SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy
OUTLINE BACKGROUND CURRENT PROBLEMS IN MOBILE IPV6 SECURITY. ATTACKS THAT EXPLOIT MIPv6 PROPOSED AUTHENTICATION METHODS CURRENT RESEARCH CONCLUSION LIMITATION ACKNOWLEDGMENT REFERENCES
BACKGROUND Mobile IPv6 How Mobile IPv6 work?
Mobile IPv6 It is IPv6 Protocol when supporting Mobility. Mobile IPv6 requires the exchange of additional information: (BU, BA, BR, home address option) and using Extension Header-Destination Option Header.
How Mobile IPv6 Work? 1. Home Agent Registration Mobile node has its static address at home subnet = home of address (HoA) Mobile node usually move from subnet to subnet. When mobile node move to new subnet, it will discover the default router, perform (stateful or stateless) address autoconfiguration, and use its new address as care of address (CoA).
Mobile node perform Home Agent registration by sending BU. BU: is triplet message, which contains home address (HoA), current care of address (CoA), and the lifetime. Home agent accept BU and add this binding to its Binding Cash ( table contain bindings of the nods managed by every IPv6 node), and send BA.
Home Agent (HA) Link A Mobile node (Mn) Link B 1. Home Agent Registration Mobile node after moved to another link get CoA and send BU to a HA on its home link Binding Update(BU) Binding Ack.(BA) Home Agent accepts the BU,add binding to binding cash and return a BA
Home Agent (HA) intercept any packets addressed to the mobile node’s home address. Intercepted packets sent to CoA of mobile node using IPv6 encapsulation. Mobile node sends packets directly to any other destination node. 2. Triangle routing
Home Agent (HA) Mobile node (Mn) Correspondent node (Cn) 2. Triangle Routing Home Agent intercept packets then tunnels them to the current CoA of Mn. Cn in this step can't send packets to Mn directly Mobile node far away from its home link with Ip address = care of address(CoA) packet Tunneled packet packet
3. Route Optimization Dislike Mobile Ip, Mobile IPv6 offer route optimization mechanism. Route optimization provide better bandwidth and faster transmission. Route optimization: mobile node send BU to correspondent node (Cn) ( any mobile or stationary node). Cn cash the current CoA then direct packets to Mn after send BA.
Mobile node (Mn) Correspondent node (Cn) 3. Route Optimization The Mobile Node sends a Binding Updates to Cn The Correspondent Node cash the binding and send BA, then it is ready to send directly packets to Mn Binding Updates packet Binding Ack. (BA)
CURRENT PROBLEMS IN MOBILE IPV6SECURITY CURRENT PROBLEMS IN MOBILE IPV6 SECURITY MIPv6 is internet draft, still no RFC MIPv6 provide route optimization mechanism comparing with MIPv4. Route optimization needs Binding Update (BU) signals to be exchange between Mn- Cn.
MIPV6 propose IPSec for securing BU. IPSec mechanism require pre-shared keys base on PKI concept. No way for two nodes with no pre- relation to have pre-shared key. It is necessary to look for alternative solution.
Return Routability MIPv6 internet draft proposed RR as a basics technique for securing BU signals of Route Optimization, which is between Mn-Cn. RR: Mn initiates RR using (HoTI, CoTI) and then Cn sends challenging packets (HoT, CoT). Cn accepts BU only from the Mn that are able to receive them. BU then secured by using Kbm, which is produced by RR. Kbm = SHA1( home keygen token | care of keygen token)
Home Agent (HA) Mobile node (Mn) Correspondent node (Cn) CoTI CoT H o T I H o T I Return Routability Mechanism HoT
Attack against RR Return Routability not strong enough. The attacker can get both keys (home keygen, care of keygen) and produce Kbm. The attacker eavesdrops two communicating nodes A and B( any type of nodes i.e. Mn, or Cn) and learn their IP addresses. Attacker initiates RR by sending to B (HoTI, CoTI) using its own address as CoA and A’s address as HoA. B sends CoT and HoT as response. And attacker get the keys.
ATTACKS THAT EXPLOIT MIPV6 Attacks that exploit MIPv6 can be classified into three cases: Attacks when BU not authenticated or secured. Attacks when BU authenticated or secured by one mechanism. Attacks when BU secured by more than one mechanism.
Attacks when BU not authenticated or secured If BU not authenticated, attacker can send spoofed BU. There are four ways: Bomb any mobile node with unwanted data. Basic Denial of Service attack. Using HoA to bomb any host with unwanted data. Attack against secrecy and integrity.
Bomb any mobile node with unwanted data By sending spoofed BUs, the attacker can redirect traffic to an arbitrary IP address. The attacker needs to find Cn that is willing to send data streams to unauthenticated node (many popular web sites provide such streams ). If the target is single host, need to know its Ip address If entire network, choose random address with prefix of the network.
Basic Denial of Service attack By sending spoofed BU, the attacker can redirect all packets between two IP hosts to a random or non existence address. The nodes support route optimization. The attacker must know their IP addresses.
Random host or non - exist Attacker MnCn Data Flow before attack Attacker redirect packets to random host Basic denial of service attack
Using HoA to bomb any host with unwanted data The attacker claims to be a mobile node with the HoA equal to the target address. Then attacker send BU cancellation, or wait for entry expire. The attacker can keep stream life by spoofing acknowledgments.
The attacker is mobile with HoA equal to target address Target host Attacker MnCn First step Cn trust attacker After cash entry expire or cancel BU Using HoA to bomb any host with unwanted data.
Attack against secrecy and integrity By spoofing BU, attacker can redirect packets between two IP hosts to itself. Attacker need to know their IP addresses, and the hosts support route optimizations. Strong encryption and integrity protection can prevent this attack, and result in denial of service attack.
Data Flow before attack Attacker redirect packets to itself Da a m o d f e d b y t i i a t t a c k e r Attacker MnCn Attack Against Secrecy and Integrity
Attacks when BU authenticated and secured by one mechanism Reply Attack
Replay Attack The attacker capture the BU of Mn. And replay back after Mn move away. The attacker need to be in the same network of Mn. The Mn move so frequently that it send the next BU before the expiry of the previous BU. Any protocol for authenticating BU will have to consider this attack.
Attacker Mn Mobile node previous location Data Flow before attack Cn Attacker redirect packets to mobile node Previous location Replay Attack
Attacks when BU can be secured by more than one mechanism Bidding Down Attack
This attack applied when there is optional authentication mechanisms exist and RR as default mechanism for authentication. The nodes apply route optimization. The attacker force two hosts or bidding them down from using strong security to use weak security like RR.
Attacker Mn Cn Weak security (RR as default) Attacker bidding down from strong security to weak security Strong security Bidding Down Attack
Amplification and Reflection Attack This attack can exploit Mipv6 in any case Packets sent into a looping path to the target (Amplification). The attacker hide the source of a packet by reflecting the traffic from other node (Reflection). The nodes can be tricked into sending many more packets than they receive from the attacker.
Attacker Mn Many packets Cn Attacker send Cn packet ask Cn to send many packets to Mn i g l p a k e S n e c t Amplification and Reflection Attack
PROPOSED AUTHENITICATION METHODS Cryptographically Generated Address(CGA): is to form the last 64 bits of the IP address(the interface identifier) by hashing the node’s public signature key. BU can then be signed with this key. –Limitations: 64 bits, enable the attacker to mount the brute force attack and find a matching signature key. –Computationally intensive and therefore expose the nodes to DoS attack.
Assuming a Safe Route: make the assumption that the communication between two specific nodes is safe from attackers even though it is not cryptographically protected. Two Independent Route : send two pieces of the authenticated data through two independent routes and hoping that attackers not able to capture both of them. Limitations: single attacker, between Cn and HA can spoof BU, pretend to be both Mn and HA then spoof packets from Mn and HA and send to Cn, then can receive messages sent by Cn to both HA and Mn.
Leap of Faith: Mn sends a session key insecurely to the Cn, at the beginning of the connection, then the key can be used to authenticate subsequent BU. The Role of Ingress Filtering (IF): for limiting the attacker of the local network who spoofed source IP addresses, in the target network IF makes no difference.
CURRENT RESEARCH We are exploring several issues in current research to improve the security of MIPv6 protocol: neighbor discovery security security of IPv6 routing header and home address options. Beside that we study the possibility of adding more cash tables in Cn and Mn and logical comparisons between these cash tables for the purpose of security. The security of Mipv6 will not base on Infrastructure solution. The work in progress.
CONCLUSION The security is the most crucial part of the protocol. With out a proper security solution the protocol has no possibility to be accepted and usable at all. Our current research will explore different issues to propose new acceptable mechanism which not base on intensive computation and not base on PKI concept, in the same time consider all the possible attacks, and ensure that our proposed method will not introduce any new threats for the IPv6.
LIMITATIONS LIMITATIONS Writing of this paper has been a challenging task because the Mobile IPv6 specification is under development at the moment and a lot of changes and new propositions are introduced all the time. Finding the most important ones of them required a lot of reading of different research papers, Internet drafts and mailing list messages, which is made available by IETF.
ACKNOWLEDGMENTS Thanks to IETF and IP working group
REFERENCES Johnson, D., Perkins, C. Arkko, J. Mobility Support in IPv6, draft-ietf- mobileip-ipv6-18, IETF, June Perkins, C., ed. IP Mobility Support. IETF, RFC 2002, October Thomson, S. and Narten, T. IPv6 Stateless Address Autoconfiguration. IETF, RFC 1971, August Narten, T., Nordmark, E., and Simpon, W. Neighbor Discovery for IP Version 6 (IPv6), IETF, RFC 1970, August 1996.
Kent, S. and Atiknson, R. IP Encapsulation Security Payload (ESP), IETF, RFC 2406 November Kent, S. and Atiknson, R. IP Authentication Header (AH), IETF, RFC 2402 November Aura, T., Arkko, J. MIPv6 BU attacks and Defenses, draft-aura-mipv6-bu-attacks-01.txt, IETF, February Greg, O., Mobile Ipv6 for Windows XP (.NET Server) and Windows CE4.0, MSRC Joint with Lancaster University And Ericsson Research.
Montenegro, G. and Nikander, P. Protecting against Bidding Down Attacks. Draft- Montenegro-mipv6sec-bit-method-00.txt, IETF, April Greg, O. and Michael, R. Childproof Authentication for MIPv6 (CAM). ACM Computer Communication Review, 31 (2), April Nikandar, P. and Perkins, C. Binding authentication key establishment protocol for Mobile Ipv6, draft-Perkins-bake-01.txt, IETF Mobile IP Working Group, July 2001.
Thank you