Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Slides:



Advertisements
Similar presentations
Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Advertisements

Security Issues In Mobile IP
Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.
Internet Protocol Security (IP Sec)
Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Internet Key Exchange. IPSec – Reminder SPI SA1 2 3 …… SAD.
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
Mobile IP.
Host Identity Protocol
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
CSCE 715: Network Systems Security
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.
Introduction to Mobile IPv6
MOBILITY Beyond Third Generation Cellular Feb
IETF WG Presentation1. IETF WG Presentation2 General Description This group develops or adopts architectures and protocols to support mobility inside.
Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
Mobile IP 순천향대학교 전산학과 문종식
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy.
SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on
Lecture 14 Mobile IP. Mobile IP (or MIP) is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile.
Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.
MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.
Chapter 5 Network Security Protocols in Practice Part I
DMET 602: Networks and Media Lab
Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks
IP for Mobile hosts.
Network Virtualization
DMET 602: Networks and Media Lab
Mobility Support in Wireless LAN
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University

Mobility and location privacy Capability of preventing others from learning ones location Your location might be leaked out to others… Correspondents Eavesdroppers Alice is now connecting from that colleges network. Alice (Mobile Node) Bob (Correspondent Node) Eve This person in my network is probably Alice!

Alice (Mobile Node) Desired conditions Anonymity against eavesdroppers They cannot identify the sender and the receiver of packets. Both end-points can authenticate each other, but they dont know about exact location. This is surely from Alice, though I dont know where she is. Bob Eve Who the hell is this???

Case study: Mobile IP Home Address is the identifier. Care-of Address is the locator. Correspon dent Node Mobile Node Home Agent Mobile Node MNs Home Network Never knows MNs location Always knows MNs location

Case study: Mobile IP (Route Optimization) CN, HA, and eavesdroppers on the path can trace the MNs location simply looking at IP headers. Correspon dent Node Mobile Node Home Agent Mobile Node MNs Home Network

It is difficult to design a protocol so that ANY node doesnt know the MNs location. Including trusted nodes such as Home Agent Its trade-off between privacy and performance. In some case, privacy may be more important than performance.

Related Works HIP and BLIND Problem Statement What is to be solved Our Proposal Protocol Design Conclusion

ID/locator separation Host Identity is a public key pair Host Identity Tag (HIT) is the identifier 128-bit hash of Host identity Base Exchange 2 round trip key exchange Exchange public keys for authentication Establish SAs (IPsec ESP)

Rendezvous Mechanism HIT & IP address stored in a Rendezvous Server (RVS) MNs IP address is kept up to date The first (I1) packet is forwarded Then, end-points start to communicate directly RVS A A B B Registration / Location Update To: HIT of B IP of RVS

MN sends UPDATE messages to CN and RVS on roaming. Sessions in upper layers are kept A A B B A A UPDATE RVS UPDATE

Complete identity protection Only end-points can recognize the IDs in packets. Eavesdroppers cant identify them. A A B B HIT(A) HIT(B) ???

src/dst IDs are Blinded HIT with nonce N BHIT= hash(N || HIT) Nonce is randomly generated in each session Extended Base Exchange A variation of Diffie-Hellman A A B B HIT(A) HIT(B) BHIT(A) BHIT(B)

Initiator Responder I1: BHIT[I] BHIT[R], Nonce BHIT[I] = hash(Nonce || HIT[I]) BHIT[R] = hash(Nonce || HIT[R]) Determines HIT[R] by trying all own HITs. R1: BHIT[R] BHIT[I], DH[R] Generates the Key by DH Encrypt HI[I] with the Key Generates the Key by DH Encrypt HI[I] with the Key I2: BHIT[I] BHIT[R], DH[I], { HI[I] } R2: BHIT[R] BHIT[I], { HI[R] } Generates the Key by DH Decrypt HI[I] with the Key Encrypt HI[R] with the Key Generates the Key by DH Decrypt HI[I] with the Key Encrypt HI[R] with the Key

Location privacy for the BLIND Forwarding Agent (FA) SPINAT FA conceals MNs location from CN FA doesnt know both IDs. A A B B FA HIP communication Not know As IDNot know As address

Goal To achieve both Mobility and Location Privacy Approach The protocol is based on BLIND Good identity protection Introduce mobility into BLIND

To realize mobility with BLIND Rendezvous mechanism dealing with blinded HIT Movement transparency support

Problems are: RVS cannot resolve blinded HIT. Raw HITs should be concealed.

HIP-in-HIP tunneling Establish SAs with RVS with BLIND, then securely send a packet with raw HITs as a HIP option. The raw HIT info is deleted at RVS on forwarding. A A B B F F RVS Blinded Channel BHIT[B]+HIT[B] BHIT[B]

Mobility support by Forwarding Agents Use a temporary HIT for FA registration Intra-FA handover MN sends update message only to FA. MN is identified by the temporary HIT This roaming is traced by FA and nodes in MN-FA. A A B B F F A A

Inter-FA handover The MN registers to another FA with a new temporary HIT after roaming. All identifiers are changed at once. Theres possibly packet loss. Expects retransmission in upper layers A A F2 AHIT(A) IP(A) THIT(A) IP(A) SPI B B IP(A) THIT(A) F1 THIT(A) IP(A) SPI RVS update

Single Points of Failure There may be some extensions for robustness. Forwarding Agents Multiplexing Rendezvous Server DHT-based

Collusion If CN and FA collude, MNs ID and location can be combined. When some incident happens, police can inspect MNs location.

Implementation and evaluation is ongoing.

We proposed the Mobile BLIND Framework Achievement Anonymity for eavesdroppers Conceal location from correspondents Movement Transparency Extensions to BLIND Blind Rendezvous Mechanism Mobility support by extended Forwarding Agents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.