Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea.

Slides:



Advertisements
Similar presentations
MONET Problem Scope and Requirements draft-kniveton-monet-requirements-00 T.J. Kniveton Alper Yegin IETF March 2002.
Advertisements

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Enabling IPv6 in Corporate Intranet Networks
Guide to Network Defense and Countermeasures Second Edition
Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.
1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Rev A8/8/021 ABC Networks
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
Next-Generation Mobility Technology & Trials Mat Ford
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
HOST MOBILITY SUPPORT BAOCHUN BAI. Outline Characteristics of Mobile Network Basic Concepts Host Mobility Support Approaches Hypotheses Simulation Conclusions.
NEtwork MObility By: Kristin Belanger. Contents Introduction Introduction Mobile Devices Mobile Devices Objectives Objectives Security Security Solution.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Mobile IP, PMIP, FMC, and a little bit more
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
11 KDDI Trial Hub & Spoke Shu Yamamoto Carl Williams Hidetoshi Yokota KDDI R&D Labs.
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
Req1 - Separability Old: –An RO scheme MUST have the ability to be bypassed by traffic types that desire to use bidirectional tunnels through an HA. New:
IPv6 for Mobile and Wireless Internet Alper E. Yegin DoCoMo USA Labs IPv6 Forum Technical Directorate Member, IETF PANA Working Group Chairman.
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)
1 IPv6 Deployment Scenarios in (e) Networks draft-ietf-v6ops deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
DHCP - Prefix Delegation for NEMO Ralph Droms (Cisco) Pascal Thubert (Cisco) 59th IETF, NEMO WG.
Mobility in the Internet Part I. 2 Motivation: the changing wireless environment Explosion in wireless services –Some connectivity everywhere –Overlapping,
Universal, Ubiquitous, Unfettered Internet © ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,
MOBILE IP GROUP NAME: CLUSTER SEMINAR PRESENTED BY : SEMINAR PRESENTED BY : SANTOSH THOMAS SANTOSH THOMAS STUDENT NO: STUDENT NO:
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
Networking Components Michelle Vega Network System Administrations LTEC /026 Mr. West.
Wireless Network Design Principles Mobility Addressing Capacity Security.
輔大資工所 在職研一 報告人:林煥銘 學號: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
1 NCM _05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. How would you prepare for the technology you need.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
Introduction to Mobile IPv6
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.
Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Network Mobility (NEMO) Advanced Internet 2004 Fall
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
 Mobile IP is the underlying technology for support of various mobile data and wireless networking applications.  It is designed by IETF.
<draft-ohba-pana-framework-00.txt>
Route Optimization of Mobile IP over IPv4
2002 IPv6 技術巡迴研討會 IPv6 Mobility
Application Layer Mobility Management Scheme for Wireless Internet
Computer Networks Protocols
Presentation transcript:

Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, Seoul, Korea

1 Internet - Yesterday Internet DSL Home Network Dial up Home user T1 Enterprise Network

2 Internet - Today and Tomorrow Internet DSL Home Network DSL Home Network Mobile Network GPRS Dial up Home user W-CDMA T1 Enterprise Network Operator Network Community Network PAN

3 Challenge Users expect the same characteristics (greedy!) –Secure –Reliable –Seamless –High performance Burden is on: –Standards bodies (IETF, IEEE, 3GPP, 3GPP2, etc.) –Vendors –Operators

4 Security First things first! Physical security is replaced with crypto- based security –Threats: Eavesdropping, spoofing –Not a full replacement! Crypto designs and experts get a good exercise!

5 Solutions Good solutions: –3GPP, 3GPP2 Bad solutions –IEEE WEP fiasco! Practical but less than adequate solutions: –WECA WISPer: HTTP redirect and web-based login hackery Practical and reasonable solutions: –IEEE b access outside VPN gateway

6 The Right Solution Authenticate, authorize the client Accounting and privacy Home Network Visited Network host AP Access Router Home AAA ISP AAA PANA, 802.1X Diameter, RADIUS

7 The Right Solution IETF AAA, EAP, and PANA Working Groups IEEE i, 802.1aa Home Network Visited Network host AP Access Router Home AAA ISP AAA PANA, 802.1X Diameter, RADIUS

8 Global AAA AAA web of trust is here (unlike global PKI) and more capable. Home Network Visited Network AAA server AAA server Visited Network AAA server Home Network AAA server AAA broker AAA broker

9 Impact Security is never plug-and-play (plug-and-get- hacked!) Additional infrastructure –Front-end AAA servers (NAS) –Backend AAA servers (RADIUS, Diameter servers) –VPN gateways Configuration –On the clients –Per-client configuration on the servers (keys, authorization parameters, etc.) –Configuration to join the AAA web-of trust

10 Impact Increased popularity of IPsec and TLS –AAA requires confidential information exchange –VPN –Anonymizer.com Strengthening internal network is a MUST –Unless you are 100% sure that wireless access is secure –Partitioning, IDS, enforcing strict policy execution (social aspects)

11 But Still …. You are vulnerable to attacks! Price of going wireless

12 Mobility Management Host at home (fixed Internet). Home Network Visited Network Web server host a::1 AP Access Router Access Router Access Router Access Router a::/64 AP

13 Mobility Management You move, you break! Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router host b::1 b::/64

14 Mobile IP IETF Mobile IP Working Group – Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64 a::1  b::1 home address care-of address

15 Mobile IP Traffic tunneled through home network Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64

16 Mobile IP End-to-end signaling for route optimization Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64 a::1  b::1 home address care-of address

17 Mobile IP Most direct path for data traffic. Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64

18 … Fast and Smooth Problem: Signaling latency. Home Network Visited Network Web server host c::1 AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 a::1  c::1 new care-of address

19 … Fast and Smooth Fast Handovers –draft-ietf-mobileip-fast-mipv6-06.txt IETF Seamoby Working Group – Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::1  c::1 host c::1 old care-of address new care-of address

20 … Fast and Smooth Context transferred and routes fixed. Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 host c::1

21 … Privacy Hide precise location and movement. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 cafeteria CEO’s office employee office

22 … Privacy Obtain an IP address from the localized mobility agent. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 Localized Mobility Agent e::1  d::1 e::/64 a::1  e::1 regional care-of address local care-of address home address

23 … Privacy Correspondent sends packets directly to the agent. Agent tunnels them to the precise location. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 Localized Mobility Agent

24 … Privacy Correspondent does not know the real IP destination, or when it changes. Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::/64 Localized Mobility Agent host b::1

25 … AAA Mobility management is a for-profit “service” Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::/64 Localized Mobility Agent host b::1 Home AAA ISP AAA

26 … Network is Mobile IETF NEMO Working Group – Visited Network Access Router Access Router Access Router Base Station Base Station Base Station

27 Impact on Intranet More stateful servers –Home agents, access routers (for context transfer and fast handovers), localized mobility agents –Mobile IP bindings, tunnels, host-routes –Redundancy and fault-tolerance are MUST! More configuration –Per client on the servers –Trust relations among communicating servers

28 Impact on Internet/Intranet Tunnels –Several levels of nesting Web server Home Agent Localized Mobility Agent Previous Access Router host Current Access Router Fast Handovers Localized Mobility Management Mobile IP Home Address (Regional) Care-of Address (Older local) Care-of Address (Current local) Care-of Address

29 Impact on Internet Address consumption –Always-on hosts –Purpose-specific address usage (home address, care-of address) –Multihomed devices (GPRS, IEEE b, Bluetooth) –Sensor networks

30 Impact on Internet Suboptimal routing, redirect servers host A host B Home Agent A Home Agent B

31 Host Assumptions Can be anything: Dynamic auto-configuration needed: –IPv6 address auto-configuration (RFC 2462) –IPv6 prefix delegation (draft-troan-dhcpv6-opt-prefix- delegation-02.txt) –Service discovery (IPv6 anycast address support)

32 IPv6 IPv6 benefits: –Ability to run server apps on devices (accept incoming connections) –Plug-and-play –End-to-end IPsec for thwarting first-hop and last-hop threats –Mobile IPv6 : Efficient, easy to deploy and manage, and scalable mobility protocol –Extensibility Mobile and wireless Internet will expedite the transition from IPv4-NAT to IPv6

33 Conclusion Wireless and mobility provide tremendous benefits, but they come with a price. Transitioning the Internet protocols, architectures, products, and running networks should be done very carefully.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.