1

Security Issues In Mobile IP

Zhang Chao

Tsinghua University Electronic Engineering

2

OUTLINE

1.Introduction2.Typical threats 3. Mobile IPv6 and new

threats 4.Open issues

3

OUTLINE

1.Introduction2.Typical threats 3. Mobile IPv6 and new

threats 4.Open issues

4

What is Mobile IP?

Mobile IP is a protocol developed by IETF, aimed to solve the mobility problem of network node.

Mobile IP enables a wireless network node to move freely from one point of connection to the Internet to another, without disrupting the TCP end-to-end connectivity.

5

How Mobile IP works?

When an MN moves from home link to a foreign link, it acquires an IP address from the FA, namely CoA. It also keeps its own Home address.

Registration, MN tells HA its new CoA, . All the packets aimed to MN from CN will be sent

to MN’s HA with the original home address, and HA will forward them according to CoA of MN with tunneling.

6

OUTLINE

1.Introduction2.Typical threats 3. Mobile IPv6 and new

threats 4.Open issues

7

DoS attack When a bad guy send fake registration request

to HA, using its own address as CoA, 1.the attacker will receive all the packets belon

gs to MN 2.all the connection to the MN will fail

8

Solution to DoS

Mobile IP requires all the registration message between MN and HA should be under strict authentication.

“Keyed MD5” as the default authentication algorithm , symmetrical key algorithm .

MN and HA negotiate the same secret key before registration, and use it to produce a 16 bit message digest. The HA will check whether the digest received equals to the digest calculated by itself.

9

Replay Attack

Bad guy saves the old valid registration message of MN, and re-send it to HA.

Then the HA will forward packets to the old CoA, rather than the new allocated CoA of MN.

Solution： Identification Domain in registration messages– Time Stamp– Nonces

10

DoS attack from MN

A malicious MN could lie about its CoA and in this way mount a DoS attack against another node in the Internet.

The cheated HA will wrongly direct the traffic to the victim node.

However , such an attack is easy to traced since the MN must use its own Security Association information.

11

TCP-Syn Flooding

Bad guy uses fake IP addresses to send TCP-syn packets, occupies the resources of the systems that open TCP service.

TCP-Syn flooding cannot be totally solved unless the TCP protocol be re-designed.

Mobile IP usually uses Ingress Filtering to control the access to relieve the Flooding. However, it means that the assumption of Mobile IP “Routing is independent on Source Address ” fails.

– Some adaptations： Use care-of address as source address ( Mobile IPv6) Tunnel reverse

12

OUTLINE

1.Introduction2.Typical threats 3. Mobile IPv6 and new

threats 4.Open issues

13

Mobile IPv6

MN select CoA itself, no need for FA

Binding Update Binging Acknowledge Corresponding Node want to co

mmunicate with MN, request sent to HA then forward to MN

MN reply with the new CoA information

CN binding the CoA to HA MN can directly communicate

with CN, without a triangular routing.

MNHA AR

CN

Internet

14

Security of Mobile IPv6

Using extension header No FA The process that CN receive the Binding Update i

nformation is vital ： possible to be attacked Some generic security problems, but not specific f

or Mobile IPv6.

15

Threats against Mobile IPv6(1) If the attacker know the Home Address of the MN, it c

an send a fake Binding Update to CN, directing the connection to itself.

16

Threats against Mobile IPv6 (2) Attacker using BU message to direct flooding packets

to the victim node.

17

Threats against Mobile IPv6(3) When attacker is on the route between MN

and CN, it can modify the BU messages to mount inter-person attacks.

MN

Attacker

BU

CN

Others

18

Threats against Mobile IPv6(4)

Attacker sends millions of fake BU message to CN and HA, to occupy the storage and CPU.

MN

Attacker

CN

Internet

BUs

BU

HALUs

LU

19

Solutions

These threats all lead from the fact that CN cannot authenticate or understand Binding Update messages, and can be solved by Authentication mechanism.

When the MN and CN share the same Security Authority, IPSEC can be deployed to authenticate.

In practical situation, MN and CN usually do not have the same SA, Return Routability Procedure

20

RRP mechanism Return Routability Procedure: authenticate the Co

A and HA belongs to the same MN.

21

Mobile IPv4 versus Mobile IPv6Mobile IPv4 Mobile IPv6

Triangular routing,

CN cannot understand the BU message

Routing Optimization, RRP provide protection for BU messages between MN and CN even not share the same Security Authority

When use Ingress Filtering to defeat DoS attack , Reverse Tunneling should be deployed to make sure the packets sent by CN can reach the MN

When use Ingress Filtering to defeat DoS attack, no need for Reverse Tunneling

Better coexistence with the Ingress Filtering policy

Address Resolution Protocol, easily to be attacked.

Using Neighbor Discovery Protocol ,better robustness and security.

Foreign Agent , a potential threat No FA

22

OUTLINE

1.Introduction2.Typical threats 3. Mobile IPv6 and new

threats 4.Open issues

23

Open issues

Location Privacy of MN --no mechanism existed in Mobile IP specifications to fix it, usually

solved by Bi-directional tunneling.

Protection of the MN-CN signaling --IPSEC , costly and relies on a public key infrastructure

--Purpose-Built Keys (PBK), still under research

--Cryptographically Generated Address (CGA), complementary to

RRP, but costly

24