Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University.

Slides:



Advertisements
Similar presentations
Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
IP Mobility Support Basic idea of IP mobility management
Mobile IPv4 Courtesy of Scott Midkiff with Virginia Tech Mary Baker with Stanford (Now HP)
Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
ConnectionMigration 818L Network Centric Computing Spring 2002 Ishan Banerjee.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
Session Initiation Protocol (SIP) By: Zhixin Chen.
MOBILITY SUPPORT IN IPv6
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Subnetting.
Mobile IP.
COS 461: Computer Networks
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Internet Protocol Security (IPSec)
NEtwork MObility By: Kristin Belanger. Contents Introduction Introduction Mobile Devices Mobile Devices Objectives Objectives Security Security Solution.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Mobility (and philosophical questions about names and identity) David Andersen CMU CS
Spring Ch 18 IP Addresses. 2 Internet Protocol  Only protocol at Layer 3  Defines Internet addressing Internet packet format Internet routing.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
2002 년 2 학기이동인터넷프로토콜 1 Mobile IP:Overview 년 2 학기이동인터넷프로토콜 2 Mobile IP overview Is Mobile IP an official standard? What problems does Mobile IP solve?
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Intranet, Extranet, Firewall. Intranet and Extranet.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Networking Functions of windows NT Sever
Univ. of TehranComputer Network1 Special Topics on Wireless Ad-hoc Networks University of Tehran Dept. of EE and Computer Engineering By: Dr. Nasser Yazdani.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Mobility in the Internet Part I. 2 Motivation: the changing wireless environment Explosion in wireless services –Some connectivity everywhere –Overlapping,
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
Spring 2000Nitin BahadurDistributed Systems1 Internet Mobility Presented by: Nitin Bahadur.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Lectu re 1 Recap: “Operational” view of Internet r Internet: “network of networks” m Requires sending, receiving of messages r protocols control sending,
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Allocating IP Addressing by Using Dynamic Host Configuration Protocol.
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.
1 Chapter 8: DHCP in IP Configuration Designs Designs That Include DHCP Essential DHCP Design Concepts Configuration Protection in DHCP Designs DHCP Design.
: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.
Lecture 14 Mobile IP. Mobile IP (or MIP) is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
An Introduction To ARP Spoofing & Other Attacks
Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks
Networking Applications
Mobile IP.
Computer Data Security & Privacy
CSE 4340/5349 Mobile Systems Engineering
Network Virtualization
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IP Neil Tang 11/12/2008 CS440 Computer Networks.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

Mobility in the Internet Part II CS 444N, Spring 2002 Instructor: Mary Baker Computer Science Department Stanford University

Spring 2001CS444N2 TRIAD approach Host on network gets temporary local name Host still contactable through home network –Home directory service is like a home agent –Home directory provides a redirect to temporary name If mobile host moves –Relay agents can forward packets for fast handoff –Local relay agents are like foreign agents Still contactable through real name at home network –Must register new address with home service –This is important if MH and CH both move –After how long do you re-contact home base?

Spring 2001CS444N3 TRIAD advantage? +Changes all made at naming level +Implies traffic doesn’t need to flow through home net –But this assumes smart correspondent hosts Ultimately not much difference between TRIAD and mobile IP for mobility (There’s no free lunch.)

Spring 2001CS444N4 TCP-level mobility support Use dynamic DNS for initial name lookup If name changes during a connect, use TCP migrate option If name changes between DNS lookup and TCP connection, then do another DNS lookup

Spring 2001CS444N5 TCP-level advantages and disadvantages +No tunneling +No need to modify IP layer +Possibly more input from applications -Requires secure dynamic DNS -Scalability issue not entirely dismissable -What if both endpoints are mobile? -Need to modify multiple transport layers -More transport-level changes required than IP-level additions -Security issues more severe (1 st paragraph of Section 5 is false) -Requires application-level changes for DNS retries

Spring 2001CS444N6 Overall TCP-level questions Are IP address changes a routing responsibility or an application responsibility? Is this really end-to-end? With dynamic DNS requirements, application-level changes, and TCP changes, why not just do DNS retry every time a connection fails?

Spring 2001CS444N7 What do you need for mobile routing? A way to translate from name to location –Through a name service like DNS? Inform name service whenever you move Reverse name lookups may even work Lots of updates for a global name service –Through a “home base” like Mobile IP and TRIAD? “Home agent” that knows where you are Packets may take a longer route or else you need mobile-aware correspondent hosts

Spring 2001CS444N8 What do you need for fast handoffs? Local agents? –Until they lead to long forwarding chains –Should still notify name service or home base Mobile-aware correspondent hosts? –Maintain bindings of names with real locations? –Mobile host or foreign agents may update this information –Communicate change directly to non-mobile end-point –A problem if both endpoints are mobile –May ultimately have to contact name service or home base again How do you know when to do that –After how many packets? –Continuous use of home base solves this problem at expense of slower paths

Spring 2001CS444N9 Providing networks for visitors The flip side of mobility Several questions: –For small or medium-sized institutions, who will create and maintain special visitor networks? –Can we instead leverage our own existing networks? But do you trust visitors to use your own network? Solution requirements: –Enough security to make system administrators content –Ease of use and deployability No special hardware or software on mobile hosts No special hardware in network

Spring 2001CS444N10 Our visitor network solution Subnet(s) of existing net dedicated to visitors Inverse firewall (a “prison-wall”) –Visitor packets can’t get out unless authenticated –Life inside the subnet may be harsh Only requires browser with secure socket layer

Spring 2001CS444N11 SPINACH illustration

Spring 2001CS444N12 SPINACH vulnerabilities Window of vulnerability: –One user leaves system before lease times out –Another user spoofs previous user’s IP/MAC address information Solutions: –Can be fixed with network hardware –May be reduced with “pings” from router to hosts –May be reduced with shorter leases –But users like longer leases Better solution might be PANS [Miu & Bahl, USITS 2001]

Spring 2001CS444N13 PANS Protocol for Authorization and Negotiation of Services Client can download necessary software from local agent Client and “gateway” negotiate session key Packets tagged with this key to prevent unauthorized traffic Overhead of packet tagging doesn’t seem too severe

Spring 2001CS444N14 SPINACH lessons learned Security is a spectrum with parameters –Airtight/awkward …….. Weak protection/easy to use –We aim for the middle in this case –With further facilities (software download, etc), ease of use migrates towards more secure solutions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.