A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,

Slides:

Advertisements

Similar presentations

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Advertisements

Security Issues In Mobile IP

Secure Mobile IP Communication

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Handover Management for Mobile Nodes in IPv6 Networks Nicolas Montavont and Thomas Noël, IEEE Communications Magazine, August 2002 Speaker:

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

MIP Extensions: FMIP & HMIP

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

MOBILE NETWORK LAYER Mobile IP.

MobiCom 2003 Robert Hsieh and Aruna Seneviratne

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.

Mobile IP Seamless connectivity for mobile computers.

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

Hierarchical MIPv6 mobility management (HMIPv6)

Authors: Ing-Ray Chen Weiping He Baoshan Gu Presenters: Yao Zheng.

Mobile IPv6 Binding Update: Return Routability Procedure Andre Encarnacao and Greg Bayer Stanford University CS 259 Winter 2008 Andre Encarnacao, Greg.

National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.

Inter-Mobility Support in Controlled 6LoWPAN Networks Zinonos, Z. and Vassiliou, V., GLOBECOM Workshops, 2010 IEEE.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

49th IETF - San Diego - 1 Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt - Thierry Ernst - MOTOROLA Labs Ludovic Bellier.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015.

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

Master Thesis Presentation “Simulating mobility in a realistic networking environment” Supervisor : George Polyzos Examiner : George Xylomenos Student.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute.

07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Design and Analysis of Optimal Multi-Level Hierarchical Mobile IPv6 Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Lightweight Key Establishment & Management Protocol (KEMP) in Dynamic Sensor Networks Update draft-qiu-roll-kemp-01 Ying QIU, Jianying ZHOU, Feng BAO.

1 Route Optimization and Location Privacy using Tunneling Agents (ROTA) draft-weniger-rota-01 Kilian Weniger, Takashi Aramaki IETF #64, Nov 2005.

IETF70 - Mobopts RG1 On Mobile IPv6 Optimization and Multihoming draft-ng-mobopts-multihoming-00.txt Chan-Wah Ng

Network Mobility (NEMO) Advanced Internet 2004 Fall

DMAP: integrated mobility and service management in mobile IPv6 systems Authors: Ing-Ray Chen Weiping He Baoshan Gu Presenters: Chia-Shen Lee Xiaochen.

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

Improvement of Return Routability Protocol draft-qiu-mip6-RR-improvement-00.txt Institute for Infocomm Research Singapore.

SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.

Service Flows Distribution and Handoff Technique based on MIPv6 draft-liu-dmm-flows-distribution-and-handoff-00

1 IPv6 and Mobile IPv6 For Mobile Networks Hesham Soliman Director, Elevate Technologies Octorber 2012.

Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.

Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.

Mobile IPv6 Location Privacy Solutions draft-irtf-mobopts-location-privacy-solutions-01.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

Secure Proxy ND Support for SEND draft-krishnan-csi-proxy-send-00

Route Optimization of Mobile IP over IPv4

Multiple Care-of Address Registration

Support for Flow bindings in MIPv6 and NEMO

2002 IPv6 技術巡迴研討會 IPv6 Mobility

Mobility Support in Wireless LAN

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research, Singapore

Why need security between MN and MAP? When CN sends packets to MN's RCoA, MAP intercepts the packets and forwards them to MN's LCoA. Redirect Attacks: if BU message from MN to MAP is not authenticated when MN changes its AR, an attacker can redirect traffic from MAP to fake destinations. Only the authorized users can use the MAP HA: Home Agent CN: Correspondent Node MAP: Mobility Anchor Point AR: Access Router MN: Mobile Node movement MAP’s Domain

How to Provide MN-MAP Security? Authentication-only Mode In this mode, a MAP only needs to ensure that the same MN is sending the BUs to the MAP. It is not necessary for the MN to prove that it is authorized to use a MAP to manage its mobility. BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i long term messages short term messages Cookie0 = {Src=LCoA, Des= MAP, Opt=HoA, C0} Cookie1 = {Src=MAP, Des=LCoA, Opt=HoA, C0, C1, N1}. BU 1 = {Src=LCoA, Des=MAP, Opt=HoA, C0, C1, N1, N2, TS, SIG MN, Cert MN }, SIG MN = Sig(SK MN, LCoA|HoA|MAP|N1|N2|TS). BA 1 = {Src=MAP, Des=LCoA, Opt=HoA, RCoA, C0, C1, N1, N2}, BU i = {Src=LCoA, Des=MAP, Opt=HoA, old_LCoA, TS, SIG MN_i } SIG MN_i = Sig(SK MN, LCoA|MAP|HoA|old_LCoA|TS). BA i = {Src=MAP, Des=LCoA, Opt=HoA}

How to Provide MN-MAP Security? Authentication & Authorization Mode In this mode, the MAP and the MN need to know that the other end is "trusted". The MAP also needs to know if the MN is authorized for using it. All 3 parties need certificates; MN’s is issued by its HA Both MAP and HA only need to store a few trusted CAs’ public keys. Similar to SSL, no global PKI is need here. BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i long term messages short term messages HA Req_cert Rep_cert

How to Provide MN-MAP Security? Authentication & Authorization Mode BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i HA Req_cert Rep_cert BU 1 = {Src=LCoA, Des=MAP, Opt=HoA, C0, C1, N1, N2, TS, g x, SIG MN, Cert MN }, SIG MN = Sig(SK MN, LCoA|HoA|MAP|g x |N1|N2|TS) Cert MN = {HoA, PK MN, Valid_Iinterval, SIG HA } Req_Cert = {Src=MAP, Des=HA, request_cert} Rep_Cert = {Src=HA, Des=MAP, Cert HA } BA 1 = {Src=MAP, Des=LCoA, Opt=HoA, RCoA, C0, C1, g y, SIG MAP, Cert MAP } SIG MAP = Sig(SK MAP, LCoA|HoA|MAP|g y |BU 1 ) Cert MAP = {MAP, PK MAP, Valid_Iinterval, SIG CA } BU i = {Src=LCoA, Des=MAP, Opt=HoA, old_LCoA, TS, SIG MN_i } BA i = {Src=MAP, Des=LCoA, Opt=HoA, SIG MAP_i }

Conclusion The proposal considers security issues in binding update between mobile nodes and a mobility anchor point. Proposed solution for the above, with two security modes for different scenarios. Authentication of MN without the global PKI.

Q & A Thank You