Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea.

Published byCaroline Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea."— Presentation transcript:

1 Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea

2 1 Internet - Yesterday Internet DSL Home Network Dial up Home user T1 Enterprise Network

3 2 Internet - Today and Tomorrow Internet DSL Home Network DSL Home Network Mobile Network GPRS Dial up Home user W-CDMA T1 Enterprise Network Operator Network Community Network PAN

4 3 Challenge Users expect the same characteristics (greedy!) –Secure –Reliable –Seamless –High performance Burden is on: –Standards bodies (IETF, IEEE, 3GPP, 3GPP2, etc.) –Vendors –Operators

5 4 Security First things first! Physical security is replaced with crypto- based security –Threats: Eavesdropping, spoofing –Not a full replacement! Crypto designs and experts get a good exercise!

6 5 Solutions Good solutions: –3GPP, 3GPP2 Bad solutions –IEEE WEP fiasco! Practical but less than adequate solutions: –WECA WISPer: HTTP redirect and web-based login hackery Practical and reasonable solutions: –IEEE 802.11b access outside VPN gateway

7 6 The Right Solution Authenticate, authorize the client Accounting and privacy Home Network Visited Network host AP Access Router Home AAA ISP AAA PANA, 802.1X Diameter, RADIUS

8 7 The Right Solution IETF AAA, EAP, and PANA Working Groups IEEE 802.11i, 802.1aa Home Network Visited Network host AP Access Router Home AAA ISP AAA PANA, 802.1X Diameter, RADIUS

9 8 Global AAA AAA web of trust is here (unlike global PKI) and more capable. Home Network Visited Network AAA server AAA server Visited Network AAA server Home Network AAA server AAA broker AAA broker

10 9 Impact Security is never plug-and-play (plug-and-get- hacked!) Additional infrastructure –Front-end AAA servers (NAS) –Backend AAA servers (RADIUS, Diameter servers) –VPN gateways Configuration –On the clients –Per-client configuration on the servers (keys, authorization parameters, etc.) –Configuration to join the AAA web-of trust

11 10 Impact Increased popularity of IPsec and TLS –AAA requires confidential information exchange –VPN –Anonymizer.com Strengthening internal network is a MUST –Unless you are 100% sure that wireless access is secure –Partitioning, IDS, enforcing strict policy execution (social aspects)

12 11 But Still …. You are vulnerable to attacks! Price of going wireless

13 12 Mobility Management Host at home (fixed Internet). Home Network Visited Network Web server host a::1 AP Access Router Access Router Access Router Access Router a::/64 AP

14 13 Mobility Management You move, you break! Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router host b::1 b::/64

15 14 Mobile IP IETF Mobile IP Working Group –www.ietf.org/html.charters/mobileip-charter.html Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64 a::1  b::1 home address care-of address

16 15 Mobile IP Traffic tunneled through home network Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64

17 16 Mobile IP End-to-end signaling for route optimization Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64 a::1  b::1 home address care-of address

18 17 Mobile IP Most direct path for data traffic. Home Network Visited Network Web server host b::1 AP Access Router Access Router Access Router Access Router Home Agent APb::/64

19 18 … Fast and Smooth Problem: Signaling latency. Home Network Visited Network Web server host c::1 AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 a::1  c::1 new care-of address

20 19 … Fast and Smooth Fast Handovers –draft-ietf-mobileip-fast-mipv6-06.txt IETF Seamoby Working Group –www.ietf.org/html.charters/seamoby-charter.html Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::1  c::1 host c::1 old care-of address new care-of address

21 20 … Fast and Smooth Context transferred and routes fixed. Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 host c::1

22 21 … Privacy Hide precise location and movement. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 cafeteria CEO’s office employee office

23 22 … Privacy Obtain an IP address from the localized mobility agent. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 Localized Mobility Agent e::1  d::1 e::/64 a::1  e::1 regional care-of address local care-of address home address

24 23 … Privacy Correspondent sends packets directly to the agent. Agent tunnels them to the precise location. Home Network Visited Network Web server host d::1 AP Access Router Access Router Access Router Access Router Home Agent AP d::/64 c::/64 b::/64 Localized Mobility Agent

25 24 … Privacy Correspondent does not know the real IP destination, or when it changes. Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::/64 Localized Mobility Agent host b::1

26 25 … AAA Mobility management is a for-profit “service” Home Network Visited Network Web server AP Access Router Access Router Access Router Access Router Home Agent AP c::/64 b::/64 Localized Mobility Agent host b::1 Home AAA ISP AAA

27 26 … Network is Mobile IETF NEMO Working Group –www.ietf.org/html.charters/nemo-charter.html Visited Network Access Router Access Router Access Router Base Station Base Station Base Station

28 27 Impact on Intranet More stateful servers –Home agents, access routers (for context transfer and fast handovers), localized mobility agents –Mobile IP bindings, tunnels, host-routes –Redundancy and fault-tolerance are MUST! More configuration –Per client on the servers –Trust relations among communicating servers

29 28 Impact on Internet/Intranet Tunnels –Several levels of nesting Web server Home Agent Localized Mobility Agent Previous Access Router host Current Access Router Fast Handovers Localized Mobility Management Mobile IP Home Address (Regional) Care-of Address (Older local) Care-of Address (Current local) Care-of Address

30 29 Impact on Internet Address consumption –Always-on hosts –Purpose-specific address usage (home address, care-of address) –Multihomed devices (GPRS, IEEE 802.11b, Bluetooth) –Sensor networks

31 30 Impact on Internet Suboptimal routing, redirect servers host A host B Home Agent A Home Agent B

32 31 Host Assumptions Can be anything: Dynamic auto-configuration needed: –IPv6 address auto-configuration (RFC 2462) –IPv6 prefix delegation (draft-troan-dhcpv6-opt-prefix- delegation-02.txt) –Service discovery (IPv6 anycast address support)

33 32 IPv6 IPv6 benefits: –Ability to run server apps on devices (accept incoming connections) –Plug-and-play –End-to-end IPsec for thwarting first-hop and last-hop threats –Mobile IPv6 : Efficient, easy to deploy and manage, and scalable mobility protocol –Extensibility Mobile and wireless Internet will expedite the transition from IPv4-NAT to IPv6 www.isoc.org/briefings/014/index.html

34 33 Conclusion Wireless and mobility provide tremendous benefits, but they come with a price. Transitioning the Internet protocols, architectures, products, and running networks should be done very carefully.

35 Questions?

Download ppt "Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea."

Similar presentations

MONET Problem Scope and Requirements draft-kniveton-monet-requirements-00 T.J. Kniveton Alper Yegin IETF 53 21 March 2002.

MONET Problem Scope and Requirements draft-kniveton-monet-requirements-00 T.J. Kniveton Alper Yegin IETF March 2002.
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.

UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Inter-Subnet Mobile IP Handoffs in 802.11b Wireless LANs Albert Hasson.

Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG

Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google