Mobile IPv6 aims to support mobility in IPv6 networks by allowing devices to maintain ongoing connections while moving between different networks. It operates in two modes: basic operation uses bidirectional tunneling between the mobile node and home agent, while route optimization establishes routes directly between the mobile node and correspondent nodes. Route optimization improves performance but introduces security challenges in authenticating binding updates. Evaluations found Mobile IPv6 reduces problems from triangular routing and ingress filtering compared to Mobile IPv4, but securing neighbor discovery and authorizing binding updates remain vulnerabilities.

1. Mobile IPv6

2. Why study Mobility in IPv6?

3. What is so different about Mobile IPv6 ?

4. Broadly we can say, Mobile IPv6 benefits from opportunities provided by IPv6 From the Lessons learnt from IPv4

5. Problems with Mobile IPv4

6. Triangle Routing Problem Triangle routing problem delays the delivery of the datagrams and places an unnecessary burden on networks and routers

7. Firewalls Enterprise firewalls are typically configured to block packets from entering via the Internet that appear to emanate from internal computers

8. Ingress Filtering Many border routers discard packets coming from within the enterprise if the packets do not contain a source IP address configured for one of the enterprise's internal networks

9. Other Security Issues Insider Attacks Denial of Service Attack (DOS) Replay Attacks Theft of Information: Passive Eavesdropping Theft of Information: Session-Stealing

10. Is Mobile IPv6 the Solution?

11. Two Modes of Operation Basic Operation or Bi- directional tunneling Route Optimization

12. Basic Operation Data Path: Mobile Node to Correspondent Node in Basic Operation Data Path: Correspondent Node to Mobile Node in Basic Operation

13. Route Optimization Data Path: Mobile Node to Correspondent Node in Route Optimization Data Path: Correspondent Node to Mobile Node in Route Optimization

14. Advantages of Route Optimization Allows the shortest communications path to be used. eliminates congestion at the mobile node's home agent and home link. the impact of any possible failure of the home agent or networks on the path to or from it is reduced.

15. Establishing Route Optimization

16. Messages supported by Mobility Header Home Test Init Home Test Care-of Test Init Care-of Test Binding Update Binding Acknowledgement Binding Refresh Request Binding Error Return Routability Procedure Registration

17. Return Routability Procedure Purpose : Enables the correspondent node to obtain some reasonable assurance that the mobile node is in fact addressable at its claimed care-of address as well as at its home address . Only with this assurance is the correspondent node able to accept Binding Updates from the mobile node.

18. Return Routability Flow diagram Mobile Node Home Agent Correspondent Node | | | Home test Init | |-------------------------------  |---------------------------------------  | | Care of test init | |-------------------------------------------------------------------------> | | home test | |<----------------------------------|<------------------------------------ | | Care of Test | |  -------------------------------------------------------------------------|

19. Home Test init Source Address = home address Destination Address = correspondent Parameters: home init cookie

20. Care-of Test Init Source Address = care-of address Destination Address = correspondent Parameters: care-of init cookie

21. Home Test Source Address = correspondent Destination Address = home address Parameters: home init cookie home keygen token home nonce index

22. Care-of Test Source Address = correspondent Destination Address = care-of address Parameters: care-of init cookie care-of keygen token care-of nonce index

23. Binding Message Flow Diagram Mobile Node Correspondent Node | Binding Update | |-----------------------------------------------------------  | | (Seq no. , nonce indices , care of address) | | | | | | Binding ACK | |  ----------------------------------------------------------- | (Seq no. , status)

24. Binding Update Source Address = care-of address Destination Address = correspondent Parameters: home address sequence number home nonce index care-of nonce index First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU)))

25. Binding Acknowledgement Source Address = correspondent Destination Address = care-of address Parameters: sequence number First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BA)))

26. Other Features and Functionality

27. Home Agent Option Used by Mobile Node while away from home, to inform the recipient of the mobile node's home address.

28. Prefix Discovery allows a Mobile Node to get network prefix information about its Home Network Sends a Mobile Prefix Solicitation message to the Home Agent.

29. Dynamic Home Agent Discovery When attached to a Foreign Network, a Mobile Node might not know the address of its Home Agent With DHAAD, Mobile Node only needs a home network prefix configured and it can dynamically find the address of a Home Agent on its home network

30. Returning Home and De-registering Mobile Node determines whether it is attached to its home network based on the network prefix information Deregisters by sending a special Binding Update to its Home Agent

31. Neighbor/Router Discovery Provides IPv6 nodes with a means to discover the presence and link –layer addresses of other nodes Provides methods for discovering routers Detecting when a local node becomes unreachable Resolving duplicate addresses

32. Stateless Autoconfiguration Purpose: Enables nodes to decide how to autoconfigure its interfaces in IPv6 Steps: Generate a link-local address for the interface. Obtain a Router Advertisement which specify the sort of autoconfiguration the host should do.

33. Performance Evaluation Security Threats reduced Uses Source Routing which provides Highly efficient performance and avoids Triangle routing Avoids problems due to Ingress Filtering Has Inbuilt Infrastructure for Mobility Router Discovery and Address auto-configuration makes mobility a much easier task

34. Major Differences from Mobile IPv4 No Foreign Agents Route Optimization is a fundamental part unlike Mobile IPv4 Bi-directional tunneling is part of the core protocol unlike Mobile IPv4 Uses Neighbor Discovery to find Link layer Addresses of neighbors unlike Mobile IPv4 which uses ARP . Hence more robust Contd…

35. Dynamic Home Agent Address Discovery uses anycast addressing and returns a single reply to the mobile node unlike Mobile IPv4 which uses a directed broadcast approach and returns separate replies from each Home Agent Mobile Nodes can obtain Care-of Addresses via Stateless Address Auto-configuration unlike Mobile Ipv4 which uses Agent discovery

36. Vulnerabilities in Mobile IPv6

37. Security – Still a Headache Biggest vulnerability is authorization of Binding Updates Firewalls and Mobile IPv6 do not work well together Number of Problems for securing Neighbor discovery Problem arises when roaming with a dual-stack architecture and interoperating between Mobile IPv4 and Mobile IPv6.

38. Final Words – Mobile Ipv6

39. “ Communications should be much faster,&quot; Deering says. &quot;We also thought it was going to be more secure. But now it doesn't look like it's going to be more secure.&quot;

40. “ Backers of IPv6 have suffered another setback, as security experts punched holes in their planned strategy for supporting mobile IPv6 communications.”

41. “Prime Minister Yoshiro Mori of Japan vouched for IPv6 in front of the Japanese parliament, declaring that by 2006 Japan would have 100 percent deployment in government, education and industry. And in February, the Korean government followed suit by promising to spend $80 billion by 2006 to develop and deploy IPv6.”

42. &quot;The good part is, that the IETF has identified that this is work that needs to be done as soon as possible, and they are nearing their goal”

43. Thank You!