Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

MIP Extensions: FMIP & HMIP

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

資管 Lee Lesson 12 IPv6 Mobility. 資管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

1 Dual Stack Support in Mobile IPv6 for Hosts and Routers OR IPv4 traversal for Mobile IPv6 ! draft-ietf-mip6-nemo-v4traversal-00 H. Soliman, G. Tsirtsis,

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

MOBILITY SUPPORT IN IPv6

Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

1 Utilizing Multiple Home Links on Mobile IPv6 Waseda University Hongbo Shi Shigeki Goto

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

Mobile IPv6 Binding Update: Return Routability Procedure Andre Encarnacao and Greg Bayer Stanford University CS 259 Winter 2008 Andre Encarnacao, Greg.

National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.

1 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Thierry Ernst - MOTOROLA Labs / INRIA Ludovic Bellier - INRIA project PLANETE Claude Castelluccia - INRIA project PLANETE Hong-Yon Lach - MOTOROLA Labs.

1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.

1 Monami6 Working Group IETF 66 July 2006 Montréal, Canada Thierry Ernst (INRIA) Nicolas Montavont (ENST Bretagne)

Understanding IPv6 Slide: 1 Lesson 12 IPv6 Mobility.

Introduction to Mobile IPv6

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol draft-kivinen-mobike-protocol-00.txt Tero Kivinen

07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.

+ Solution Overview (LR procedure) The whole sequence for localized routing Local routing capability detection Local routing Initiation LR scope or LR.

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Binding Revocation for IPv6 Mobility draft-muhanna-mip6-binding-revocation-01.txt MIP6 WG, IETF 69 Ahmad Muhanna Mohamed Khalil

Mobile IP Definition: Mobile IP is a standard communication protocol, defined to allow mobile device users to move from one IP network to another while.

Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli

Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.

Multiple Care-of Address Registration on Mobile IPv6 Ryuji Wakikawa Keisuke Uehara Thierry Ernst Keio University / WIDE.

Network Mobility (NEMO) Advanced Internet 2004 Fall

2003/3/1856th IETF NEMO WG1 Basic Network Mobility Support draft-wakikawa-nemo-basic-00.txt Ryuji Wakikawa Keisuke Uehara

Click to edit Master title style Click to add subtitle © 2008 Wichorus Inc. All rights reserved. CONFIDENTIAL - DO NOT DISTRIBUTE rfc3775bis Issues November.

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

RFC 3775 bis Julien Laganier, Marcelo Bagnulo MEXT WG chairs IETF-71 Philadelphia, PA, USA March 2008.

SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.

IPv4 over IP CS Soohong Daniel Park Syam Madanapalli.

ROUTING MOBILE IP  Motivation  Data transfer  Encapsulation.

Mobile IPv6 Location Privacy Solutions draft-irtf-mobopts-location-privacy-solutions-01.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

RFC 3775 IPv6 Mobility Support

Open issues with PANA Protocol

Multiple Care-of Address Registration

Support for Flow bindings in MIPv6 and NEMO

Mobility Support in IPv6 (MIPv6)

Introduction to Wireless Networking

Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002

Basics Submitted yesterday, not in I-D directories yet For the moment can be accessed at: draft-ietf-mobileip-ipv6-pre16.txt (I-D format) mipv6-modified-parts-pre16.pdf (modified parts) Modifications based on the security discussions and decisions The document is in debt to various Internet Drafts that have been issued around this subject Still needs some work (expect draft–17 soon)

What’s new Now securely usable on a global scale Routing topology has changed –Due to HAO restrictions Message sequences have changed –Due to RR, the new security mechanism Signalling formats have changed –Due to desire to allow IPsec usage on MN-HA and tunneled RR signaling Terminology has changed –Mainly due to formatting modifications, options => messages, sub-options => parameters, … Many changed sections

Still, it looks kind of familiar… New messages added but old ones intact Messages carried by new protocol instead of DO, but format still largely the same Route Optimization and Bidirectional tunneling functionally intact

Document modifications 4.1. Overview 4.x. New protocols 4.4. Security Design (was authentication) 5.1. Mobility Header (was BU, BA, BR) 5.4. HAO 5.x. Routing Header Type Requirements for all IPv6 Nodes 8. CN Behaviour 9.x. Protecting RR packets 10. MN Behaviour X. Future Enhancements 11. IANA Considerations 13. Security Considerations A.1. Modifications

Overview of functionality Return Routability procedure Home Address Option processing New role for Binding Request Message Formats

RR messaging MN CN HA 3. Binding Update 4. Binding Ack 2b. Care-of Test 2a. Home Test 1b. Care-of Test Init 1a. Home Test Init

RR details and math 1a.HOTI: MN(HoA) -> CN: HoA 1b.COTI: MN(CoA) -> CN: CoA 2a.HOT: CN -> MN(HoA): K0, j 2b.COT: CN -> MN(CoA): K1, i 3.BU: MN(CoA) -> CN: HoA, CoA, MAC, j, i 4.BA: CN -> MN(CoA): MAC CN is stateless until a good BU is received K0 and K1 are cookies derived from a key known by CN BU and BA MACs are based the cookies The MACs are calculated over the messages CN is assured that BU is from someone on path

RR details and math - with CN liveness and BM verification through COTI/COT 1a.HOTI: MN(HoA) -> CN: P0, HoA 1b.COTI: MN(CoA) -> CN: P1, CoA, [HoA] 2a.HOT: CN -> MN(HoA): K0, j, P0 2b.COT: CN -> MN(CoA): K1, i, P1, [MAC] 3.BU: MN(CoA) -> CN: P2, HoA, CoA, MAC, j, i 4.BA: CN -> MN(CoA): MAC 5.BM: CN -> MN(CoA): CN is stateless until a good BU is received K0 and K1 are cookies derived from a key known by CN BU and BA MACs are based the cookies The MACs are calculated over the messages (and P2 in step 4) CN is assured that BU is from someone on path

Usage of HAO - and related messaging MN CN HA BCE expired: HAO Binding Missing Bidir tunneling: no HAO Regular answer BCE exists: HAO Regular answer

New role for Binding Request Detection of mobile nodes may not be possible anymore for the CN! –Bidirectional tunneling hides the fact that the node is mobile Binding Request in draft-16 has become a kind of a “Binding Refresh Request” Responsibility for starting Route Optimisation on the MN side

Mobility Header format... IPv6 header |Payload Proto | Header Len | MH Type | | Checksum | | | | |... Message Data... | | Messages carried in this format: –Binding Request –Home Test Init, Home Test, Care-of Test Init, Care-of Test –Binding Update, Binding Ack –Binding Missing

Home Test message data | Reserved | | Home Nonce Index | | | | + + | Home Cookie (128 bits) | + + | | + + | | | |... Parameters... | |

Binding Update message data |A|H|S|D| Reserved | | Sequence # | Reserved | | Lifetime | | | + + | | + Home Address (?) + | | + + | | | |. Parameters.... (Mandatory carried parameters for CN Bus: Nonce Indices,. | Authentication Data) |

Nonce Indices parameter | Type = 4 | Len = 6 | Home Nonce Index | | Care-of Nonce Index |

Authentication Data parameter | 5 | 18 | | SPI, always zero in draft-16 (?) | | | + Authenticator + | | + (calculated from RR specific rules, different from draft–15) + | |

Summary Main new things: RR, HAO, formats Questions, comments? Some open issues remain and will be discussed later