2. ABSTRACTABSTRACT
In this project we have analyzed major securityIn this project we have analyzed major security
issues in Mobile IPv6, the consequences theyissues in Mobile IPv6, the consequences they
have on its deployment, solutions proposed sohave on its deployment, solutions proposed so
far and problems in those solutions.far and problems in those solutions.
We have done a comparative study of theseWe have done a comparative study of these
threats with respect to the effect they have onthreats with respect to the effect they have on
performance of MIPv6performance of MIPv6
We have created a simulation of an improvedWe have created a simulation of an improved
Return Routability ProcedureReturn Routability Procedure
3. Mobile IPv6Mobile IPv6
Mobile IPv6(MIPv6) is a mandatory feature ofMobile IPv6(MIPv6) is a mandatory feature of
IPv6 which has been developed to enableIPv6 which has been developed to enable
mobility in IP networks for mobile terminals.mobility in IP networks for mobile terminals.
It is intended to enable IPv6 nodes to moveIt is intended to enable IPv6 nodes to move
from one IP subnet to another.from one IP subnet to another.
4. BINDING UPDATESBINDING UPDATES
Under MIPv6 a new class of messages dubbedUnder MIPv6 a new class of messages dubbed
binding updates confirm the identity of a device,binding updates confirm the identity of a device,
even if it's moving.even if it's moving.
This method allows communications to goThis method allows communications to go
directly to the mobile device without firstdirectly to the mobile device without first
passing through the home address, resulting inpassing through the home address, resulting in
an increase of both speed and efficiency.an increase of both speed and efficiency.
5. Internet
Mobile Node sends Binding Update
Home Agent replies with Binding Acknowledgement
Home Agent
Mobile Node
R
R
R
Network B
Network C
Network A
Corresp.
Node C
Mobile Node registers at its Home Agent
Internet
Internet
6. Internet
Mobile Node sends Binding Updates to Home Agent and
all Corresp. Nodes, which already received a previous
Binding Update from this Mobile Node
Home Agent
R
R
R
R
Network B
Network C
Network A Network D
Corresp.
Node C
Mobile IPv6 Roaming
7. Mobile IPv6 security vulnerabilities
The security threatsThe security threats and scenarios have become a
driving force to a new set of goals that Mobile
IPv6 was required to address in order to be
standardized.
In the subsequent slides we will discuss
classification of threats, types of attackers and a
discussion of possible threat scenarios.
8. General requirements of Mobile IPv6
security
Should be no worse than Mobile IPv4 as it is
today.
Should be as secure as if the mobile node was
on the home link without using Mobile IP.
Should optimize the number of message
exchanges and bytes sent between the
participating entities (MN, CN, and HA), since
many MNs are expected to operate over
bandwidth constrained wireless links.
9. Classification of ThreatsClassification of Threats
In the absence of a security association between most MN–CN
pairs, there are multiple vulnerabilities that the MN, the CN, or
the HA or home network, become exposed to. The major threats
can be classified as follows:
a. Tampering with the binding cache entries:
. Tampering binding cache entry at a home agent.
. Tampering binding cache entry at a correspondent node.
. Tampering binding cache entry at the previous access router,
acting as a temporary packet forwarding home agent.
10. Classification of Threats(contd.)Classification of Threats(contd.)
b.b. Denial-of-service (DoS).
. Preventing an MN from communicating with some or
all nodes.
. Pr. Preventing a CN from communicating with some or
all nodes.
. Preventing an HA from serving legitimate MNs.
c. Disclosure of sensitive information
. Disclosure of nodes serving as home agents in a
network.
11. Classification of AttackersClassification of Attackers
The following classes of attackers are considered as a basis
for the types of threat scenarios that occur.
An arbitrary node, anywhere in the Internet, launching
an attack against an MN, a CN, or an HA.
An attacker located on the same (wireless) link as the
MN.
An attacker located on the same link as the CN.
An attacker located on the same link as the HA.
12. Threat ScenariosThreat Scenarios
ATTACKER LOCATIONATTACKER LOCATION ATTACKSATTACKS EFFECTEFFECT ATTACKATTACK
REQUIREMENTSREQUIREMENTS
Anywhere in the internetAnywhere in the internet 1. Tampering with MN /CN
binding
cache entries
Man-in-the-middle (MITM)Man-in-the-middle (MITM)
DoSDoS
Knowledge of home address,
and any CN
2. BU flooding DoSDoS
MN/CN LinkMN/CN Link 1. Sending spoofed BU/BA MITM/DoS Only the knowledge of any
CN
2. BU flooding DoSDoS
HA LinkHA Link 1. Acting as the HA Masquerade/DoS No additional knowledge
is required
2. Tampering with HA
binding
cache entries
MITM/DoS
3. Sending spoofed BU/BA MITM/DoS
4. BU flooding DoSDoS
13. Scenario 1Scenario 1
(Attacker knows MNs HA & both end points)(Attacker knows MNs HA & both end points)
Tampering with the CN binding cache
Threat: The attacker can send a BU to the CN using the acquired HoA
and a malicious CoA. The CN would believe that the MN has
moved and hence has a new CoA. It updates the entry for
the MN in its binding cache
Effect: The packet stream for the ongoing session from the CN to the
MN now is diverted to the malicious node
Scalability: Leads to Denial of Service, intruder can also
act himself as Man in the Middle
14. Scenario 1Scenario 1
(Attacker knows MNs HA & both end points)(Attacker knows MNs HA & both end points)
Tampering with the MN binding cache
Threat: The attacker can send a BU to the MN using the acquired CoA
and a malicious HoA. The MN would believe that the CN has
moved and hence has a new address. It updates the entry for
the CN in its binding cache
Effect: The packet stream for the ongoing session from the CN to the
MN now is diverted to the malicious node
Scalability: Leads to Denial of Service, intruder can also
act himself as Man in the Middle
15. Scenario 1Scenario 1
(Attacker knows MNs HA & both end points)(Attacker knows MNs HA & both end points)
BU Flooding
Threat: A malicious node or virus could keep sending fake BUs to any
CN, the MN itself or the HA, at a very rapid rate and thereby
create unnecessary state at the MIPv6 node.
Effect: Binding cache memory gets inundated
with node entries having no meaning,
thus increasing traffic
Scalability: Valid node entry cannot be
created hence Denial of Service
16. Scenario 2Scenario 2
(Attacker determines CN through passive(Attacker determines CN through passive
monitoring)monitoring)
Sending spoofed BUs
Threat: Attacker knows as to which CNs
the MN is sending BUs. It sends spoofed
BUs to CN and to MN to depict co-location
Effect: Causes traffic to be routed elsewhere.
If spoofed BUs are send to both CN and MN
then Denial of Service occurs
Scalability: Attacker could possibly change the
contents of traffic
17. Scenario 2Scenario 2
(Attacker determines CN through passive(Attacker determines CN through passive
monitoring)monitoring)
Sending spoofed BAs
Threat: When MN sends a BU
the attacker would reply to MN with a spoofed BA, different
than the true BA it would receive from the CN
Effect: This attack can result in (1) MN sends unnecessary BU’s (subject
to rate limiting of sending BU’s) or (2) MN does not send
a BU that is necessary
Scalability: Unnecessary triangular routing takes
place or MN is not available at all
18. Scenario 2Scenario 2
(Attacker determines CN through passive(Attacker determines CN through passive
monitoring)monitoring)
BU Flooding
Threat: Sending fake binding updates to MN
or CN or both thereby increasing unnecessary
traffic
Effect: Increase in traffic, packet transfer slows
down
Scalability: Denial of Service attack, CN-MN
link could break due to excess packets
19. Scenario 3Scenario 3
(Attacker monitors the HA and MN(Attacker monitors the HA and MN
communicating with it)communicating with it)
Acting as the HA
Threat: If attacker is on subnet as HA and MN,
It could act as HA itself to receive BUs
Effect: Leads to various man in the middle
Attacks, flooding of Bus to MN
Scalability: Could lead to spoofing of IP
addresses, rejection of BUs
20. Scenario 3Scenario 3
(Attacker monitors the HA and MN(Attacker monitors the HA and MN
communicating with it)communicating with it)
Sending Spoofed BUs/BAs
Threat: Attacker can place itself in a way that
it intercepts even BAs and force changes in
node entry
Effect: This attack of sending spoofed BUs can lead to the changing
the route of packets from CN to MN, which is classified as
a DoS attack on the MN or the CN.
Scalabilty: Man in the Middle attack, traffic
congestion
21. Comparison of Threat ScenariosComparison of Threat Scenarios
Probability ofProbability of
AttackAttack
Number ofNumber of
Affected linksAffected links
Scenario 1Scenario 1 HighHigh >2>2
Scenario 2Scenario 2 HighHigh >1>1
Scenario 3Scenario 3 LowLow 11
22. Mobile IPv6 security goals
Securing binding updates.
Securing mobile prefix and dynamic home agent
discovery.
Securing the mechanisms that Mobile IPv6 uses
for transporting data packets.
23. Mobile IPv6 security solutions
The major security solutions of MIPv6 are:The major security solutions of MIPv6 are:
. IPsec and IKE standard solution
. Return routability solution
. Cross-layering security approach
24. IPSec in Mobile IPv6IPSec in Mobile IPv6
Currently, IPsec is used in protecting messages exchanged between the mobile
node and the home agent, and no new security mechanism exists for this
purpose. The use of the mandatory IPsec authentication header (AH) and the
encapsulating security payload (ESP) and a key management mechanism help
to ensure the integrity of the binding update messages between the MN and
the HA.
To prevent the MN from sending a binding update for another mobile node
using its association, the home agent also verifies that the binding update
message contains the correct HoA, either as the source of the packet or in an
optional field at end of the packet. Such a check is provided in the IPsec
processing, by having the security policy database entries unequivocally
identify a single security association for protecting binding updates between
any given home address and the HA.
25. IKE in Mobile IPv6IKE in Mobile IPv6
Internet Key Exchange (IKE) establishes a secure
framework for the distribution of public keys.
When IKE is used, either the security policy
database entries or the Mobile IPv6 processing
relies on the unequivocal identification of the
IKE credentials which can be used to authorize
the creation of security associations for
protecting binding updates for a particular HoA.
26. Shortcomings in using IPSec andShortcomings in using IPSec and
IKEIKE
IPSec and IKE are strong cryptographic authenticationIPSec and IKE are strong cryptographic authentication
protocols.protocols. The problem is that the authentication needs
to work between any MN and any correspondent in the
Internet (mobile or not). No infrastructure-based
solution currently exists that could be used to
authenticate all IPv6 nodes. One of the main
shortcomings of the integration of IPsec/IKE into
MIPv6 is that the processing overhead of these
protocols can be too high for low-end mobile devices
and for a network layer signaling protocol.
27. Cross Layering Security ApproachCross Layering Security Approach
It aims at modifyingIt aims at modifying IPsec/IKE in a way so that
so that certain portions of the datagram may be
exposed to intermediate network elements,
enabling these elements to provide performance
enhancements. It generally makes IPSec multi-
layered protocol. This protocol allows a user to
define zones within an IP packet. Each zone is
encrypted and authenticated with its own
security association.
28. Shortcomings in Cross LayeringShortcomings in Cross Layering
Security ApproachSecurity Approach
The key management is a major issue in in crossThe key management is a major issue in in cross
layering approach as distribution of multiplelayering approach as distribution of multiple
keys is required for multi-layered IPSec. Also,keys is required for multi-layered IPSec. Also,
this approach does not account for mobility,this approach does not account for mobility, and
does not provide any implementation or
performance insights.
29. Return routability solution
It is an example of infrastructurelessIt is an example of infrastructureless
authentication.authentication. Return routability authentication
method is based on the fact that routing in the
Internet is semi-reliable. It is difficult for a
remote attacker to change the route of packets
that do not travel via the attacker’s network.
Using RR solution reduces number of attackers
significantly.
30. Return Routability Procedure
Authentication without Public Key infrastructure or pre-shared keys
Two tokens, two paths: must have both to complete update
Difficult for attacker to intercept both tokens & generate valid MAC
MAC also protects integrity of plaintext message
Goal: Should be as secure as regular IPv4 (without mobility)
CN ↔ Mobile via Home
1a: Home Test Init
2a: Home Test (token1)
CN ↔ Mobile
1b: Care-of Test Init
2b: Care-of Test (token2)
Kbm = SHA(token1|token2)
3: Binding Update (MACKbm)
4: Binding ACK (MACKbm)
Correspondent Node
(CN)
Home
Mobile
31. Return Routability MessagesReturn Routability Messages
General Descriptions:
Kcn: A “node” key generated by correspondent node that is a random number, 20
octets in length.
Nonce: A random number of any length (64 bits is recommended), generated at
regular intervals, and may be stored in an array with the nonce index indicating array
position
1a: Home Test Init message
Source: Home address
Destination: correspondent
Contents:
Home init cookie – 64 bit random value
1b: Care-of Test Init message
Source: Care-of address
Destination: correspondent
Contents:
Care-of cookie – 64 bit random value
32. RR Messages(contd.)RR Messages(contd.)
2a: Home Test message
Source: Correspondent
Destination: home address
Contents:
Home init cookie – received from mobile node
Home keygen token – First(64, HMAC_SHA1(Kcn, (home address | nonce | 0)))
Home nonce index – identifies which nonce is being used in this message
2b: Care-of Test message
Source: Correspondent
Destination: care-of address
Contents:
Care-of init cookie – received from mobile node
Care-of keygen token – First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1)))
Care-of nonce index – identifies which nonce is being used in this message
Mobile node calculates Kbm = SHA1(home keygen token | care-of keygen token)
33. RR Messages(contd.)RR Messages(contd.)
3: Binding update message
Source: care-of address
Destination: correspondent
Contents:
Sequence number – 16-bit unsigned int
Home nonce index – received from correspondent
Care-of nonce index – received from correspondent
MAC = First(96, HMAC_SHA1(Kbm, (care-of address | correspondent | BU message))
Correspondent node verifies the MAC and creates a Binding Cache entry for the mobile.
4: Binding Acknowledgment message (optional)
Source: correspondent
Destination: care-of address
Contents:
Sequence number – 16-bit unsigned int; same as binding update received
MAC = First(96, HMAC_SHA1(Kbm, (care-of address | correspondent | BA message)))
34. APPLICATION OF THEAPPLICATION OF THE
PROJECTPROJECT
Binding update messages used in Mobile IPv6 are aBinding update messages used in Mobile IPv6 are a
shortcut designed to speed wireless communicationsshortcut designed to speed wireless communications
that use IPv6.that use IPv6.
Speed is the major advantage MIPv6 has over MIPv4Speed is the major advantage MIPv6 has over MIPv4
but without proper security measures the deploymentbut without proper security measures the deployment
of MIPv6 and IPv6 in general will be hampered.of MIPv6 and IPv6 in general will be hampered.
The principle of RR procedure is based on a weak
assumption of monitoring only one link. Usage of dual
key manipulation will make it more effective
35. Future ScopeFuture Scope
Mobile IPv6 specification is still unfinished andMobile IPv6 specification is still unfinished and
there is a real chance to contribute to thethere is a real chance to contribute to the
development work.development work. The evaluation of these
solutions in terms of security and efficiency
remains unclear given the complex
interdependencies in critical infrastructure
systems and the rapidly evolving nature of
networking