Mobile IP: Security Issues

2

Current State of Mobile Computing

Mobile computers are one of the fastest growing segments of the PC market

Short-range wireless networks (Bluetooth) available from IBM, Toshiba, Dell, HP…

High-speed (11 Mbps) wireless LAN products are now easily and cheaply available (IEEE 802.11a, IEEE 802.11b)

Low speed (currently 128 Kbps) Metropolitan Area Wireless Network services are available in some cities and spreading (Metricom’s Ricochet)

3

Mobile Computers’ Characteristics

May change point of network connection frequently

May be in use as point of network connection changes

Usually have less powerful CPU, less memory and disk space

Less secure physically Limited battery power

4

Wireless Networks’ Characteristics

Generally lower bandwidth Higher latency and variability Higher error rate More susceptible to interference and

eavesdropping

5

Outline of the Lectures

Part 0: TCP/IP Primer Part 1: The Need for Mobile IP Part 2: Mobile IP Overview (for IPv4) Part 3: Security Issues

A Simple Mobile IP Application (Private Network without Internet connection)

A More Complicated Application: Internet-Wide Mobility

6

Part 0: TCP/IP Primer

A protocol suite widely used for internetworking (in the Internet).

Has made possible communication over a global Internet.

Makes two hosts communicate despite their hardware differences.

Both hosts and routers need to run TCP/IP protocol software.

7

Part 0: TCP/IP … Internetworking: to provide seamless

communications.

IP Addressing:

-Each host is assigned a 32 bit unique address.

-A packet contains the address of source and destination.

IP Address Hierarchy:

-32 bit address divided into two parts:

-- A prefix and a suffix (two level hierarchy).

8

The IP Address Hierarchy….

The prefix: identifies the physical network. The suffix: identifies the individual computer. Such addressing scheme is tremendous help

in routing.

Dotted Decimal Notation:

-Treats each octet as an unsigned integer.

Example: 128.55.0.23

9

IP Addressing …

Routers are also assigned IP addresses. A router may have multiple addresses.

10

IP Addressing…Address Resolution Protocol (ARP):

(mapping from an abstract address to physical location.)

o A request message contains the IP address.

o A response message contains the both, the IP address and the hardware address.

O A request message is broadcast, but response messages are directed.

-Responses are cached (used later).

11

IP Data (Packet) Forwarding TCP/IP supports both connectionless and

connection-oriented services. Fundamental mode: connectionless.

-Each packet travels independently.

(Reliable connection-oriented service uses the underlying connectionless service.)

-Packets called IP datagrams.

-An IP datagram contains header and data.

-Header contains: source and dest. IP addresses. (data variable 1 to 64K bytes).

12

IP Datagram Forwarding

Router: keeps routing information in a routing table.

When it receives a datagram,

-extracts dest. Address from the header.

-uses the routing table and dest address

to determine the outgoing link.

O Best effort delivery and does not handle:

-Datagram loss, corruption of data,

datagram duplication, out-of-order del.

13

IP Encapsulation

An IP datagram may have to traverse a network that does not understand the format.

Encapsulation: a solution.

-A datagram is encapsulated in a frame.

(datagram is placed in the data area of frame.)

-Dest. Address of the frame is where the datagram should go next.

-A datagram may be encapsulated many times during its transmission.

14

MTU/Fragmentation/Reassembly

MTU (Maximum transmission unit):

-Each subnet has a maximum limit on the payload of a datagram. (No exceptions).

Over the Internet, a datagram may have to traverse several subnets with their MTUs.

What if the datagram size is larger than the

Payload allowed in a subnet to be traversed?

15

MTU/Fragmentation/Reassembly…

Fragmentation is a solution:

-The router divides the datagram into smaller

pieces called fragments.

-Each fragment uses IP datagram format.

-Fragments are independently transmitted.

Reassembly:

Creation of original datagram from the fragments.

16

IPv6 (The next IP) Drawbacks of the IPv4:

-Limited address space (IP address: 32 bits).

-New Internet applications: audio, video, etc.

-Group collaborations: group communication.

-IPv6 retains many of the IPv4 features.

o IPv6 is also connectionless.

o Each datagram carries dest. Address.

o Each datagram is routed independently

17

IPv6…

What is new:

-Uses a larger address.

-Uses an entirely new data header format.

-IPv6 header is variable size.

New Features:

1. Address size: IPv6 address contains 128 bits.

2. Header format: completely different format.

18

IPv6…

-Extension headers:

Base header + several optional extn. headers.

-Support for Audio and Video:

Allows sender-receiver to establish a high-speed path through the underlying N/Ws.

-Extensible protocols:

.Does not specify all protocol features.

.New features can be added as needed.

19

IPv6 Addressing

Like IPv4, IPv6 assigns a unique address to each connection between a router and N/W.

Three types of addressing is allowed:

-Unicast

-Multicast

-Anycast (delivered to the nearest computer

in the domain or N/W).

//does not include broadcasting//

20

Part 1: The Need for Mobile IP

Problems Terminology What Happens When a Node Changes Link? Can’t We Solve This Problem with Host-

Specific Routes? Why Not Just Change the Node’s IP Address? Can’t We Just Solve the Problem at the Link

Layer? What If We Only Need Nomadicity?

21

Mobile IP solves the following problems:

What if a node moves from one link to another without changing its IP address? (It will be unable to receive packets at the new link.)

What if a node changes its IP address when it moves? (It will have to terminate and restart any ongoing communications each time it moves.)

Mobile IP solves these problems in secure, robust, and medium-independent manner whose scaling properties make it applicable throughout the entire Internet.

22

The Need for Mobile IP

Terminology A home link is the link on which a specific node should be

located; that is the link, which has been assigned the same network-prefix as the node’s IP address

A foreign link is any link other than a node’s home link – that is, any link whose network-prefix differs from that of the node’s IP address

Host-specific route is a routing-table with Prefix-Length of 32 bits, it will provide a match for exactly one IP Destination Address; namely, the address specified in the Target field

Mobility is the ability of a node to change its point of attachment from one link to another while maintaining all existing communications and using the same IP address at its new link

23

What Happens When a Node Changes Link?

24

Can’t We Solve the Mobility Problem with Host-Specific Routes?

How Might Host-Specific Routes Solve the Problem?

If it Solves the Problem, Is This Solution a Good One?

25

Is This Solution a Good One?

How Many Mobile Nodes We Can Expect? How Many Routes Are Required for Each Mobile Node? How Fast Will a Node Change Links? Is This Solution Robust? Is It Secure?

26

Conclusion:Host Specific Routes is an Unworkable Solution to Node Mobility in the Internet

Minimally, host-specific routes must be propagated to all nodes along the path between a mobile node’s home link and its foreign link

Some (in the worst case all) of these routes must be updated every time the node moves from one link to another

We expect millions of nodes to be operating

27

Host-Specific routing has severe scaling, robustness, and security problems Unless host-specific routes are propagated to

a much larger set of routers than minimal set described in the first item above, the Internet mobility to route around isolated node and link failures is negated by host-specific routing.

Serious security implications would require authentication and a complicated key management protocol.

28

Why Not Just Change the Node’s IP Address?

Can Connections Survive a Changing IP Address? No, because all open TCP connections will be terminated

How Do We Find a Node Whose IP Address Keeps Changing? Only if a mobile node itself initiates communication, a huge

overhead to keep entries in DNS updated, address returned by a name server is subject to change at any moment

Can’t we just solve the problem at the Link Layer? (Cellular Digital Packet Data - CDPD (11Kbps), IEEE 802.11…) Provides node mobility only in the context of a single type of

medium and within a limited geographic area

29

What If We Only Need Nomadicity?

A nomadic node is one which must terminate all existing communications before changing its point-of-attachment, but then can initiate new connections with a new IP address once it reaches its new location.

If all communications are initiated by the user of a mobile node, and the user does not mind shutting down his applications and restarting then at a new location, then nomadicity is indeed sufficient

30

Why Mobility Is Preferable to Nomadicity? In the future Servers and not just Clients might need to

become mobile (Clients know their Servers only by their IP addresses)

Some license application vendors provide network-licensing systems which restrict access to only those nodes possessing specific ranges of IP addresses

Some security mechanisms provide access privileges to nodes based upon their IP addresses. Mobile nodes employing Mobile IP allow such mechanisms to work in the presence of node mobility

Limited availability of IPv4 addresses, need for specific address assignment mechanisms

31

Summary

A node that changes from one link to another is incapable of communicating at the new location unless it changes its IP address

Host-specific routing is not workable solution in the context of the global Internet

Changing a node’s IP address is undesirable The difference between mobile and nomadic

computing (impossible for other node to know at what address a nomadic computer can be reached at any given moment)

32

Summary (cont.)

All link-layer solutions share limitations in their geographic applicability and the media over which they can run.

Even in those instances where a node requires only nomadicity, the more subtle advantages offered by Mobile IP mobility can make network administration much easier.

33

Part 2: Mobile IP Overview (for IPv4)

Is Mobile IP an Official Standard? What Is the Scope of the Mobile IP Solution? What Are the Requirements for Mobile IP? What Assumption Does Mobile IP Make? Where Does Mobile IP Reside? Generally How Does Mobile IP Works? Summary

34

Is Mobile IP an Official Standard?

Mobile IP was approved by the Internet Engineering Steering Group (IESG) in June 1996 and published as a Proposed Standard in November 1996.

Main reference document : Request for Comments (RFC) 2002

There are other RFCs defining specific aspects of Mobile IP, such as tunneling, applicability, Management Information Base…

35

What Is the Scope of the Mobile IP Solution? Mobile IP is a network-layer solution to node mobility in the

Internet It accomplishes its task by setting up the routing tables in

appropriate nodes, such that IP packets can be sent to mobile nodes not connected to their home link

Can be considered to be a routing protocol, which has a very specialized purpose of allowing IP packets to be routed to mobile nodes which could potentially change their location very rapidly.

Mobile IP is unique in its ability to accommodate heterogeneous mobility in addition to homogeneous mobility.

Solves the primary problem of routing IP packets to mobile nodes, which is a first step in providing mobility on the Internet. A complete mobility solution would involve enhancements to other layers of the protocol stack.

36

What Are the Requirements for Mobile IP?

A mobile node must be able to communicate with other nodes after changing its link-layer point-of-attachment to the Internet

Must be able to communicate using its home (permanent) IP address, regardless of its current link-layer point-of-attachment to the Internet

Must be able to communicate with other computers that do not implement the Mobile IP mobility functions The Mobile IP implementation should be limited only to the

mobile nodes themselves and the few nodes which provide special routing functions on their behalf

Must not be exposed to any new security threats over and above those to which any fixed node on the Internet is exposed

37

What Assumption Does Mobile IP Make?

Mobile IP’s fundamental assumption is that unicast packets – those destined to a single recipient – are routed without regard to their IP Source Address.

We will see how that assumption, though theoretically valid, might not be operationally valid under certain circumstances (Denial-of Service)

38

Where Does Mobile IP Reside? There are 3 functional entities where it is implemented:

Mobile Node – a node which can change its point-of-attachment to the Internet from one link to another while maintaining any ongoing communications and using its (permanent) IP home address

Home Agent – router with an interface on the mobile node’s home link, which: Is informed by the mobile node about its current location,

represented by its care-of-address In some cases, advertises reachability to the network-prefix

of the mobile node’s home address, thereby attracting IP packets that are destined to the mobile node’s home address

Intercepts packets destined to the mobile nodes home address and tunnels them to the mobile node’s current location, i.e. to the care-of-address

39

Where Does Mobile IP Reside?

Foreign Agent – a router on a mobile node’s foreign link which: Assists the mobile node in informing its home

agent of its current care-of address In some cases, provides a care-of address and

de-tunnels packets for the mobile node that have been tunneled by its home agent

Serves as default router for packets generated by the mobile node while connected to this foreign link

40

Mobile IP Entities and Relationships

41

IP Tunneling

A tunnel is a path followed by a fist packet while it is encapsulated within the payload portion of a second packet:

42

Properties of Care-of Address

A care-of address is an IP address associated with mobile node that is visiting a foreign link: A care-of address is specific to the foreign link currently

being visited by a mobile node Generally changes every time the mobile node moves from

one foreign link to another No Mobile IP-specific procedures are needed in order to

deliver packets to a care-of address Is used as the exit-point of a tunnel from the home agent

toward the mobile node

43

Two Conceptual Types of Care-of Addresses

A foreign agent care-of address is an IP address of a foreign agent which has an interface on the foreign link being visited by a mobile node. Can be shared by many mobile nodes simultaneously

A collocated care-of address is an IP address temporarily assigned to an interface of the mobile node itself. The network-prefix of a collocated care-of address must equal the network-prefix that has been assigned to the foreign link being visited by a mobile node. This type of c/o address might be used by mobile node in situations where no foreign agents are available on a foreign link. A collocated c/o address can be used by only one mobile node at a time

44

45

Generally How Does Mobile IP Works?

Home Agents and Foreign Agents advertise their presence on any attached links by periodically multicasting or broadcasting special Mobile IP messages called Agent Advertisements

Mobile Nodes listen to these Agent Advertisements and examine their contents to determine whether they are connected to their home link or a foreign link

A Mobile Node connected to a foreign link acquires a care-of address. A foreign agent care-of address can be read from one of the fields within the foreign agent’s Agent Advertisement.

46

How Does Mobile IP Works (cont.)? The mobile IP Registers the care-of address acquired previously with its home

agent, using a message-exchange defined by Mobile IP. It asks for service from a Foreign Agent, if one is present on the link. In order to prevent Denial-of-Service attacks, the registration messages are required to be authenticated

The Home Agent or some other router on the home link advertises reachability to the network-prefix of the Mobile Node’s home address, thus attracting packets that are destined to the Mobile Node’s home address. The Home Agent intercepts these packets, and tunnels them to the care-of address that the mobile node registered previously

At the care-of address – at either the Foreign Agent or one of the interfaces of the mobile node itself – the original packet is extracted from the tunnel and then delivered to the Mobile Node

In the reverse direction, packets sent by the Mobile Node are routed directly to their destination, without any need for tunneling. The Foreign Agent serves as a default router for all packets generated by visiting node

47

Mobile IP Summary Allows node mobility across media of similar or dissimilar types Uses the Mobile Node’s permanent home address when it

changes its point of attachment to the Internet Not requires any hardware and software upgrades to the

existing, installed base of IPv4 hosts and routers – other than those nodes specifically involved in the provision of mobility services

Mobile Node must provide strong authentication when it informs its Home Agent of its current location

Uses tunneling to deliver packets that are destined to the Mobile Node’s home address

3 main entities: Mobile Nodes, Foreign Agents and Home Agents 3 basic functions: Agent Discovery, Registration, Packet Routing

48

Part 3a. Security Issues: Simple Mobile IP Application (Intranet without connection to the Internet) How is Mobile IP deployed? Insider Attack Mobile Node Denial-of-Service Replay Attacks Theft of Information: Passive Eavesdropping Theft of Information: Session-Stealing

(Takeover) Attack Other Active Attacks

49

How is Mobile IP Deployed?

All hosts are wholly owned by the enterprise Each router performs both home agent and

foreign agent functionality:

50

Insider Attacks

Usually involve a disgruntled employee gaining access to sensitive data and then forwarding it to a competitor Enforce strict control who can access what data Use strong authentication of users and computers Encrypt all data transfer on an end-to-end basis

between the ultimate source and ultimate destination machines to prevent eavesdropping

51

Mobile Node Denial-of-Service

A Bad guy sends a tremendous number of packets to a host (e.g., a Web server) that brings the host’ CPU to its knees. In the meantime, no useful information can be exchanged with the host while it is processing all of nuisance packets

A Bad Guy somehow interferes with the packets that are flowing between two nodes on the network. Generally speaking, the Bad Guy must be on the path between the two nodes on order to wreak any such havoc

52

Denial-of-Service Attack

A Bad Guy generates a bogus Registration Request specifying his own IP address as the care-of address for a mobile node. All packets sent by correspondent nodes would be tunneled by the node’s home agent to the Bad Guy:

53

How Does Mobile IP Prevents this Denial-of-Service Attack?

Note: In case of mobility a Bad Guy could attack from anywhere in the network, it does not have to be “on the way”.

Solution: to require cryptographically strong authentication in all registration messages exchanged by a mobile node and its home agent.

Mobile IP by default supports MD5 Message-Digest Algorithm (RFC 1321) that provides secret-key authentication and integrity checking

54

Authentication of Registration Messages via Keyed MD5 A mobile node generates a Registration Request, consisting of the fixed length

portion and the Mobile-Home Authentication Extension, it fills in all the fields of the request and extension except for the Authenticator field. Then it computes 16-byte MD5 message digest over: the shared secret key, the fixed length portion, all extensions without Authenticator field, and the shared secret key again. The Mobile IP authentication extensions provide both authentication and integrity checking

55

Replay Attacks

A Bad Guy could obtain a copy of a valid Registration Request, store it, and then “replay” it at a later time, thereby registering a bogus care-of address for the mobile node

To prevent that the Identification field is generated is a such a way as to allow the home agent to determine what the next value should be

In this way, the Bad Guy is thwarted because the Identification field in his stored Registration Request will be recognized as being out of date by the home agent (timestamps or nonces are used for Identification field)

56

Summary

Mobile IP registration has has built-in prevention of denial-of-service attacks. Specifically, it is impossible for a Bad Guy to lie to a mobile node’s home agent about that mobile node’s current care-of address, because all registration messages provide authentication of the message’s source, integrity checking and replay protection

57

Theft of Information: Passive Eavesdropping

Assumption: unauthorized persons will inevitably gain wired or wireless access to the network infrastructure

Use of Link-Layer Encryption We also assume that key management for

the encryption is performed without disclosing the keys to any unauthorized parties

Use of End-to-End Encryption (SSH, SSL…)

58

End-to-End Encryption vs. Link Encryption The Encapsulating Security Payload (RFC 1827) can provide end-to-

end encryption to other application programs not supporting it themselves

59

Theft of Information: Session-Stealing (Takeover) Attack

A Bad Guy waits for a legitimate node to authenticate itself and start an application session

Then it takes over the session by impersonating the identity of the legitimate node

Usually he must send a tremendous number of nuisance packets to the legitimate node in order to prevent it from realizing that its session was hijacked

60

Session-Stealing on the Foreign Link

The Bad Guy waits for a mobile node to register with its home agent

The Bad Guy eavesdrops to see if the mobile node has any interesting conversation taking place (remote login session to another host, connection to the electronic mailbox)

The Bad Guy floods the mobile node with nuisance packets

The Bad Guy steals the session by sending the packets that appear to have come from the mobile node and by intercepting packets destined to the mobile node

61

Session-Stealing Prevention

Same method as in the case of Passive Eavesdropping: minimally link-layer encryption between the mobile node

and the foreign agent (session-stealing on the foreign link) With the preference of end-to-end encryption between the

mobile node and its corresponding node (elsewhere) Note: a good encryption scheme provides a method by

which a decrypting node can determine whether the recovered plaintext is gibberish or whether it is legitimate (integrity checking)

62

Other Active Attacks

The Bad Guy connects to the network jack, figures out he IP address to use, and tries to break to the other hosts on the network

He figures out the network-prefix that has been assigned to the link on which the network jacks connected

The Bad Guy guesses a host number to use, which combined with the network-prefix gives him an IP address to use on the current link

The Bad Guy proceeds to try to break into the hosts on the network guessing user-name/password pairs

63

Protection against such attacks

All publicly accessible network jacks must connect to foreign agent that demands any nodes on the link to be registered (authenticated).

Remove all non-mobile nodes from the link and require all legitimate mobile nodes to use (minimally) link-layer encryption

64

Summary: Intranet Model Security

We described a simple deployment of Mobile IP on individual corporate campus (intranet)

All of the routers were upgraded to be both home agents and foreign agents, all reasonably portable host were upgraded to mobile hosts

Home addresses were assigned according to the user’s department Mobile IP authentication Keys were configured between the mobile

nodes and their respective home agents Assumed the existence of physical security flaws Used link encryption over the foreign link to minimally protect the

internal data, but generally preferred end-to-end encryption Considered Denial-of Service attack in which a Bad Guy lie to a mobile

node’s home agent about mobile node’s current care-of address Showed how a combination of the Mobile-Home Authentication

Extension and Identification field are designed to provide Authentication, Integrity Checking, and Replay Protection for all Registration Requests and Replies

65

Part 3b. Internet-Wide Mobility: A more Complicated Application

This Mobil IP application allows a user to move anywhere throughout the entire Internet without exposing his private network to additional security threats

We will consider the problem of mobile nodes getting packets past the firewall when they are outside of the private network boundary (the subject of active research in Mobile IP Working Group of Internet Engineering Task Force)

66

Model for This Application

67

The Requirements

There must be a firewall between the corporate network and the global Internet

Authorized mobile nodes belonging to employees of the corporation must not suffer any loss of connectivity to resources inside the firewall, even when connected to a foreign link outside the firewall

The corporate network must not be exposed to any new security threats over and above those that face any network connected to the Internet (through a firewall)

A visitor must be able to communicate with the global Internet (and presumably his own private network) from “public” areas such as conference rooms, training facilities, etc.

68

Threats That Are the Same As Before

Threats from insiders (restrict access to info) Denial-of-service attacks (use of strong

authentication) Passive eavesdropping and active takeover

attacks (encryption) Physical Intrusion to the “restricted” portion of

the campus (control of physical access)

69

Firewalls 3 basic types of firewalls: packet-filtering routers, application-

layer relays, and secure tunnelers:

70

Packet-Filtering Router as Firewall

71

Example of Access Control List (ACL)

Forward all packets belonging to connections initiated by internal machines

Forward all packets belonging to email connections initiated by outside machines

Forward all DNS messages Discard all other packets

72

Advantages of Packet-Filtering Routers

Fast (simple processing involving examining of IP Source and Destination Address fields, and TCP and UDP header fields)

Independent of applications Inexpensive to upgrade

73

Problems

Difficult to configure correctly Obscure syntax of ACLs (usually there is no GUI) Any mistake leaves the private network vulnerable

to security attacks No reliable way to check ACL’s correctness IP addresses of the machines in the private network

are visible to the public network Little or no disk space to log a suspicious activity Do not support user’s authentication before being

allowed to communicate outside the firewall

74

Application-Layer Relays

The two routers are configured with ACLs which allow packets only to and from the relay host:

75

Advantages

Ability to enforce more sophisticated security policies since they understand not only packet headers, but also the applications themselves

Auditing and logging capabilities Authentication support

76

Disadvantages

Slow and “visible” to end users (might have many TCP connections open at the same time)

Some applications might not be supported by firewall possibly because it does not work symmetrically in both directions

77

Secure Tunnelers (picture)

78

Secure Tunnelers

If the packet is tunneled to the firewall and has valid authentication (and usually encryption), it is de-tunneled and routed “transparently” to the destination node within the private network

Otherwise, the packet is submitted to application-layer relay and is processed accordingly

79

Virtual Private Network (VPN)

80

Host1 sends a packet to Host2 (see the previous picture) Host1 builds an IP packet its own IP address as the Source

Address and Host2’s IP address as the Destination Address The packet is ultimately forwarded to the firewall on the left The firewall prepends an IP Encapsulating Security Payload

header to the original IP packet and encrypts the original IP header and payload (the encryption algorithm provides authentication and integrity checking as well)

The firewall places the resultant Encapsulating Security Payload header plus encrypted original packet within the payload portion of a new IP packet. The new IP packet has a Source Address of the leftmost firewall and a Destination Address of the rightmost firewall

The new packet is transmitted over the Internet, where it is ultimately received by the firewall on the right

81

Host1 sends a packet to Host2 (cont.) The firewall consumes the outermost IP packet

header and examines the IP Encapsulating Security Payload header. The Security Parameters Index field within that header informs the firewall how to process the received cipher-text. The firewall proceeds to decrypt and verify the authentication and integrity of the packet

If the packet is authentic, the firewall removes the IP Encapsulating Security Payload header to recover the original IP packet

The firewall forwards the packet, which is ultimately delivered to Host2 via conventional routing

82

How do we protect a Mobile Node That Is Outside the Firewall?

Mobile Node as a Special Case of Virtual Private Networks (VPN) The “firewall” is a software module running on the

mobile node:

83

Requirements for Secure Firewall Traversal in Mobile IP Must protect the mobile node and the private

network from passive eavesdropping and active takeover attack

Must work for organizations that have private addresses (that are not advertised to the rest of the Internet) on their networks

Must not require the firewall to implement or understand Mobile IP

Must resolve the problem of the mobile node Registration through the firewall

Must work in presence of internal private network firewalls

84

Firewall Traversal Using VPN: Questions to Answer

How does a mobile node establish the authenticated and/or encrypted tunnel to the firewall?

Does the mobile node establish this tunnel before or after it registers with its home agent?

Is the mobile node’s home agent inside or outside the firewall? How do we establish keys between the mobile node and its

firewall? How do the mobile node and the firewall agree on a set of

encryption and/or authentication algorithms to use? How does the mobile node know whether it is inside or outside

the firewall?

85

Conclusions

Firewall Traversal is a work in progress in the Mobile IP community

It usually implements the IP Authentication Header, IP Encapsulation Security Payload and ISAKMP/Oakley for key management

The general solution can be formulated as establishing an encrypted and authenticated tunnel between the mobile node and the firewall

86

Summary

We described a more complicated deployment of Mobile IP on individual corporate campus that was characterized by placing all publicly accessible network jacks outside of the corporation’s firewall

We also sketched in general a solution for firewall traversal using Virtual Private Networks

87

Model for Commercial, Mobile IP service

88

References

James D. Solomon, Mobile IP: The Internet Unplugged, Prentice Hall, 1998.

David B. Johnson. Mobile IP in the Current and Future Internet, Tutorial for MobiCom 2000.

Charles Perkins, “Mobile Networking with Mobile IP”, IEEE Internet Computing, 2(1):58-69, January/February 1998.