Authentication In Mobile Internet Protocol version 6

Liu Ping

Supervisor: professor Jorma Jormakka

1.1. IntroductionIntroduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership

problem5. Present solution6. Conclusion

1.1. IntroductionIntroduction2. Mobility support3. Security mechanisms

and threats analysis4. Address ownership

problem5. Solution6. Conclusion

• MotivationMotivation1. Mobile device and Ebusiness 2. Current solutions are fairly completed to be

implemented

• Related workRelated work1. Strong authentication: PKI 2. Weak authentication: CGA, CAM and RR

• Our solutionOur solution Based on asymmetric and symmetric

encryption algorithm to distribute an ID and a session key

• CGA: Cryptographically Generated Address

• CAM: Child-proof Authentication for MIPv6

• RR: Return Routability

1. Introduction2. 2. Mobility supportMobility support3. Security mechanisms

and threats analysis4. Address ownership

problem5. Solution6. Conclusion

• MN: Mobile Node, it is MIPv6Mobile Node, it is MIPv6• CN: Correspondent Node is Correspondent Node is

communicating node with a MN, it is communicating node with a MN, it is either stationary node or mobile nodeeither stationary node or mobile node

• HA: Home Agent, a router is on a MN’s Home Agent, a router is on a MN’s home link. It registers all necessary home link. It registers all necessary information for a MN, i.g. CoA, HoAinformation for a MN, i.g. CoA, HoA

• CoA: A MN’s Care-of Address, which is A MN’s Care-of Address, which is temporary and a foreign link assigns to temporary and a foreign link assigns to the MN on the foreign linkthe MN on the foreign link

• HoA: A MN’s permanent IPv6 address A MN’s permanent IPv6 address on its home linkon its home link

Bidirectional tunneling

HA

MN

CN

Route Optimization

MN CN

• Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link

• CN saves the MN’s CoA into its BUC-binding update cache

• CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA

• Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities

BU processBU process

1.1. HoA: a MN’s HoA cannot be abusedHoA: a MN’s HoA cannot be abused2.2. CoA: CN’s BUC must save correct CoA: CN’s BUC must save correct

MN’s CoAMN’s CoA

Source IP

Destination IP

HoA optionHoA option

……(CoA)

HoAHoA

CoA

……

BU message’s headerBU message’s header CN’s BU entryCN’s BU entry

1. Introduction2. Mobility support3. 3. Security mechanisms Security mechanisms

and threats analysisand threats analysis4. Address ownership

problem5. Solution6. Conclusion

Security Mechanisms

• Authorization and trust

• Authentication

• Integrity

• Confidentiality

• Anti-replay

• Authorization and trust:Authorization and trust: A CN verifies whether a MN has right to create or update its BUC

• Authentication:Authentication: MN and CN can verify their identifies

• Integrity:Integrity: BU message cannot be modified by an unauthorized node

• Confidentiality:Confidentiality: CoA and HoA cannot be disclosed to malicious nodes

• Anti-replay:Anti-replay: An attacker delivers old, out-of date packet to CN by pretending to be a MN

MN CN

MN attacker

::20:10:10:10

BUBU

False BUFalse BU::30:10:10:10

BUC

HoA

CoA

::40:10:10:10

Source address: ::30:10:10:10

Destination address: ::CN’s IP address

Home address option: MN’s home address

Threats analysis

•Man-In-the-Middle attack

•Denial of Service attack

Man-In-the-Middle attack

A B

Attacker

Denial Of Service Attack

MN CN

Attacker

1. Introduction2. Mobility support3. Security mechanisms

and threats analysis4.4. Address ownership Address ownership

problemproblem5. Solution6. Conclusion

1. A MN’s HoA works as a searching key during BU process

2. A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN

1. Introduction2. Mobility support3. Security mechanisms

and threats analysis4. Address ownership

problem5. 5. SolutionSolution6. Conclusion

Solution Overview

• Using an ID shared only with a pair MN and CN as a searching key

• Apply RSA asymmetric to distribute an ID and a session key

• Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process

Authentication in MIPv6

Apply in MIPv6

Preparation Binding Update Verifying

Preparation Procedure

MN-----------------------------------CNPublic key

MN<---------------------------------CN[ID, session key] public

MN saves the ID and session key

MN generates public/private key

Binding update procedure

MN---------------------------------CN

CN decrypts CoA by session

CN verifies CoA and saves

[CoA] session & ID

IDID

Session keySession key

CoACoA

Public keyPublic key

……

CN’s BU entryCN’s BU entry

Verify procedure

• An attackerAn attackerIt is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.

Verify procedure

• An cheater: has a SA beforeAn cheater: has a SA before

ID ID ID or session keyID or session key

is not correct,is not correct,

Session key Session key CNCN drops packet.drops packet.

Compares CoA andCompares CoA and

CoA CoA source addresssource address

1. Introduction2. Mobility support3. Security mechanisms

and threats analysis4. Address ownership

problem5. Present solution6. 6. ConclusionConclusion

Summary• Solve address ownership Solve address ownership

problemproblem

• Prevent possible attacks Prevent possible attacks

• Implementation simpleImplementation simple

• Suitable any kinds of computer Suitable any kinds of computer and memory and memory

• It is difficult to recognize a It is difficult to recognize a cheatercheater

Future work

1. Combine software and 1. Combine software and hardwarehardware

2. Ciphertext error2. Ciphertext error

• Transmission processTransmission process

• Storage mediumStorage medium

• Recover plaintext from errorsRecover plaintext from errors

Thank youThank you