Mobile IP Security

Team : “WARRIORS”

Anand Modh

Chaitanya Chelamkuri

Kinshuk Bansal

Kshitij Shah

Pramod Ramesh

CMPE 209 SPRING 2008

AGENDA

Mobile IP & Concepts.

Mobil IP Packet Flow.

Threats.

Security.

Mobile IP & Concepts

Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group.

Mobile IP inform the network about the change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment.

The basic Mobile IP protocol permits mobile internetworking to be done on the network layer.

Care-of Address is an address of a Foreign Agent with which the Mobile Node is registered.

Need of Mobile IP

Terminology– A home link is the link on which a specific node

should be located; that is the link, which has been assigned the same network-prefix as the node’s IP address

– A foreign link is any link other than a node’s home link – that is, any link whose network-prefix differs from that of the node’s IP address

Introduction

There are 3 functional entities where it is implemented:– Mobile Node – a node which can change its point-of-attachment

to the Internet from one link to another while maintaining any ongoing communications and using its (permanent) IP home address

– Home Agent – router with an interface on the mobile node’s home link, which:

• Is informed by the mobile node about its current location, represented by its care-of-address

• In some cases, advertises reachability to the network-prefix of the mobile node’s home address, thereby attracting IP packets that are destined to the mobile node’s home address

• Intercepts packets destined to the mobile nodes home address and tunnels them to the mobile node’s current location, i.e. to the care-of-address

Introduction

Foreign Agent – a router on a mobile node’s foreign link which:– Assists the mobile node in informing its home agent of

its current care-of address– In some cases, provides a care-of address and de-

tunnels packets for the mobile node that have been tunneled by its home agent

– Serves as default router for packets generated by the mobile node while connected to this foreign link

HA

HA

FA

FA

FA

MN

INTERNET

FAForeign Agent

HAHome Agent

MNMobile Node

HA

HA

FA

FA

FA

MN

FA relays request to HA

HA accepts or denies

MN requests service

FA relay status to MN

MN requests service

MNMNMN

HA

HA

FA

FA

FA

MN

Now if packets come addressed for MN will move through the tunnel shown.

HA encapsulates and send it to MN

“TUNNELING”

CN

HA encapsulates and send it to MN

“TUNNELING”

Mobile IP Packet Flow

HAFA

MNHACNA4 or 55FAAHAA

Src Dest Prot Src Dest

Tunneled Packet

2

…MNHACNA

Src Dest

Src Dest

…CNAMNHA

3

4

CN

MNOriginal IP Packet:

…MNHACNA

Src Dest

1

HAAHA address

MNHA MN Home Address

CNA CN Address

FAA FA Address

What is Tunneling

A tunnel is a path followed by a fist packet while it is encapsulated within the payload portion of a second packet:

Figure from J. D. Solomon. Mobile IP - The Internet Unplugged. Prentice-Hall, 1997

Threat 1 INSIDER ATTACKS

This threat is due to the individuals who are suppose to be trustworthy.

This attack is due to the disgruntled employee gaining access to the sensitive data and then forwarding it to a competitor.

A survey suggests that twice as many attacks are due to insiders on corporate world.

Security form Threat 1

By enforcing strict controls on who can access what data.

Use of strong authentication of users and computers, eliminate plaintext username/password based etc .

Encrypting all data transfer on an end to end basis between the source and the destination using various encryption algorithms.

HAFA

ATTACKER

MN

Original Care of address

Sayx.x.x.x

Attacker’s address

Sayy.y.y.y

Registration request:

“The mobile node’s new care of address” is y.y.y.y

Threat 2 Denial-of-service

This threat prevents someone from getting useful work done by:– An attacker sends the tremendous number of packets to a host that

brings the host’s CPU to its knees attempting to process all the packets.

– An attacker interfaces with the packets that are flowing between two nodes.

– In the case of mobile node, if an attacker send a request message to HA as his IP address as the care of address for a mobile node then:

• Attacker will get a copy of packets.

• Mobile will not get any packets.

Security from Threat 2

The security to this threat is implemented by cryptographically strong authentication in all registration messages exchanged between mobile node and its home agent.

Mobile IP allows the use of any authentication algorithm, bit all should support default “Keyed MD5”(Message-Digest) algorithm.

Fun(MD5)

Message Digest

Message Digest

Fun(MD5)

EQUAL ?

HAMN

Registration Request

Threat 3 Passive Eavesdropping

This threat occurs when an attacks on someone else’s packets in order to learn the confidential information.

Wireless networks are more vulnerable because in this the attacker need not physically be connected to the network.

Security from Threat 3

Link- Layer Encryption.

End-to-End Encryption.

Link- Layer Encryption.

In this the mobile node and the foreign agent encrypt all packets they exchange over the link.

This technique is important when wireless LAN is in use.

MN

CN

HA FA Link Encryption

Areas of vulnerability

Plaintext

End-toEnd Encryption.

In this encryption and decryption is done at the ultimate source and destination.

Data is protected irrespective of the medium used.

CN

HA FA

MN

End-to-End Encryption

Threat 4 Session-Stealing

In this an attacker waits for the legitimate node to authenticate itself and then takes over the session without realizing the mobile node about this.

The attacker steals the session by sourcing packets that appear to come from the mobile node and intercepting packets destined for mobile node.

Link- Layer Encryption.

End-to-End Encryption.

Security from Threat 3

Threat 5 Other Active Threats

In this the attacker tries to connect to the network jack, find out the IP address and break into the other hosts on the network.

1. Attacker figures out the network prefixes assigned to the link- by listening the mob IP agent advertisements,by listening the packets and examine the source and destination IP address.

2. Then guessing the host number, which along with the network prefix, give him the IP address to use.

3. Then tries to break into the hosts on the network.

HOW?

Security from Threat 5

All network jacks must connect to a foreign agent that has been configured to enforce the policy with the R bit in its agent authentication.

There must not be nay nodes whose sessions can be captured.– Remove non mobile nodes.

– All nodes should use link encryption.

?

?

?

?

?