Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Spring Introduction The most fundamental is the way the Internet Protocol, the protocol that connects the networks of today's Internet, routes packets to their destinations according to IP addresses. These addresses are associated with a fixed network location much as a nonmobile phone number is associated with a physical jack in a wall. When the packet's destination is a mobile node, this means that each new point of attachment made by the node is associated with a new network number and, hence, a new IP address, making transparent mobility impossible
Spring Background Problems in legacy of IP routing can’t route if hosts migrate Loose of TCP connection if IP address is changed Move between different networks without changing host IP address Need of new IP protocol IP Mobility Support for IPv4 (RFC3344) Requirements of a Quality of Service (QoS) Solution for Mobile IP (RFC3583) Mobile IP Security
Spring 2004 Mobile IPv4
Spring IETF Base Mobile IP(1) allows IP hosts to move between different networks without changing their IP addresses IP Mobility Transport layer session RFC3344 uses two IP address Home address COA(Care-of address)
Spring Two IP Addresses Mobile IP has been designed to solve this problem by allowing the mobile node to use two IP addresses. In Mobile IP, the home address is static and is used, for instance, to identify TCP connections. The care-of address changes at each new point of attachment and can be thought of as the mobile node's topologically significant address.
Spring Entities Mobile Node(MN) A host or router that changes its point of attachment from one network or subnetwork to another. Home Agent(HA) A router on a mobile node's home network tunnels datagrams for delivery to the mobile node when it is away from home maintains current location information for the mobile node. Foreign Agent(FA) A router on a mobile node's visited network provides routing services to the mobile node while registered detunnels and delivers datagrams to the mobile node
Spring Terminology (1) Home Address An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet. Care-of Address(COA) The termination point of a tunnel toward a mobile node “foreign agent care-of address" an address of a foreign agent with which the mobile node is registered, “co-located care-of address” an externally obtained local address (such as DHCP) Applications use home address, and lower layer software uses the care-of address to receive the datagram itself Correspondent Node(CN) A peer with which a mobile node is communicating.
Spring Terminology (2) Home Network (HN) A network having a network prefix matching that of a mobile node's home address. Foreign Network (FN) Any network other than the mobile node's Home Network Agent Advertisement An advertisement message constructed by attaching a special extension to a router advertisement message. Visitor List The list of mobile nodes visiting a foreign agent
Spring Agent Discovery 2.Registering the Care-of address 3.Tunneling to the Care-of address Mobile IP Operation
Spring Agent Advertisements Use Router Advertisement, specified in RFC 1256 Simply extend Router Advertisement to associate mobility functions Carry information about default routers and COA HA, FA typically broadcast Agent Advertisement message at regular interval MN can know whether the agent is a HA or a FA, therefore, whether it is on its HN or a FN. MN gets a COA while it is away from HN. Agent Discovery
Spring Once a MN has a COA, MN sends registration request with the COA information to HA HA receives request, it adds the necessary information to its routing table, approves the request and sends a registration reply. Mobile IP Registration Process Registering the COA (1)
Spring Registration procedure 1.Agent advertisement message 2.Registration request 3.Registration request message relay 4.Registration reply 5.Registration reply message relay Registering the COA (2)
Spring Tunneling to the Care-of address (1) Data Transmission of Mobile IP
Spring Tunneling to the Care-of address (2)
Spring A Security in Mobile IP Registration Protocol (1) Current base Mobile IP protocol Relies on the use of secret key with manual key distribution The problem while using of secret key Scalability problem in key management and will become a major hindrance for wide scale deployment Replay attack illegitimate MN or HA Denial of service illegitimate FA
Spring A Security in Mobile IP Registration Protocol (2) Reply, Result HA MN FA Request Reply, Result HA MN FA Request Reply, Result HA MN FA Request Normal Mobile IP Registration Protocol Replay AttackDenial of Service : normal entity: Attacker
Spring A Security in Mobile IP Registration Protocol(3) Replay attack processing 1.The attacker obtains a valid request message and its corresponding reply 2.Some time later, the attacker spoofs HA and replays recorded request to FA 3.The attacker spoofs MN and sends the corresponding reply to FA The result of this attack is that FA still believes that the registration is indeed a valid The attacker’s bogus MN can get a connection through FA and enjoy resources on foreign network for free
Spring A Security in Mobile IP Registration Protocol (4) Prevent replay attack on registration Uses timestamp MN and HA includes its estimated current time of the day in the request and reply There is problem that synchronize between MN and HA Uses nonce MN includes a new pseudo-random number as nonce in every request to HA and requires HA to return this same nonce in its reply
Spring A Security in Mobile IP Registration Protocol(5) Public Key Based Authentication Jacobs proposed, in 1998 Use of public key cryptography Provide scalability and non-repudiation Drawbacks of Jacobs’ proposal MN is normally limited in its computing power Low bandwidth to get the current CRL(Certificate Revocation List) MN requires additional hardware or software that might add the complexity of its system
Spring A Security in Mobile IP Registration Protocol (6) An alternative one of Jacobs’ proposal Using a hybrid cryptography Use of secret key cryptography at MN Use of public key cryptography at HA and FA Each entities generate its certificate to authentication of each others Need of construction of M-PKI(Mobile Public Key Infrastructure)
Spring Performance Problems in Mobile IP Performance Problems in Mobile IP Mobile IP’s tunneling scheme creates a triangle routing Mobile IP route optimization Overhead Use VHA (regional agent) Hierarchical Local Registration Mobile IP (HLRM-IP) Data latency of Mobile IP Triangle Routing
Spring 2004 Mobile IP Route Optimization
Spring Mobile IP route Optimization (1) CN has a binding cache which is used to hold the binding for MN CN can deliver packet directly to the MN without any assistance from the HA
Spring Mobile IP route Optimization (2) Binding update message
Spring Current Issues for Mobile IPv4 Low latency Handoffs in Mobile IPv4 draft-ietf-mobileip-lowlatency-handoffs-v4-08.txt Security Issues Mobile IPv4 Traversal Across IPsec-based VPN Gateways : draft-ietf-mobileip-vpn-problem-solution-03 Mobile IPv4 Extension for carrying Network Access Identifiers : draft-ietf-mip4-aaa-nai-02.txt AAA Registration Keys for Mobile IPv4 : draft-ietf- mip4-aaa-key-03.txt Mobile IPv4 Dynamic Home Agent Assignment draft-ietf-mip4-dynamic-assignment-00.txt
Spring 2004 Mobile IP using VHA
Spring Mobile IP Using VHA (1) Providing Virtual Home Agent(VHA) to reduce Overhead and Latency Clustering several networks into an administrative domain and placing VHA
Spring Mobile IP Using VHA (2) The configuration of VHAs
Spring MN detects the change of attachment point through the Agent Advertisement message broadcast periodically from the FA appends a Domain registration extension to the Agent Advertisement message to declare the router information (FA) and identify the domain (VHA) MN checks the extension to determine whether or not the movement is a handoff within domain Mobile IP Using VHA (3)
Spring Registration Process using VHA Mobile IP Using VHA (4)
Spring Local Handoff Mobile IP Using VHA (5)