Thread DUR-Thread ANS Zone DB ANS Responder Process Thread Database Memeory Read / Write Internal Connection Main-Thread Resolv-Thread Timer-Thread ANS Cache ANS Resolver Process Thread Cache UNIX Datagram Socket Memeory Read / Write Internal Connection Application ANS API DNS Query DNS Response DNS Query / DNS Response UDP Socket Connection

9 Name Service in ANS Zone File Generation generates ANS zone file with mobile node’s DNS name and corresponding IPv6 address Name Resolution performs the name-to-address translation Service Discovery performs the service discovery through DNS SRV resource record, which indicates the location of server or the multicast address of the service

10 Scenario of Name Service within MANET MN-A MN-B MN-C DNS Query Message (MN-C.ADHOC.) DNS Query Message is sent in Multicast Receipt of DNS Query Message Request of Host DNS Name Resolution Receipt and Process of DNS Query Message DNS Response Message (MN-C’s IPv6 Address) Gain of DNS Information MN-A tries to connect to the server on MN-C The server on MN-C accepts the request of the connection from MN-A DNS Query Message (MN-C.ADHOC.) DNS Response Message is sent in Unicast

11 Authentication of DNS Message Why is necessary the authentication of DNS message? To prevent attacker from informing a DNS querier of wrong DNS response How to authenticate DNS message? IPsec ESP with a null-transform Secret key transaction authentication for DNS, called as TSIG [RFC2845] Our Scheme of Authentication TSIG message authentication where the trusted nodes share a group secret key for authenticating DNS messages.

12 DNS Message Format Header Section Question Section Answer Section: e.g., AAAA RR Authority Section Additional Section: e.g., TSIG RR DNS message header Question for the name server Resource records answering the question Resource records pointing toward an authority (e.g., AAAA resource record) Resource records holding additional information (e.g., TSIG resource record)

13 Procedure of Secure DNS Resolution Mobile Node A (MN-A.ADHOC.) Mobile Node C (MN-C.ADHOC.) DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?) via site-local multicast and UDP DNS Response (IPv6 address of “MN-C.ADHOC.”) via site-local unicast and UDP Verification of DNS Response - Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid? If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number

14 Testbed for IPv6 MANET We used IPv6 MAODV for Ad Hoc multicast routing protocol For testing multi-hop network configuration, We control Tx and Rx power of IEEE b NIC. Also, we use MAC-filtering to filter out packets in other link. We implemented Wireless Mobile Router based on embedded linux for testing Ad Hoc routing protocols and other applications

15 Experiment of Secure Multicast DNS in MANET Testbed IPv6 Wireless Mobile RouterTest of Secure Multicast DNS

16 Conclusion ANS (Ad-hoc Name Service System for IPv6 MANET) A new name service scheme based on multicast in IPv6 MANET, providing secure name resolution Name Service of ANS Automatic zone file generation Name-to-address translation Service discovery DNS message authentication based on TSIG Future Work We will enhance secure multicast DNS, ANS, in the aspect of performance, considering MANET’s characteristics, such as caching of DNS information reduction of broadcast DNS query messages