1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014
2 Why Mobility Protocols Satellites with IP- enabled devices capture videos, images and send them to control centers on earth Need to maintain continuous connectivity with remote computer Mobility protocols are required to ensure session continuity
3 Employs mechanism similar to postal service mail forwarding Problems: Inefficient routing High handover latency Packet loss IETF Solution to IP Mobility: Mobile IP Home Network Home Agent Foreign Agent Visiting Network Correspondent Node (CN) Location Update Packets from CN to MH Internet Encapsulated Packets Decapsulated Packets Home Address Acquires CoA
4 Network Mobility (NEMO) A collection of nodes moving as a unit (Example: airplanes, trains, ships) Mobility can be managed in an aggregated way in NEMO Mobile Router acts as default gateway and manages mobility on behalf of mobile network nodes HA
5 NEMO Architecture Data path Inside NEMO MR: Mobile Router LFN: Local Fixed Node LMN: Local Mobile node VMN: Visiting Mobile Node Problems: Routing through HA Heavy load on HA Drop in throughput during handover NEMO
6 SIGMA Transport layer solution proposed by the researchers at the TNRL lab Exploits IP-diversity (having multiple IP addresses) of a mobile host Benefits: Establishes a new connection before disconnecting the old one Decouples location management from data transmission Less handover delay and packet loss, Optimal routing between MH-CN CN Location Manager
7 SINEMO SIGMA-based seamless mobility solution for mobile networks Exploits IP-diversity of the MR The MR maintains a translation table for all the mobile network nodes MNN’s private IPs do not change Default gateway
8 Hierarchical Mobility Protocols: HMIPv6 For high mobility of nodes, frequent location updates for HA Bandwidth wastage Overhead for HA Hierarchical Mobile IPv6 attempts to reduce signaling by introducing new Mobility agent: MAP Local HA
9 Network-based Mobility Protocols
10 Employs mechanism similar to postal service mail forwarding Problems: MH must send updates to HA CoA changes in every handoff High handover latency Packet loss Terminal-based Mobility Protocol: Mobile IP Home Network Home Agent Foreign Agent Visiting Network Correspondent Node (CN) Location Update Packets from CN to MH Internet Encapsulated Packets Decapsulated Packets Home Address Acquires CoA
11 Problems of Terminal-based Mobility Protocols Problems: Requires low-end mobile devices to perform all kinds of mobility signaling to maintain connectivity New CoA after each handoff, so the cache entry needs to be changed Wireless bandwidth wastage due to mobility signaling High handover latency Sub-optimal routing and tunneling Solution: Network-based Mobility Management Network takes care of all the mobility signaling Network entities are responsible to track the mobile device Network entities send required signaling messages on behalf the mobile devices
12 Proxy Mobile IP: Network-based Mobility Management Local Mobility Anchor Local HA for the MH in a PMIPv6 domain All traffic destined to are routed through LMA Mobility Anchor Gateway Access router that tracks MH’s movement in its access link Informs the LMA through Proxy BU Local Home Agent PMIPv6 domain Access Router that detects node mobility
13 PMIPv6 Operation Router Solicitation AAA procedure Binding Cache entry for MH Proxy BU Proxy BA PMIPv6 domain
14 Proxy Mobile IP Signaling AAA : Authentication, Authorization and Accounting BCE: Binding Cache Entry PBU: Proxy Binding Update PBA: Proxy Binding Ack
15 Benefits of Network-based Mobility Management Battery power saving No modification in end devices Unique IP address in the whole LMA-domain Movement detection by the network Reduced signaling in the wireless access network Low handover latency Efficient tunneling Less signaling in each handoff No Duplicate Address Detection (DAD) in each handoff No return routability
16 Security Issues of Mobility Protocols
17 After moving to new location, MH informs CN about its location though binding update Improved performance Route optimization in Mobile IPv6 Home Network Home Agent Visiting Network Correspondent Node Location Update Internet Optimized route without any encapsulation Binding update to CN
18 Major Security Threats Man-in-the-middle attack Traffic redirection attack Bombing Attack Replay Attack Home Agent poisoning Blocking legitimate BU Resource exhaustion Forcing sub-optimal route Exploitation of routing headers
19 Traffic Redirection Attack Correspondent Node MH Attacker Node B Spoofed binding update (MH’s ID, Node B’s IP) Ongoing communication Binding Ack accepted by CN Redirected Traffic Home Agent
20 Man-in-the-middle (MITM) Attack Correspondent Node Home Agent MH Spoofed binding update (MH’s ID, Attacker’s IP) Ongoing Communication Binding Ack accepted by CN TrafficRedirected to the Attacker Attacker learns and modify packets Modified packets received
21 Bombing Attack Streaming server MH Spoofed binding update involving MH’s address Unwanted streaming data Connection Setup with server
22 Replay Attack CN Subnet A MH sends BU from subnet A Subnet B Recorded BU replayed to CN CN sends packets to MH’s previous location ???? Moving to subnet B MH sends BU from Subnet B Home Agent Attacker records BU for future attack
23 Reflection Attack Correspondent Node Home Agent MH receives every packet sent by the attacker twice False initial message
24 Home Agent Poisoning Spoofed BU Binding ACK Query for MH Location information corrupted Reply (Wrong IP)
25 Resource Depletion Memory and transmission power wasted Subnet A Subnet B Attacker establishes many connections with fake IPs MH sends BUs to all those fake hosts Home Agent
26 Exploitation of Routing Header Attack traffic sent to node B with a Routing Header (RH) Node B overwrites destination field with RH Traffic is then sent to victim node Difficult to find source of attack
27 Exploitation of HoA Option Attack traffic to V Node V replaces source IP with HoA field (B) It appears to be an attack from Node B
28 Defense Mechanisms
29 Defense Mechanisms Goals Simple enough to be implemented in mobile devices Requiring low processing power Low latency solutions Infrastructure-less approach: No such global infrasturcture Existing defense mechanisms for Mobile IPv6 IP Security protocol Internet Key Exchange (IKE)-based schemes Return Routability protocol Protection for routing headers Other general measures
30 IP Security Protocols A suite of protocols to provide security in IP networks Authentication Header (AH) protocol Encapsulating Security Payload (ESP) protocol In IPsec, a preconfigured Security Associations (SA) is established between MH and HA / CN to choose security parameters / algorithms Advantage: Very strong authentication Difficult to break Limitations: High CPU requirement Does not protect against misbehaving MH
31 IPsec: Authentication Header (AH) protocol AH guarantees data origin authentication of IP packets Use of such AH ensures that any attacker cannot deceive HA or CN with spoofed BU As a result, traffic redirection attacks can be avoided Limitations: Cannot ensure data confidentiality
32 IPsec: AH Operation Correspondent Node Home Agent Security Association Securing BU with AH
33 IPSec: Encapsulating Security Payload (ESP) protocol ESP protocol can ensure data confidentiality in addition to authentication ESP ensures privacy of data by encryption An encryption algorithm combines data in the datagram with a key to transform it into an encrypted form
34 IPsec: Securing Data using ESP Correspondent Node Home Agent Security Association Securing BU with ESP Securing data from inconsistency
35 IKE-based Schemes Commonly used for mutual authentication and establishing and maintaining security associations for IPSec protocol suite Ensures confidentiality, data integrity, access control, and data source authentication IKE helps to dynamically exchange the secret key that is used as the input to the cryptographic algorithms Limitations: Require existence of a certification authority Very complex and power consuming operations
36 Return Routability Protocol Proposed to secure binding updates between CN-MH A node sending a binding update must prove its right to redirect the traffic RR messages are exchanged among MH, CN and HA before binding updates are sent
37 Message Exchange in RR protocol MH initiates RR by sending HoTI and CoTI msg to the CN The CN then sends corresponding challenge packets (HoT and CoT) destined to MH If successful, CN accepts BU from MH Advantages Infrastructure-less Low CPU required Limitations Weak authentication Does not protect against attackers on the path between HA and CN HoTI CoTI HoT CoT
38 Protection against Routing Header (RH) issues To protect misuse of routing headers, following restrictions are applied while processing RH: Only one RH per packet All IPv6 nodes must verify that the address contained within RH is the node’s own HoA The IP address must be a unicast routable address since it is the MH’s HoA A node must drop the packet if any of these are NOT met
39 Other possible approaches Keeping nodes stateless: To avoid resource exhaustion Keeping short lifetime for binding entry: To avoid replay attack Use of Cryptographically Generated Address: To avoid redirection / MTIM attacks
40 Comparison among the Schemes Defense Mechanisms Protection fromBenefitsLimitations IPsec and IKEAttack on BU between MH-HA Strong authentication, data confidentiality High CPU overhead, assumes trust relationship Return routability Attack on BU between MH-CN Infra-structureless, Less CPU requirement Weak authentication Keeping nodes stateless Resource exhaustion attack Helps in avoiding DoS attacks May introduce delay for legitimate BU Short lifetime of BU Replay attack, HA poisoning Ensures up-to-date entry in binding cache Frequent refreshing updates wastes bandwidth Use of CGABombing attack, MTIM, traffic redirection Hard to target a nodeHigher complexity, higher CPU
41 Thank You