Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Considerations for Securely Deploying Mobility

Published byEugen Kuntz Modified over 6 years ago

Similar presentations

Presentation on theme: "Practical Considerations for Securely Deploying Mobility"— Presentation transcript:

1 Practical Considerations for Securely Deploying Mobility
Will Ivancic NASA Glenn Research Center (216)

2 Network Design Triangle
SYZYGY Engineering $$$ Cost $$$ Maturity Policy Protocols Architecture Scalability Mobility Security QoS Bandwidth 5 © 2004 Syzygy Engineering – Will Ivancic

3 Design Issues Host and/or Network Mobility Security Policy Scalability
Corporate and/or Individual Scalability Handoff Speed Intranet or Internet Own and/or Shared Infrastructure May be an issue even within you own Organization Crossing Autonomous Systems Multi-Homing Multiple Radio Links Varying Multi-homed link characteristics (e.g WiFi, Satellite, GPRS, Low-Rate VHF)

4 Mobile Networking Solutions
Routing Protocols  Route Optimization  Convergence Time  Sharing Infrastructure – who owns the network? Mobile-IP  Route Optimization  Convergence Time  Sharing Infrastructure  Security – Relatively Easy to Secure Domain Name Servers  Reliability

5 Mobility at What Layer? Layer-2 (Radio Link) Layer-3 (Network Layer)
SYZYGY Engineering Layer-2 (Radio Link) Fast and Efficient Proven Technology within the same infrastructure Cellular Technology Handoffs WiFi handoffs Layer-3 (Network Layer) Slower Handover between varying networks Layer-3 IP address provides identity Security Issues Need to maintain address Layer-4 (Transport Layer) Research Area Identity not tied to layer-3 IP address Proposed Solutions HIP – Host Identity Protocol SCTP – Stream Control Transport Protocol © 2004 Syzygy Engineering – Will Ivancic

6 What is the Weather like in Cleveland?
Location Identifier SYZYGY Engineering I am in Paris France HQ Keeps Track of Alice. Hello Bob, I am in Cleveland, Ohio I am in Cleveland, Ohio Alice (Mobile Node) Binding Updates Alice (Mobile Node) What is the Weather like in Cleveland? Registration Hello Alice Internet Where is Alice’s Location Manager? Bob (Corresponding Node) Headquarters (Location Manager) © 2004 Syzygy Engineering – Will Ivancic

7 IPv4 “Real World” Operation
CN Proxy had not originated the request; therefore, the response is squelched. Peer-to-peer networking becomes problematic at best. Glenn Research Center Policy: No UDP, No IPSec, etc… Mobile-IP stopped in its tracks. What’s your policy? US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA USCG Requires 3DES encryption. WEP is not acceptable due to known deficiencies. Ingress or Egress Filtering stops Transmission due to topologically Incorrect source address. IPv6 Corrects this problem. FA MR

8 Current Solution – Reverse Tunneling
CN Adds Overhead and kills route optimization. US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA NAT Must Run NAT Transversal Using UDP Tunnels FA Anticipate similar problems for IPv6. MR

9 Shared Network Infrastructure
Public Internet FA MR US Coast Guard Canadian Coast Guard ACME Shipping HA ACME SHIPPING US Navy Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue.

10 x Basic Mobile Network Support for IPv6 Link UP Binding Update
Nodes Binding Update Mobile Network Note, Mobile Network allows for single Binding Update. Other Mobility Solutions may Oversubscribe link during Binding updates. Link UP Access Router Access Router Internet or Intranet Bidirectional Tunnel Corresponding Node Home Agent

11 The Next (Current) Research / Deployment Area
Mobile Security The Next (Current) Research / Deployment Area

12 Behind Router – Strategic
SYZYGY Engineering Address Changes with Mobility Mobile Network IPE-2M Mobile Router HA-MR Tunnel Roaming Interface HA-FA Tunnel Address can Be Fixed Foreign Agent The Neah Bay is using the IPE in a strategic deployment which refers to the placement of the encryptors, in this case behind the routers. Internet Home Agent IPE-IPE Secure Tunnel IPE-2M Home Network Source – Western DataCom

13 In-Front of Router – Tactical
SYZYGY Engineering In-Front of Router – Tactical Mobile Network Address Changes with Mobility Mobile Router IPE-2M Roaming Interface Secure WAN HA-MR Tunnel IPE-IPE Secure Tunnel The Army demonstration uses a tactical deployment which places the IPE in front of the routers. IPE-2M HA-FA Tunnel Foreign Agent Internet Home Agent Home Network Source – Western DataCom

14 Mobile IPSec ? Internet Address Changes with Mobility
SYZYGY Engineering Mobile IPSec ? Address Changes with Mobility Intranet Mobile IPSec Device Internet Partially Being Addressed MOBIKE HIP Certificate Based Identity? Others? The Army demonstration uses a tactical deployment which places the IPE in front of the routers. Mobile IPSec Device Secure Tunnel Intranet © 2004 Syzygy Engineering – Will Ivancic

15 IPv6 Ad Hoc Networking Challenges
SYZYGY Engineering Denial of Service Duplicate Address Detection (DAD) DoS, Uncooperative Router, etc… Neighbor Discovery trust and threats Network Discovery Reachback, DNS, Key Manager Security IPSec / HAIPES tunnel end-points Security Policies in a dynamic environment Is layer-2 encryption sufficient security? Insecure routing Attackers may inject erroneous routing information to divert network traffic, or make routing inefficient Key Management Lack of key distribution mechanism Hard to guarantee access to any particular node (e.g. obtain a secret key) © 2004 Syzygy Engineering – Will Ivancic

16 IPv6 Ad Hoc Networking Challenges
SYZYGY Engineering Duplicate Address Discovery Not suitable for multi-hop ad hoc networks that have dynamic network topology Need to address situation where two MANET partitions merge Radio Technology Layer-2 media access often incompatible with layer-3 MANET routing protocol Battery exhaustion threat A malicious node may interact with a mobile node very often trying to drain the mobile node’s battery Testing of Applications Integrating MANET into the Internet © 2004 Syzygy Engineering – Will Ivancic

Download ppt "Practical Considerations for Securely Deploying Mobility"

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
COM555: Mobile Technologies Location-Identifier Separation.

COM555: Mobile Technologies Location-Identifier Separation.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 Securing Mobile Networks An Enabling Technology for National and International Security and Beyond.

1 Securing Mobile Networks An Enabling Technology for National and International Security and Beyond.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
1 Multi-Domained, Multi-Homed Mobile Networks Mobile Platform Internet (MPI) mailing.

1 Multi-Domained, Multi-Homed Mobile Networks Mobile Platform Internet (MPI) mailing.
Mobile IP.

Mobile IP.
Neah Bay Presentation. Introduction Western DataCom has been in business for 20+ years providing data communications security solutions to the US Government,

Neah Bay Presentation. Introduction Western DataCom has been in business for 20+ years providing data communications security solutions to the US Government,
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a mobile node (MN) to change its point.

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Mobile IP Seamless connectivity for mobile computers.

Mobile IP Seamless connectivity for mobile computers.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Mobile IP, PMIP, FMC, and a little bit more

Mobile IP, PMIP, FMC, and a little bit more
1 Mobile Networking As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will.

1 Mobile Networking As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will.

Similar presentations

Ads by Google