Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216) 433-3494

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IP in Wireless Cellular Systems from several perspectives Charles E. Perkins Nokia Research Center.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Giảng viên : Ts. Lê Anh Ngọc Học viên: Trịnh Hồng Điệp Nguyễn Minh H ư ớng 1.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
1 Mobile IP Myungchul Kim Tel:
COM555: Mobile Technologies Location-Identifier Separation.
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 Securing Mobile Networks An Enabling Technology for National and International Security and Beyond.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
1 Multi-Domained, Multi-Homed Mobile Networks Mobile Platform Internet (MPI) mailing.
Mobile IP.
COS 461: Computer Networks
NEtwork MObility By: Kristin Belanger. Contents Introduction Introduction Mobile Devices Mobile Devices Objectives Objectives Security Security Solution.
Neah Bay Presentation. Introduction Western DataCom has been in business for 20+ years providing data communications security solutions to the US Government,
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Mobile IP Seamless connectivity for mobile computers.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Copyright © 2006, Dr. Carlos Cordeiro and Prof. Dharma P. Agrawal, All rights reserved. 1 Carlos Cordeiro Philips Research North America Briarcliff Manor,
Mobile IP, PMIP, FMC, and a little bit more
1 Mobile Networking As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will.
Mobile IP Most of the slides borrowed from Prof. Sridhar Iyer
IPv6 for Mobile and Wireless Internet Alper E. Yegin DoCoMo USA Labs IPv6 Forum Technical Directorate Member, IETF PANA Working Group Chairman.
1 Mobile Networking Including Application to Aeronautical Internets ICNS Conference May 20, 2003 Will Ivancic –
Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.
MOBILE IP GROUP NAME: CLUSTER SEMINAR PRESENTED BY : SEMINAR PRESENTED BY : SANTOSH THOMAS SANTOSH THOMAS STUDENT NO: STUDENT NO:
1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
1 Mobile-IP Priority Home Agents for Aerospace and Military Applications Terry Bell, Will Ivancic, Dave Stewart, Dan Shell and Phil Paulsen.
Page 1 Unclassified _NB_Next Steps.ppt Phillip E. Paulsen Space Communications Office NASA Glenn Research Center (GRC) Cleveland, Ohio 6 November.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
1 Securing Mobile and Wireless Networks Is It Possible?
Introduction to Mobile IPv6
MOBILITY Beyond Third Generation Cellular Feb
1 Securing Mobile Networks in an Operational Setting Will Ivancic (216)
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
1 © 1999, Cisco Systems, Inc. Mobile Router Technology Development Dan Shell - Cisco Will Ivancic - NASA Glenn.
1. Mobile Router Networks in Motion (tm) 2. Mobile Router Features Uses Internet standards-bases Mobile-IP technology - RFC 2002 Mobile Router allows.
T Special Course in Data Communication Software Mobility in the Internet Prof. Sasu Tarkoma.
HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division IEEE Aerospace Conference March Architecture.
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division I-CNS Workshop April/May, Securing Mobile and.
1 Mobile Router Technology Development David Stewart, Will Ivancic, Dan Shell, Kent Leung, Brian Kachmar and Terry Bell.
: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.
COM594: Mobile Technologies Location-Identifier Separation.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.
Introduction Wireless devices offering IP connectivity
Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks
Multi-Domained, Multi-Homed Mobile Networks
Support for Flow bindings in MIPv6 and NEMO
Mobility And IP Addressing
Network Virtualization
Mobile ad hoc networking: imperatives and challenges
Securing Mobile Networks
Unit 3 Mobile IP Network Layer
Mobile Router Technology Development
Practical Considerations for Securely Deploying Mobility
Mobility Support in Wireless LAN
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Lecture 4a Mobile IP 1.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)

2 Network Design Triangle PolicyArchitectureSecurityProtocolsMobilityScalabilityMaturityBandwidthQoS$$$ Cost $$$ © 2004 Syzygy Engineering – Will Ivancic 5 SYZYGY Engineering

3 Design Issues Host and/or Network Mobility Security Policy –Corporate and/or Individual Scalability Handoff Speed Intranet or Internet –Own and/or Shared Infrastructure May be an issue even within you own Organization –Crossing Autonomous Systems Multi-Homing –Multiple Radio Links –Varying Multi-homed link characteristics (e.g WiFi, Satellite, GPRS, Low-Rate VHF)

4 Mobile Networking Solutions Routing Protocols – Route Optimization –  Convergence Time –  Sharing Infrastructure – who owns the network? Mobile-IP –  Route Optimization – Convergence Time – Sharing Infrastructure – Security – Relatively Easy to Secure Domain Name Servers – Route Optimization –  Convergence Time –  Reliability

5 Mobility at What Layer? Layer-2 (Radio Link) –Fast and Efficient –Proven Technology within the same infrastructure Cellular Technology Handoffs WiFi handoffs Layer-3 (Network Layer) –Slower Handover between varying networks –Layer-3 IP address provides identity –Security Issues Need to maintain address Layer-4 (Transport Layer) –Research Area –Identity not tied to layer-3 IP address –Proposed Solutions HIP – Host Identity Protocol SCTP – Stream Control Transport Protocol © 2004 Syzygy Engineering – Will Ivancic SYZYGY Engineering

6 Location Identifier Internet Alice (Mobile Node) Headquarters (Location Manager) HQ Keeps Track of Alice. Bob (Corresponding Node) Where is Alice’s Location Manager? I am in Cleveland, Ohio Hello Alice Hello Bob, I am in Cleveland, Ohio What is the Weather like in Cleveland? © 2004 Syzygy Engineering – Will Ivancic SYZYGY Engineering Alice (Mobile Node) I am in Paris France Registration Binding Updates

7 Public Internet FA MR US Coast Guard Mobile Network HA US Coast Guard Operational Network (Private Address Space) CN IPv4 “Real World” Operation PROXyPROXy Proxy had not originated the request; therefore, the response is squelched. Peer-to-peer networking becomes problematic at best. Glenn Research Center Policy: No UDP, No IPSec, etc… Mobile-IP stopped in its tracks. What’s your policy? Ingress or Egress Filtering stops Transmission due to topologically Incorrect source address. IPv6 Corrects this problem. USCG Requires 3DES encryption. WEP is not acceptable due to known deficiencies.

8 Public Internet FA MR US Coast Guard Mobile Network HA US Coast Guard Operational Network (Private Address Space) CN Current Solution – Reverse Tunneling PROXyPROXy Anticipate similar problems for IPv6. Adds Overhead and kills route optimization. NAT Must Run NAT Transversal Using UDP Tunnels

9 Public Internet FA MR US Coast Guard Canadian Coast Guard ACME Shipping HA ACME SHIPPING MRMR US Navy Shared Network Infrastructure Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue.

Mobile Network Access Router Home Agent Corresponding Node Internet or Intranet Basic Mobile Network Support for IPv6 x Link UP Mobile Network Nodes Binding Update Bidirectional Tunnel Note, Mobile Network allows for single Binding Update. Other Mobility Solutions may Oversubscribe link during Binding updates.

Mobile Security The Next (Current) Research / Deployment Area

12 Mobile Router IPE-2M Foreign Agent IPE-2M Roaming Interface Behind Router – Strategic Home Agent HA-MR Tunnel Mobile Network HA-FA Tunnel IPE-IPE Secure Tunnel Home Network Internet Source – Western DataCom Address can Be Fixed Address Changes with Mobility SYZYGY Engineering

13 IPE-2M Foreign Agent IPE-2M Mobile Router Roaming Interface In-Front of Router – Tactical Home Agent HA-MR Tunnel Mobile Network HA-FA Tunnel IPE-IPE Secure Tunnel Home Network Secure WAN Internet Source – Western DataCom Address Changes with Mobility SYZYGY Engineering

14 Mobile IPSec Device Mobile IPSec ? Secure Tunnel Internet Intranet Address Changes with Mobility Mobile IPSec Device Intranet SYZYGY Engineering © 2004 Syzygy Engineering – Will Ivancic Partially Being Addressed MOBIKE HIP Certificate Based Identity? Others?

15 IPv6 Ad Hoc Networking Challenges Denial of Service –Duplicate Address Detection (DAD) DoS, Uncooperative Router, etc… –Neighbor Discovery trust and threats Network Discovery –Reachback, DNS, Key Manager Security –IPSec / HAIPES tunnel end-points –Security Policies in a dynamic environment –Is layer-2 encryption sufficient security? –Insecure routing Attackers may inject erroneous routing information to divert network traffic, or make routing inefficient Key Management –Lack of key distribution mechanism –Hard to guarantee access to any particular node (e.g. obtain a secret key) © 2004 Syzygy Engineering – Will Ivancic SYZYGY Engineering

16 IPv6 Ad Hoc Networking Challenges Duplicate Address Discovery –Not suitable for multi-hop ad hoc networks that have dynamic network topology –Need to address situation where two MANET partitions merge Radio Technology –Layer-2 media access often incompatible with layer-3 MANET routing protocol Battery exhaustion threat –A malicious node may interact with a mobile node very often trying to drain the mobile node’s battery Testing of Applications Integrating MANET into the Internet © 2004 Syzygy Engineering – Will Ivancic SYZYGY Engineering

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.