Mobile IPv6 Location Privacy Solutions draft-irtf-mobopts-location-privacy-solutions-01.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
MOBILITY SUPPORT IN IPv6
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.
IPv6 Network Mobility on Ad hoc network for Transportation System Assoc. Prof. Lee Bu Sung, Francis.
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
1 Utilizing Multiple Home Links on Mobile IPv6 Waseda University Hongbo Shi Shigeki Goto
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
Mobile IPv6 Binding Update: Return Routability Procedure Andre Encarnacao and Greg Bayer Stanford University CS 259 Winter 2008 Andre Encarnacao, Greg.
National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC
1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo
1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses
IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.
1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.
Introduction to Mobile IPv6
PMIPv6 Route Optimization Protocol draft-qin-mipshop-pmipro-00.txt Alice Qin Andy Huang Wenson Wu Behcet Sarikaya.
A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,
07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.
Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
+ Solution Overview (LR procedure) The whole sequence for localized routing Local routing capability detection Local routing Initiation LR scope or LR.
Mobile IP 순천향대학교 정보기술공학부 이 상 정 VoIP 특론 순천향대학교 정보기술공학부 이 상 정 2 References  Tutorial: Mobile IP
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.
MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).
Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.
1 Route Optimization and Location Privacy using Tunneling Agents (ROTA) draft-weniger-rota-01 Kilian Weniger, Takashi Aramaki IETF #64, Nov 2005.
IETF70 - Mobopts RG1 On Mobile IPv6 Optimization and Multihoming draft-ng-mobopts-multihoming-00.txt Chan-Wah Ng
Network Mobility (NEMO) Advanced Internet 2004 Fall
Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
IP Address Location Privacy and Mobile IPv6: Problem Statement draft-irtf-mobopts-location-privacy-PS-00.txt Rajeev Koodli.
SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.
Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.
ROUTING MOBILE IP  Motivation  Data transfer  Encapsulation.
MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
RFC 3775 IPv6 Mobility Support
Mobile IP.
Mobile IP and Upper Layer Interaction
Multiple Care-of Address Registration
Support for Flow bindings in MIPv6 and NEMO
Mobility Support in IPv6 (MIPv6)
EA C451 Vishal Gupta.
Introduction to Wireless Networking
draft-jeyatharan-netext-pmip-partial-handoff-02
Network Virtualization
Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IP Neil Tang 11/12/2008 CS440 Computer Networks.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

Mobile IPv6 Location Privacy Solutions draft-irtf-mobopts-location-privacy-solutions-01.txt Ying Qiu, Fan Zhao, Rajeev Koodli

Mobopts, IETF65, Dallas2 Outline Analysis of Location Privacy in MIP6 Hiding Mobile Node's Location Movement Information –Pseudo Home Address –Hiding HoA in Home Binding Update procedure –Hiding HoA in RR procedure –Traffic Packets between MN and CN in RO mode –Hiding CoA via Reverse Tunneling Mode Location Privacy with Unmodified RR Signaling –Route-Optimized Binding Update to CN –Reverse-tunneled Binding Update to CN

Mobopts, IETF65, Dallas3 Analysis of Location Privacy in MIP6 Current MIP6 specification doesn’t consider location privacy Both CoA and HoA are visible to onlookers in the following messages: –Home Binding Update and Acknowledgement –Correspondent Binding Update and Acknowledgement –Prefix Discovery –Data packets between MN and CN in the RO mode HoA is visible in the HoTI/HoT message on the HA-CN path. In RO mode, CoA can’t be hidden from CN. In RT mode, CoA can be hidden from CN and onlooker.

Mobopts, IETF65, Dallas4 Hiding Mobile Node's Location Movement Information (1) Pseudo Home Address –Not to reveal the real Home Address –Use some other field to substitute the real HoA –The field must be communicated securely –The field itself must not become a target of profiling –The field is recovered from the real HoA by the HA and CN Pseudo_HoA = HMAC_SHA1(Kph, Previous Pseudo_HoA)) where, Kph is the symmetric key between MN and HA

Mobopts, IETF65, Dallas5 Hiding Mobile Node's Location Movement Information (2) Hiding HoA in Home Binding Update Procedure(i) BU message: IPv6 header source = CoA destination = HA Destination option header Home Address option (Pseudo_HoA) ESP header in transport mode Mobility header Home Binding Update Alternative CoA option (CoA)

Mobopts, IETF65, Dallas6 Hiding Mobile Node's Location Movement Information (3) Hiding HoA in Home Binding Update Procedure (ii) BA message: IPv6 header source = HA destination = CoA Destination option header Home Address option (Pseudo_HoA) ESP header in transport mode Mobility header Home Binding Acknowledgement

Mobopts, IETF65, Dallas7 Hiding Mobile Node's Location Movement Information (4) Hiding HoA in RO mode (i) HoTI in MN-HA path: IPv6 header source = CoA destination = HA ESP header in tunneling mode IPv6 header source = HoA destination = CN Mobility header HoTI HoTI in HA-CN path: IPv6 header source = HA destination = CN Destination option Pseudo_HoA Mobility header HoTI

Mobopts, IETF65, Dallas8 Hiding Mobile Node's Location Movement Information (4) Hiding HoA in RO mode (ii) HoT in CN-HA path: IPv6 header source = CN destination = HA Destination option Pseudo_HoA Mobility header HoT HoT in HA-MN path: IPv6 header source = HA destination = CoA ESP header in tunneling mode IPv6 header source = CN destination = HoA Mobility header HoT

Mobopts, IETF65, Dallas9 Hiding Mobile Node's Location Movement Information (5) Hiding HoA in RO mode (iii) Correspondent Binding Update: –CoTI/CoT no change –BU message IPv6 header source = CoA destination = CN Destination option E(Kbm, Pseudo_HoA);a) hide the relationship between CoA and Pseudo_HoA b) recoverable by CN Mobility header BU=(Pseudo_HoA, home nonce index,...) –where Kbm = SHA1 (home keygen token | care-of keygen token) ; no change home keygen token = First (64, HMAC_SHA1(Kcn, (Pseudo_HoA | nonce | 0))) care-of keygen token = First (64, HMAC_SHA1(Kcn, (CoA | nonce | 1))); no change

Mobopts, IETF65, Dallas10 Hiding Mobile Node's Location Movement Information (6) Hiding HoA in RO mode (iv) Traffic Packets between MN and CN : –Packets from MN to CN: IPv6 header source = CoA destination = CN Destination option Pseudo_HoA Payload –Packets from CN to MN: IPv6 header source = CN destination = CoA Routing Header Pseudo_HoA Payload

Mobopts, IETF65, Dallas11 Hiding Mobile Node's Location Movement Information (7) Hiding CoA via Reverse Tunneling Mode To hide its CoA from the CN and its HoA from an onlooker, the data packets between MN and CN traffic through HA in reverse tunneling mode. (modified according to Vijay comments) In path MN-HA: IPv6 header source = CoA destination = HA ESP header in tunnel mode IPv6 header source = HoA destination = CN Payload In path HA-CN: IPv6 header source = HoA destination = CN Payload In path CN-HA: IPv6 header source = CN destination = HoA Payload In path HA-MN: IPv6 header source = HA destination = CoA ESP header in tunnel mode IPv6 header source = CN destination = HoA Payload

Mobopts, IETF65, Dallas12 Hiding Mobile Node's Location Movement Information (8) The increment of Sequence Numbers seq#_increment = First(8, HMAC_SHA1(Kbm, home nonce index | care nonce index)); Seq# = previous Seq# + seq#_increment. If seq#_increment = 0, then seq#_increment = 1. If new Seq# > , new Seq# =

Mobopts, IETF65, Dallas13 Location Privacy with Unmodified RR Signaling (1) Brief Idea –both CN and MN derive a shared privacy management key, Kpm, from the keygen tokens achieved in the home address and care-of address test procedures; –afterwards, MN uses Kpm to hide its home address in the Binding Update to CN; –finally CN authenticates the received Binding Update and restores the MN'S home address therein.

Mobopts, IETF65, Dallas14 Location Privacy with Unmodified RR Signaling (2) Route-Optimized Binding Update to CN (1) –make the home address invisible to onlookers by replacing the real HoA with a Pseudo HoA –CN generates after getting HoTI Privacy_Keygen_Token = First (64, Kcn(HoA set to all zeros | nonce | 0)) –MN computes after getting HoT Kpm = SHA1 (Privacy_Keygen_Token | care-of keygen token) and Pseudo_Home_Address = String XOR HoA where, String = First (128, HMAC_SHA1 (Kpm, (CoA | Home Nonce Index | Care-of Nonce Index)))

Mobopts, IETF65, Dallas15 Location Privacy with Unmodified RR Signaling (3) Route-Optimized Binding Update to CN (2) –CN compute Kpm when receives a BU with Pseudo_HoA. –The computation is similar to how it would compute Kbm, except that the Privacy Keygen Token is computed with HoA set to all zeros. –CN computes the String and recovers the HoA with Kpm. –CN compute the home keygen token, the Kbm, and verify the MAC for the Binding Update. –If Binding Update processing is successful, the Pseudo Home Address is considered valid. –CN then stores the nonce indices, and the Kbm itself. –CN sends a normal Binding Acknowledgment to the MN. –The String is computed once by both the MN and the CN, and hence the Pseudo Home Address as computed above remains constant, until one of the address cookies expires or the MN undergoes a handover.

Mobopts, IETF65, Dallas16 Location Privacy with Unmodified RR Signaling (4) Reverse-tunneled Binding Update to CN –MN may send the BU not directly to CN, but via HA IPv6 header source = CoA destination = HA ESP header in tunneling mode IPv6 header source = HoA destination = CN Mobility header BU Alternate Care-of Address option (care-of address) –CN, after getting the BU, computes the Kbm first. –verifies the MAC for the Binding Update –recovers the HoA from the Pseudo HoA, then verifies if it is actually the HoA present in the source IP address.

Q & A Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.