Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

Secure Mobile IP Communication

Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

IPv6 Mobility Support Henrik Petander

INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

MIP Extensions: FMIP & HMIP

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

MOBILE NETWORK LAYER Mobile IP.

資管 Lee Lesson 12 IPv6 Mobility. 資管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一黃明祥.

1 Mobile IP Myungchul Kim Tel:

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

MOBILITY SUPPORT IN IPv6

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP Seamless connectivity for mobile computers.

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China

IPv6 Mobility Milo Liu SW2 R&D ZyXEL Communications, Inc.

National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.

Mobile IPv6 in 6NET: An Overview Chris Edwards, Lancaster University, UK.

Understanding IPv6 Slide: 1 Lesson 12 IPv6 Mobility.

Introduction to Mobile IPv6

Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Mobile IP 순천향대학교 정보기술공학부 이 상 정 VoIP 특론 순천향대학교 정보기술공학부 이 상 정 2 References  Tutorial: Mobile IP

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Network Mobility (NEMO) Advanced Internet 2004 Fall

Mobile IP 순천향대학교 전산학과 문종식

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

Introduction Wireless devices offering IP connectivity

RFC 3775 IPv6 Mobility Support

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Mobility Support in IPv6 (MIPv6)

2002 IPv6 技術巡迴研討會 IPv6 Mobility

Unit 3 Mobile IP Network Layer

Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.

Mobility Support in Wireless LAN

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University

Contents Mobile IPv6 Introduction Mobile IPv6 Introduction Mobile IPv6 Operation and Examples Mobile IPv6 Operation and Examples Mobile IPv6 Security and Privacy Mobile IPv6 Security and Privacy Technical Challenges Technical Challenges Summary Summary

MIPv6 Introduction Routing protocol for mobile IPv6 hosts Routing protocol for mobile IPv6 hosts –Transparent to upper layer protocols and applications Uncommon protocol architecture… Uncommon protocol architecture… –Avoids actively involving routers! –Protocol state held in end-hosts Mobile nodes Mobile nodes Correspondent nodes Correspondent nodes –One exception… the Home Agent

MIPv6 Operation Mobile Nodes Acquire Mobile Nodes Acquire –Home address –Home agent When away from home When away from home –Acquire care-of address –Register care-of address with home agent and any relevant correspondent nodes… –Mobile IPv6 ensures correct routing

MIPv6 Bindings Cache Maintains a mapping between the mobile nodes home address and its current care-of address Maintains a mapping between the mobile nodes home address and its current care-of address Held by home agents and correspondent nodes Held by home agents and correspondent nodes Provides info to allow correct routing of IPv6 packets to mobile node via IPv6 routing header… Provides info to allow correct routing of IPv6 packets to mobile node via IPv6 routing header… Provides a de-coupling between an IPv6 address and routing information Provides a de-coupling between an IPv6 address and routing information

Mobile IPv6 Example Mobile Node on home network IPv6 Data Home Address 2001:630:80:7000::1

Mobile IPv6 Example Mobile Node on foreign network Home Agent IPv6 Data Binding Update Router Advertisement Router Solicitation IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1

Mobile IPv6 Example Route Optimisation Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

Mobile IPv6 Example Okay, but what if we move again? Okay, but what if we move again? Two cases Two cases –Move from one foreign network to another –Return home… Need to send more binding updates… Need to send more binding updates…

Mobile IPv6 Example Optimised MN-CN session Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

Mobile IPv6 Example MN moves again! Stale Bindings Cache Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Router Advertisement Router Solicitation Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache

How to update CN? Bindings cache entry out of date… Bindings cache entry out of date… Solution Solution –Maintain a list of active correspondent nodes in mobile node. –Generated when a tunnelled packet received from home agent –Known as the binding update list

Mobile IPv6 Example MN maintains BU list Home Agent IPv6 Data Binding Update IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1 CNs IPv6 Address Binding Update List CN

Mobile IPv6 Example Optimised Route Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1 CNs IPv6 Address Binding Update List CN

Mobile IPv6 Example MN uses its BU list Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Router Advertisement Router Solicitation Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CNs IPv6 Address Binding Update List Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CN

Mobile IPv6 Example Optimised Route Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CNs IPv6 Address Binding Update List CN

What address do we use? When away from home what address does a mobile node use as its source address? When away from home what address does a mobile node use as its source address?

Its Home Address? But ingress filtering? But ingress filtering? –Implemented by many border routers to avoid spoofing attacks. –Any packets received by a router on an interface which do not match the source address of that packet are discarded. Cant source from home address, as its prefix doesnt match current location… Cant source from home address, as its prefix doesnt match current location…

Its Care-Of Address? But what about TCP? But what about TCP? –TCP uses the IP(v6) source address as an index –Without a device using a consistent IPv6 address, the TCP connection would break… Cant source from care-of address, for reasons of protocol stability… Cant source from care-of address, for reasons of protocol stability… The solution? The solution?

Source from BOTH… New IPv6 destination option New IPv6 destination option The Home Address Option The Home Address Option Included in EVERY outgoing packet Included in EVERY outgoing packet Understood by all correspondent nodes Understood by all correspondent nodes Home address replaces source address on reception by destination (correspondent node) Home address replaces source address on reception by destination (correspondent node) IPv6 packets IPv6 packets sourced from care-of address sourced from care-of address Contain home address as an option Contain home address as an option

What about network errors? Mobile IPv6 bindings are soft state Mobile IPv6 bindings are soft state –Refreshed periodically –Contain sequence numbers –Can be ackd- binding acknowledgements –Binding Updates and Acks are retransmitted (rate limited) until the protocol converges

What Format are the Control Messages? New IPv6 extension header Mobility Header New IPv6 extension header Mobility Header –Binding Updates –Return Routability –BU, BA, CoTi, CoT, HoTi, HoT Home Address option is carried in an IPv6 destination option Home Address option is carried in an IPv6 destination option –Not reliant on higher level protocols –Multiple messages per IP packet –Messages can append existing packets –E.g. TCP connection requests…

Security and Privacy Authentication Authentication –Massive security / denial of service attack in MIPv6 as described so far. –Whats to stop an attacker sending bogus Binding Update messages? –IPSec protects signalling between mobile node and its home agent –Return Routability test allows correspondent nodes to determine binding updates are authentic Privacy Privacy –IPSec between the mobile node and its home agent is control traffic only!

Mobile IPv6 Example MiTM attack! Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1 Care-of Address: dead:dead:dead::1 2001:630:80:7000::1 dead:dead:dead::1 Bindings Cache Binding Update

Return Routability… …or Route Equivalence. …or Route Equivalence. Argument: Argument: All that really matters is that the optimized route is functionally equivalent to a non- optimized route

Return Routability Home Agent implicitly trusted Home Agent implicitly trusted –Assumed it is hosted on secure site –Assumed that IPsec is used between mobile host and its home agent. Dynamic key distribution for use with correspondent nodes. Dynamic key distribution for use with correspondent nodes. Uses cookies to build session keys… Uses cookies to build session keys…

HoT Cookie Return Routability Home Agent IPv6 Data CoTi Message IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1 CoT Cookie HoT Cookie + CoT Cookie = Session Key Binding Update + Session Key HoTi Message HoTi message

Mobile IPv6 Example Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

Technical Challenges Things to think about if you wish to deploy MIPv6 services Bootstrapping Bootstrapping Security and Privacy Security and Privacy AAA AAA Handover Latencies Handover Latencies Firewalls and NATs Firewalls and NATs IPv4 / IPv6 co-existence IPv4 / IPv6 co-existence

Bootstrapping How does the MN discover... How does the MN discover... –its Home Address? static home address assignment is really the only home address configuration technique compatible with the current specification static home address assignment is really the only home address configuration technique compatible with the current specification dynamic assignment is more desirable dynamic assignment is more desirable –its Home Agent? –the SA with its Home Agent?

Security and Privacy RR gives some protection as described RR gives some protection as described RFC 4285 alternative authentication between MN and HA RFC 4285 alternative authentication between MN and HA –negates the need to have IPSec SA Privacy between MN and CN Privacy between MN and CN Location privacy concerns Location privacy concerns

AAA 2 different types 2 different types mobility service provider (home network) mobility service provider (home network) network service provider (at foreign network) network service provider (at foreign network) AAA for MSP needs to be integrated with MIPv6 AAA for MSP needs to be integrated with MIPv6 –has implications for bootstrapping procedure for bootsrapping away from home needs to be defined procedure for bootsrapping away from home needs to be defined AAA for foreign networks can be transparent to MIPv6 AAA for foreign networks can be transparent to MIPv6 Or integrate both types? Or integrate both types?

Handover Latencies HO times in the order of seconds! HO times in the order of seconds! –no good for real-time services Fast Handovers for MIPv6 (RFC 4068) Fast Handovers for MIPv6 (RFC 4068) –Enables MN to pre-configure new address before moving –Requires cooperation between previous and next access routers Hierarchical Mobile IPv6 (RFC 4140) Hierarchical Mobile IPv6 (RFC 4140) –Uses a Mobility Anchor Point to reduce HO times when roaming within same foreign network

NATs and Firewalls The Care of Address MUST be global! The Care of Address MUST be global! –thus obtaining a private address behind a NAT is problematic Firewalls will block BUs until user has been authenticated Firewalls will block BUs until user has been authenticated Stateful Firewall at CN site may block traffic from MN Stateful Firewall at CN site may block traffic from MN –new CoA not recognised

IPv4 / IPv6 Coexistence How does MIPv6 work with transition mechanisms? How does MIPv6 work with transition mechanisms? –Provided MN obtains a globally routable CoA things should work What about IPv4 only networks? What about IPv4 only networks? –Possibilities: CN is in an IPv4 only network CN is in an IPv4 only network HA is in an IPv4 only network HA is in an IPv4 only network MN moves into an IPv4 only network MN moves into an IPv4 only network

Other Issues DHCPv6 vs SLAAC DHCPv6 vs SLAAC –SLAAC faster can even fine tune RA intervals can even fine tune RA intervals –DHCPv6 gives more control SSIDs should be broadcasted SSIDs should be broadcasted –how else can MN seamlessly associate with new AP? –any manual intervention affects HO times! The CN problem! The CN problem! –not mandated in IPv6 stacks! –thus non-optimised routing

Summary MIPv6 allows IPv6 hosts to be mobile without breaking applications MIPv6 allows IPv6 hosts to be mobile without breaking applications Mobile Nodes can perform RO to avoid triangular routing problem Mobile Nodes can perform RO to avoid triangular routing problem RR test provides protection against 3 rd party attacks RR test provides protection against 3 rd party attacks Handover latencies do not support real-time services (yet) Handover latencies do not support real-time services (yet) Further problems to be solved! Further problems to be solved!

Questions?