1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute.

Slides:



Advertisements
Similar presentations
Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Advertisements

Security Issues In Mobile IP
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Secure Mobile IP Communication
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Survey of Secure Wireless Ad Hoc Routing
1 PERFORMANCE COMPARISON OF VERTICAL HANDOVER STRATEGIES FOR PSDR HETEROGENEOUS NETWORK 學生 : 鄭宗建 學號 :
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
1 Protocol composition and refinement patterns February, 2003 Dusko Pavlovic Kestrel Institute.
Mobile IP.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.
Authors: Ing-Ray Chen Weiping He Baoshan Gu Presenters: Yao Zheng.
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
Mobile IPv6 Binding Update: Return Routability Procedure Andre Encarnacao and Greg Bayer Stanford University CS 259 Winter 2008 Andre Encarnacao, Greg.
Securing AODV Routing Protocol in Mobile Ad-hoc Networks Phung Huu Phu, Myeongjae Yi, and Myung-Kyun Kim Network-based Automation Research Center and School.
National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC
1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.
Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo
Executable specification of cryptofraglets with Maude for security verification Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented.
1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
Thinking Architecturally An information theory and complex system viewpoint.
A policy-based per-flow mobility management system design
1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
Introduction to Mobile IPv6
MOBILITY Beyond Third Generation Cellular Feb
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
MOBILE IP Optimization of packet forwarding
1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.
MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.
SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.
1 IPv6 and Mobile IPv6 For Mobile Networks Hesham Soliman Director, Elevate Technologies Octorber 2012.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.
Introduction Wireless devices offering IP connectivity
RFC 3775 IPv6 Mobility Support
MOBILE IPv6 SECURITY ISSUES
Support for Flow bindings in MIPv6 and NEMO
Software Connectors – A Taxonomy Approach
Network Virtualization
Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.
Presentation transcript:

1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute

2 Claim Security Engineering is a part of Software Engineering

3 Claim it is helpful to analyze: protocols in context of architectures security as a part of of high assurance malicious attackers on connectors together with unspecified environments of components both SE and SE are concerned with distributed, multi-layered, heterogenous complex systems…

4 Outline Mobile proposals: –IPv4 vs IPv6 Problem: –remote redirection (traffic hijacking) Adding authentication: –espec transformation Variations and ongoing work

5 Papers Authentication for Mobile IPv6 –with A. Datta, J. Mitchell and F. Muller Composition and refinement of behavioral specifications –with D. Smith Guarded transitions in evolving specifications –with D. Smith

6 Mobile IPv4 HA MN FA CN initial architecture

7 Mobile IPv4 HAMN FA CN

8 Mobile IPv4 HA MNFA CN

9 Mobile IPv4 HA MNFA CN

10 Mobile IPv4 HA MNFA CN

11 Mobile IPv4 HA MNFA CN triangle routing!

12 Mobile IPv4 HA MN FA CN session architecture

13 Mobile IPv6 avoid triangle routing: –use IPv6 Routing Header and tunneling minimize –network partitioning –computational load on: »routers »nodes: no expensive encryptions or decryptions –number of messages –need for infrastructure: no global PKI maximize –performance and availability: no DoS –end-to-end security: authenticate location information

14 Mobile IPv6 home address –the node is always addressed by the same IP number care-of addresses (one or more) –bind dynamically to different subnet IP numbers »all packets containing the binding information must be authenticated »authentication relies upon previously established security associations Binding Update/Acknowledgement –realized through Destination Options Headers –Binding Cache integrated with Destination Cache

15 Mobile IPv6 proposal HA MN CN initial architecture

16 HAMN CN

17 Mobile IPv6 HA MN CN g y k = g xy g x g y {BU} k

18 Mobile IPv6 HA MN CN

19 Mobile IPv6 HA MN CN

20 Mobile IPv6 proposal MN CN session architecture

21 E E E E E E Mobile IPv6 proposal HA MN CN E E actual initial architecture

22 Mobile IPv6 HA MN CN g x g v g v E k = g uy EC k = g ME xv g u g y

23 Mobile IPv6 proposal MN E E CN possible session architecture

24 Task Use especs to add authentication!

25 Task Assess tradeoff between maximizing strength of authentication minimizing need for infrastructure

26 MN’s view  (u) (u x /k )  g x  (u)  u x /k  ( x)  g x  (u)  u x /k  espec MN

27 CN’s view   g y  (w y /k) ( y)  g y  (w y /k) (w) ( y)  g y  (w y /k) espec CN

28 BU architecture espec CN espec MN espec HA espec Netespec BU

29 (aspects of especs) genericity –all agents are instances of cord espec automated –composition of agents –trace generation support for formal analysis –model checking –theorem proving –invariant generation

30 BU architecture espec CN espec MN espec HA espec Netespec BU

31 BU architecture espec CN espec MN espec HA espec Net diag BU

32 (aspects of especs) adjustable abstraction level stratification: –agents: process calculus –protocols: especs –architectures: diagrams »network connectors and components »infrastructure and chain of trust »information flow »…

33 BU architecture diag BU

34 BU refinement diag BU diag AuthKeyExch diag KeyExch diag AuthBU Lib

35 (aspects of especs) development (programming, generation) –top-down: refinement »morphisms: inheritance, genericity –bottom-up: composition »pushouts »emergent and vanishing properties »game theory, linear logic (strategies) –program transformation »authentication compiler (Bellare-Canetti-Krawczyk) »optimization –adaptation »specification-carrying software

36 BU refinement diag BU diag AuthKeyExch diag KeyExch diag AuthBU Lib

37 AuthBU architecture espec AuthCN espec AuthMN espec HACN espec Net espec HAMN diag AuthBU

38  g x  (u,v) (v/{g x,u} hm ) (u x /k) (u,v) (v/{g x,u} hm ) (u x /k) (v/{g x,u} hm ) (u x /k)  ( x)  g x  (u,v) (v/{g x,u} hm ) (u x /k) espec AuthMN AuthMN’s view

39 E E E E E E Authenticated MIPv6 HA MN CN E E HA initial architecture

40 MNCN k = g xy HA MN HA CN g x g, {g, g } xy hc xy g, {g, g } xy sg xy g, {g, g } xy hm y

41 MNCN HA MN HA CN { i MN, g y, s } hc s {i CN, i MN, g y, s} pk {i CN, i MN, g y, s} sg s = {i CN, i MN, g x, g y } k { i MN, g y, s } hm k = g xy g x

42 MNCN HA MN HA CN { i MN, g y, s } hc s {i CN, i MN, g y, s, {i CN, i MN, g y, s} sg } pk s = {i CN, i MN, g x, g y } k { s, g y, i MN } hm k = g xy g x

43 Authenticated MIPv6 MN CN assured session architecture

44 Variations weaker authentications: –one-way: no PKI, just certificates, or AAA - no anonymity –first time unauthenticated (like SSH), then chained hashing stronger authentications: –privacy –anonymity, non-repudiation dynamic infrastructure –no shared secret: databases of “fingerprints” –authenticating by non-forgeable capability –authenticating by divided secret

45 (aspects of especs) additional aspects: –information flow –information hiding –cryptography –…

46 Ongoing work IMPLEMENT the tool!

47 Papers Authentication for Mobile IPv6 –with A. Datta, J. Mitchell and F. Muller Composition and refinement of behavioral specifications –with D. Smith Guarded transitions in evolving specifications –with D. Smith

48 (cord spaces) (names)N ::= X | A (terms)t ::= x | a | N | t,...,t | {t} N (strands)S ::= aS (cords)C ::= [S]  (actions) a ::=  t  | (x) | ( t/p(x) ) (interaction) [(x)R]  [  t  S]...   [R(t/x)]  [S]... (reaction) [ ( p(t)/p(x) ) R]...   [R(t/x)] ... FV(t) = 

49 What are especs? diagrams of specs specification-carrying programs in a development environment supporting –refinement (top-down) –composition (bottom-up) –synthesis of verified code programming language with –guarded commands –logical annotations as first-class citizens (available at runtime) –procedural abstraction and refinement

50 What are specs? spec Poset is sort X op Bool ax trans is x x<z ax sym... end-spec spec Semilattice is sort X op V in : X*X -> X cons b : X ax assoc is (xVy)Vz = xV(yVz)… end-spec x<y xVy=y spec BinR spec AsymRspec RefRspec TranR spec BinO spec Commspec Involspec Assoc

51 What are especs? espec Basic_Acct is spec … end-spec prog stad Create init[X] is… stad Amount[self] is… … step Depos[self,d]: Amount[self] -> Amount[self,d] cond d>0 balance(self)|-> balance(self)+d end-step end-prog end-espec Create Amount Depos espec Savings_Acct is spec … end-spec prog stad Create init[X] is … stad Accum… step Transfer… … end-step … end-prog end-espec Create Amount Depos Accum

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.