Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.

Slides:

Advertisements

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Advertisements

© Antônio M. Alberti 2011 Host Identification and Location Decoupling: A Comparison of Approaches Bruno Magalhães Martins Antônio Marcos Alberti.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

IPv6 Mobility Support Henrik Petander

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

MIP Extensions: FMIP & HMIP

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

Network Localized Mobility Management using DHCP

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

T Special Course in Data Communication Software Mobility in the Internet Prof. Sasu Tarkoma.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Host Identity Protocol

81st IETF, Quebec Citydraft-bernardos-mext-dmm-pmip-01 A PMIPv6-based solution for Distributed Mobility Management draft-bernardos-mext-dmm-pmip-01 Carlos.

IPv6 Network Mobility on Ad hoc network for Transportation System Assoc. Prof. Lee Bu Sung, Francis.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Hierarchical MIPv6 mobility management (HMIPv6)

National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

Inter-Mobility Support in Controlled 6LoWPAN Networks Zinonos, Z. and Vassiliou, V., GLOBECOM Workshops, 2010 IEEE.

IETF82, TAIWAN Meilian LU, Xiangyang GONG, Wendong WANG

Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)

Subject: Scenarios Designed for the Verification of Mobile IPv6 Enabling Technologies

49th IETF - San Diego - 1 Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt - Thierry Ernst - MOTOROLA Labs Ludovic Bellier.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

Master Thesis Presentation “Simulating mobility in a realistic networking environment” Supervisor : George Polyzos Examiner : George Xylomenos Student.

HIP proxy Patrik Salmela Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Thierry Ernst - MOTOROLA Labs / INRIA Ludovic Bellier - INRIA project PLANETE Claude Castelluccia - INRIA project PLANETE Hong-Yon Lach - MOTOROLA Labs.

1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.

Introduction to Mobile IPv6

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,

Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute.

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Mobile IP 순천향대학교 정보기술공학부 이 상 정 VoIP 특론 순천향대학교 정보기술공학부 이 상 정 2 References  Tutorial: Mobile IP

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

IETF70 - Mobopts RG1 On Mobile IPv6 Optimization and Multihoming draft-ng-mobopts-multihoming-00.txt Chan-Wah Ng

T Special Course in Data Communication Software Mobility in the Internet Prof. Sasu Tarkoma.

Network Mobility (NEMO) Advanced Internet 2004 Fall

HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.

: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.

Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.

1 IPv6 and Mobile IPv6 For Mobile Networks Hesham Soliman Director, Elevate Technologies Octorber 2012.

Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

Communicating Prefix Cost to Mobile Nodes (draft-mccann-dmm-prefixcost-02) IETF 94 Yokohama.

Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.

HIP-Based NAT Traversal in P2P-Environments

RFC 3775 IPv6 Mobility Support

Networking Applications

Zueyong Zhu† and J. William Atwood‡

Support for Flow bindings in MIPv6 and NEMO

2002 IPv6 技術巡迴研討會 IPv6 Mobility

Network Virtualization

Practical Considerations for Securely Deploying Mobility

T Research Seminar on Datacommunications Software

An Update on Multihoming in IPv6 Report on IETF Activity

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2

Outline ● Nodes in the Architecture ● Problem description ● Identifier – locator split in HIP ● Identifier multiplexed locator translation ● Signaling delegation between identifiers ● Conclusions

Nodes in the Architecture Mobile Router (MR) Access Router (AR) Internet Correspondent Node (CN) Mobile network Mobile Node (MN) MR Nested mobile network Rendezvous Server (RS)

Problem Statement ● How to inform peers about MN's new location in a secure and efficient way? ● How to sustain optimal routing? MN MR AR CN ? ● Address Binding Update (BU) ● Challenge-response Test

Related Problems ● Signaling explosion in highly populated networks. ● Suboptimal routing. ● Authorizing MR to signal on behalf of the MN. ● Address assignment inside mobile network.

Identifier - Locator Split in HIP ● A new public-key based Host Identifier (HI) name space ● Sockets bound to HIs, not to IP addresses. ● HIs translated to IP addresses by kernel Process Transport Host Identity IP Layer Link Layer Host ID IP Address Dynamic binding

Advantage of Cryptographic HIs ● Public-key based end-point identifiers (HIs) vs. untrustworthy IP addresses. ● Possible to authorize and delegate signaling rights between HIs in a secure way. ● Possible to use authorization certificates, e.g., SPKI certificates.

HI multiplexed Locator Translation ● MN registers its HI and local unicast address to MR. ● MN learns MR's HI during the registration. ● MR implements HI multiplexed locator translation. MN MR Internet Registration Local unicast address space

Authorizing MR to send BUs ● MR hides the network mobility from MNs. ● MNs authorize MR to send Binding Update messages on behalf of them to CNs. AR CN RS AR BU signaling from MR MN MR MN MR MN-CoA1 MR-CoA1MR-CoA2 Authorization

Delegating Rights to Signaling Proxy ● MR may delegate the signaling rights to a trusted signaling proxy. MN MR Signaling proxy Delegation AR Authorization Internet

Optimizing MR-to-CNs Signaling ● The signaling proxy sends BUs on behalf of the MNs to CNs. AR RS CN BU signaling from Sig. Proxy MN MR MN MR Signaling proxy AR Single BU from MR CoA2CoA1 Internet

Reach-ability Test ● The peer nodes must verify that the MN is in the MR’s location where the signaling proxy claims the MN to be. AR RS CN Challenge-Response MN MR MN MR Signaling proxy AR CoA2CoA1 Internet

Optimizing CNs-to-MR Signaling ● The signaling proxy may hide the regional mobility, acting as an on-the-path Mobility Anchor Point (MAP). AR RS CN MN MR MN MR Signaling proxy & MAP AR Single BU from MR Internet MAP Domain

Many Roles of a Mobile Router ● Access router (AR) ● HI multiplexed locator translation device ● Mobility Anchor Point (MAP) ● Mobility signaling proxy

Conclusions ● The solution is based on the HIP and signaling rights delegation between public-key based HIs. ● Optimized over-the-air mobility signaling inside a mobile network, and between the mobile network and the Internet. ● Optimized routing between MNs and peer nodes.

Thank You! Questions, comments?