MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

MIPv6Security: Basic Address Stealing MN CN BU Original Data Flow MN sends a BU to the CN with the HoA address IP MN and a COA IP COA. The CN will create a Binding Cache Entry (BCE) as. The data will flow directly from the CN To the MN.

MIPv6Security: Basic Address Stealing-no ingress (continue) MN CN Original Data Flow Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to. The data will flow will be diverted into The victim node. Attacker Victim BU New Data Flow

Ingress Filter MIPv6Security: Basic Address Stealing-with ingress (continue) MN CN Original Data Flow Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is The Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to. The data will flow will be diverted into The victim node. Attacker Victim BU New Data Flow

MIPv6Security: Basic Address Stealing (continue) The Binding Update Authorization Mechanism is designed to prevent this threat, and to limit the location of the attacker in the path between a Correspondent Node and the Home Agent.

MIPv6Security: Address Stealing Of Stationary Node (continue) MN CN Original Data Flow Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to. The data will flow will be diverted into The HTTP Server. Attacker Victim-HTTP Server BU New Data Flow Initiate Data Flow

Ingress Filter MIPv6Security: Address Stealing Of Stationary Node-with ingress (continue) MN CN Original Data Flow Denial Of Service Attack : Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to. The data will flow will be diverted into the HTTP Server. Attacker Victim-HTTP Server BU New Data Flow

Address Stealing of a stationary node is more easier than address stealing of a node which is always configuring its IP address. So, it is not the MN which is vulnerable to address stealing attacks, it is the well known static server. The security design must make reasonable measure to prevent the creation of fraudulent binding cache entries In the first place MIPv6Security: Static Nodes vs Mobile Nodes

Attacker is obtaining a dynamic home IP address. The attacker can figure out the address which will be used as a home IP address by certain MN. Attacker will create Binding Cache Entry in a CN with a vectim IP address as a CoA. The attacker releases the home IP address, and the target node obtains the same address. If the BCE lifetime is very long, then the attacker will launch a future Denial Of Service or Man In the Middle Attack. MIPv6Security: Future Address Stealing

MIPv6Security: Future Address Stealing (continue) MN CN Initiate Data Flow Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to. The MN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node. Attacker Victim BU New Data Flow 1 2 3

MIPv6Security: Future Address Stealing (continue) MN CN Initiate Data Flow Attacker Victim BU New Data Flow Ingress Filter Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to. The MN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node.

MIPv6Security: Future Address Stealing (continue) To limit this type of attack the lifetime Of BCE entries is limited to few minutes.

MIPv6Security: Attacks against Secrecy and Integrity MN CN Original Data Flow Man In the Middle Attack: Attacker pretends that he is a MN. Send a BU to the CN. The source IP address for the BU is the attacker IP address. The CN will modify the Binding Cache Entry (BCE) to. The data will flow will be diverted into The attacker node. Attacker BU New Data Flow Solution: IPsec-E2E encryption/decryption

MIPv6Security: Attacks against Secrecy and Integrity (continue) Encryption will limit this type of attacks. In MIPv6 security design adopt the mechanism to authenticate the HoA & CoA periodically by RR (Round Routability). The mechanism make sure that the HoA & CoA belong to the same node.

MIPv6Security: Replaying and Blocking Binding Update The attacker capture the BU packet and impersonate the mobile node. The attacker reserves the MN’s previous address after the MN’s has Moved away and then replayed the previous BU to redirect packets Back to the previous location. MNCN Attacker BU Copy BU MNCN Attacker BU jammingBU Data Capturing MNCN Attacker BU jamming Denial Of Service Attack BU Victim (CoA)

MIPv6Security: Replaying and Blocking Binding Update (continue) Limiting the replay attack effect by: Limiting the lifetime of the BCE entry. Using nonce.

MIPv6Security: Basic Flooding CN Original Data Flow Attacker pretend that he is a MN on a foreign sub-network. Attacker subscribe video stream with CN. Attacker redirect the video Stream to Victim. Attacker BU Victim

MIPv6Security: Basic Flooding In MIPv6 security design adopt the mechanism to check if there is a node at the new Care-of address and indeed the node is the one that requested redirecting packets to that Care-of address.

MIPv6Security: Return- to-Home Flooding CN Original Data Flow Attacker BU Home Sub-network Attacker pretend that he is a MN on a foreign sub-network. Attacker subscribe video stream with CN. Attacker send BU cancellation into CN or leave the BCE to expires. The data flow will be diverted into home network. New Data Flow

MIPv6Security: Return-to-home Flooding It is difficult to protect completely against this attach. Some degree of protection is provided by Return routability.

MIPv6Security: Inducing Unnecessary Binding Update HA Attacker Attacker pretend that he is a large number of CNs and send packets through HA. MN will start unnecessary BU procedures with CNs. MN resource will be wasted. MN Victim n Victim 1 Binding Update Procedure

MIPv6Security: Inducing Unnecessary Binding Update HA Attacker Attacker pretend that he is the Victim CN and send packets to many MNs. MNs will start a BU procedure with the CN, wasting the CN resources. MN 1 Victim Binding Update Procedure MN n

MIPv6Security: Inducing Unnecessary Binding Update This type of DoS attack can be protected against by: Limiting the resource used for BU. Once the resources are expired, no more should be used. Define security policy at the MN to which IP addresses should initiate BU procedure. Define a security policy at the CN to which MNs it is allowed to communicate with.

MIPv6Security: Reflection & Amplification Attacker uses the Home Address Option to hide the source of the traffic. Attacker include HOA with the packets sent to some other nodes, tricking them to send the same number or more packets to the target. victim Attacker reflector TCP SYN with HOATCP SYN-ACK to HOA

MIPv6Security: Reflection & Amplification This type of DoS attack can be avoided by ensuring that the CN does reply only to the same address from which it receives the packet.

MIPv6Security: Round Routability It is basically checking if there is a node is able to respond to packets send to the given address. The mechanism doesn’t work: If routing infrastructure is compromised. If there is an attack between the verifier and the address to be verified.

MIPv6Security: Reflection & Amplification Attacker uses the Home Address Option to hide the source of the traffic. Attacker include HOA with the packets sent to some other nodes, tricking them to send the same number or more packets to the target. MNHA CN 1) HoTI 2) HoT 1) HoTI2) HoT 3) CoTI 4) CoT 5) BU

MIPv6Security: Goals Of Round Routability Avoidance Of reflection: CN reply to the source of the message only. Avoidance Of Amplification: CN reply with only one packet of similar size of the received packet. Avoidance Of state Exhaustion: The RR messages doesn’t create any state. The state will be created when the first Binding Update is received.

MIPv6Security: Home Address Check It allows the CN to make sure that the received BU is created by the node that has seen the home test packet. MN sends HoTI to the CN; the CN will respond back by HoT. The HoT contains a cryptographic generated token created as follows home keygen token = hash(Kcn | home address| nonce|0); Kcn is a secret key known only to the CN. The assumption is that the path between the CN and HA is more secure than the wireless path between the MN and HA. Accordingly, the HoTI and HoT are traveled encrypted from MN to HA, while it is on the clear from CN and HA.

MIPv6Security: Care-of Address Check It allows the CN to make sure that the received BU is created by the node that has seen the Care-of test packet. MN sends CoTI to the CN; the CN will respond back by CoT. The CoT contains a cryptographic generated token created as follows Care-of keygen token = hash(Kcn | Care-of address| nonce|1); Kcn is a secret key known only to the CN. The test messages traverse path between the MN and CN which is not protected. It is vulnerable to eavesdroppers near the CN or on the path between the CN and MN.

MIPv6Security: First BU from MN MN will create Kbm as follows: Kbm = SHA1(home keygen token| Care-of keygen token). BU contains the following information. 1.Source address = Care-of address, the same as the source if CoTI 2.Destination Address = CN node IP address. 3.Home address, the same as the source of HoTI 4.Sequence number. 5.Home and Care-of nonce indices. 6.First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU))

MIPv6Security: First BU Authentication From the home and Care-of nonce indeces, the home keygen token and the Care-of keygen token will be regenerated: home keygen token = hash(Kcn | home address| nonce|0). Care-of keygen token = hash(Kcn | Care-of address| nonce|1). The Kbm will be regenerated as follows: Kbm = SHA1(home keygen token| Care-of keygen token). The authenticator will be regenerated as follows: Authenticator = First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU) The generated authenticator from the previous step will be compared with the authenticator in the BU.

MIPv6Security: Time Shifting Attacks Lifetime of the BCE allows for the time shifting attack. If the attacker is able to create false BCE, he will continue his attack until the BCE lifetime expires. Or, The attacker will be able to delay the return-to-home flooding until the BCE entry expires. The lifetime is very restricted in the current design, consequently the time shift attack will be restricted too.

MIPv6Security: Pretending to be your neighbor Attacker uses its real home address, but the address of its neighbor as a Care-of address to perform RR procedure. The attacker will eavesdrop the care-of Test as it appears on the local link. The attacker will divert the traffic into neighboring node, resulting in an flooding attack. This attack is not very serious because: It is only possible against neighbors on local link. Similar attack can be worked out with Neighbor Discovery spoofing

References Mobile IP version 6 Route Optimization Security Design Background. Draft-nikander-mobileip-v6-ro-sec-01