Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobility in the Internet

Published byΑναστασούλα Κοτζιάς Modified over 6 years ago

Similar presentations

Presentation on theme: "Mobility in the Internet"— Presentation transcript:

1 Mobility in the Internet
12/24/2018

2 Mobile IP, Charles Perkins, IEEE Communications Magazine, May 1997
References Mobile IP, Charles Perkins, IEEE Communications Magazine, May 1997 Mobile IP - The Internet Unplugged, James D. Solomon, Prentice Hall, 1998 Supporting Transparent Host Mobility on TCP/IP Internetworks, Vipul Gupta, SUNY Binghamton, 1996 12/24/2018

3 Opportunity for connectivity
New environment gives us opportunity Continuous connectivity for a mobile host Seamless movement between networks Examples Move from office to elsewhere in building Move outside building, across campus, to cafe Why maintain connectivity? Avoid restarting applications/networks Avoid losing “distributed state” 12/24/2018

4 Each layer Data Encapsulation
is unaware of the packet structure used by its layers above and below is only concerned with the header meant for it has its own header (depending on the type of protocol) 12/24/2018

5 Internet Routing Basics
IP Packets are routed based on their Network Prefix (or Subnet Prefix) 12/24/2018

6 Problem Description Host identifier (IP address) is topologically meaningful Similar situation as with PSTN Cannot receive calls for (314) in San Diego, CA Options Retain Host Address => Routing fails Change Host Address => Lose established connections 12/24/2018

7 Mobile IP Features Makes it seem as one network extends over the entire Internet Continuous connectivity, seamless roaming even while network applications are running Fully transparent to the user 12/24/2018

8 Mobile IP Entities Mobile Host (MH) - Changes its point of attachment to the internet from one link to another. Home Agent (HA) - Router on MH’s home network which tunnels datagrams (packets of data) to MH when it is away from home. Foreign Agent (FA) - Router on MH’s visited network which provides routing services to the MH while registered. 12/24/2018

9 Intermediate routers are unaware of the inner IP header
How Mobile IP works When the Mobile Host is away from home its Home Agent picks up its IP packets, encapsulates them in a new IP packet and forwards them to the Foreign Agent Intermediate routers are unaware of the inner IP header 12/24/2018

10 Encapsulation is the Key
12/24/2018

11 IP address problem Internet hosts/interfaces are identified by IP address Domain name service translates host name to IP address IP address identifies host/interface and locates its network Moving to another network requires different network address But this would change the host’s identity How can we still reach that host? 12/24/2018

12 Routing for mobile hosts
MH CH MH = mobile host CH = correspondent host Home network Foreign network How to direct packets to moving hosts transparently? CH Home network Foreign network MH 12/24/2018

13 Basic Mobile IP – to mobile hosts
(We’ll see later that FA is not necessary or even desirable) MH = mobile host CH = correspondent host HA = home agent FA = foreign agent HA CH Home network Foreign network FA MH MH registers new “care-of address” (FA) with HA HA tunnels packets to FA FA decapsulates packets and delivers them to MH 12/24/2018

14 Packet addressing Packet from CH to MH Source address = address of CH
Destination address = home IP address of MH Payload Home agent intercepts above packet and tunnels it Source address = address of HA Destination address = care-of address of MH Source address = address of CH Destination address = home IP address of MH Original payload 12/24/2018

15 When mobile host moves again
CH Foreign network #1 FA #1 MH Home network HA Foreign network #2 FA #2 MH MH registers new address (FA #2) with HA & FA #1 HA tunnels packets to FA #2, which delivers them to MH Packets in flight can be forwarded from FA #1 to FA #2 12/24/2018

16 Basic Mobile IP - from mobile hosts
Mobile hosts also send packets HA CH Home network Foreign network FA MH Mobile host uses its home IP address as source address Lower latency Still transparent to correspondent host No obvious need to encapsulate packet to CH This is called a “triangle route” 12/24/2018

17 Problems with Foreign Agents
Assumption of support from foreign networks A foreign agent exists in all networks you visit? The foreign agent is robust and up and running? The foreign agent is trustworthy? Correctness in security-conscious networks We’ll see that “triangle route” has problems MH under its own control can eliminate this problem Other undesirable features Some performance improvements are harder with FAs We want end-to-end solution that allows flexibility 12/24/2018

18 Solution Mobile host is responsible for itself
(With help from infrastructure in its home network) Mobile host decapsulates packets Mobile host sends its own packets “Co-located” FA on MH HA CH Home network Foreign network MH MH must acquire its own IP address in foreign network This address is its new “care-of” address Mobile IP spec allows for this option 12/24/2018

19 Design implications New issues: the mobile host now has two roles:
Home role Local role More complex mobile host Loss of in-flight packets? (This can happen anyway.) Can visit networks without a foreign agent Can join local multicast groups, etc. More control over packet routing = more flexibility 12/24/2018

20 Problems Home network Foreign network CH HA MH
Mobile host uses its home IP address as source address Security-conscious boundary routers will drop this packet 12/24/2018

21 Routing options Allow MH to choose from among all routing options
Encapsulate packet or not? Use home address or care-of address as source address? Tunnel packet through home agent or send directly? Choice determined by: Performance Desire for transparent mobility Mobile-awareness of correspondent host Security concerns of networks traversed Equivalent choices for CH sending packets to MH 12/24/2018

22 Fault Tolerant Authentication in Mobile Computing
12/24/2018

23 Objective To provide uninterrupted secure service to the mobile hosts when base station moves or fails. Example – Battle Field 12/24/2018

24 MH sends a packet to its HA along with the authentication information.
To ensure security and theft of resources (like bandwidth), all the packets originating inside the network should be authenticated. MH sends a packet to its HA along with the authentication information. Authentication is successful-> HA forwards the packet. Otherwise, dropped. Mobile Node Authentication and Forwarding Services Arbitrary Topology Internet Home Agent 12/24/2018

25 Disadvantages of Typical Setup
Home Agent becomes a single point of failure. Home Agent becomes an attractive spot for attackers. Not scalable – large number of hosts overload the Home Agent. 12/24/2018

26 Research Goals Eliminate the single point of failure.
Distribute the load and enhance scalability and survivability of the system. Failures -- transparent to applications Easy to implement 12/24/2018

27 Traditional Approaches
Using a Proxy Server that takes up the responsibilities of the Base Station Using a Second Base Station that forwards the packets to the actual Home Agent, using Mobile IP, which is now at a Foreign Network. 12/24/2018

28 Proxy-based solution Destination Network BS1 Source Network
Arbitrary Network Arbitrary Network BS Foreign Network 12/24/2018

29 Traditional Approaches
Disadvantages: Manual updating of the routing tables Not transparent to applications Communication Delays Additional security threats as the packets now traverse long paths through Internet. 12/24/2018

30 Proposed Schemes We propose two schemes:
Virtual Home Agent Hierarchical Authentication They differ in the architecture and the responsibilities that the Mobile Hosts and Base Stations hold. 12/24/2018

31 Authentication Using Virtual Home Agent
Entities in the proposed scheme Virtual Home Agent(VHA) is an abstract entity identified by a network address. Master Home Agent(MHA) is the physical entity that carries out the responsibilities of the VHA. 12/24/2018

32 Authentication Using Virtual Home Agent
Backup Home Agent(BHA) is the entity that backs-up a VHA. When MHA fails, BHA having the highest priority becomes MHA. Shared Secrets Database Server is the entity that manages and processes the queries on the secret database. 12/24/2018

33 Virtual Home Agent Set up
VHA ID = IP ADDR1 Master Home Agent(MHA) Database Server Shared Secrets Database Other hosts in the network Backup Home Agents 12/24/2018

34 Protocol Description BHAs only listen for advertisements, they do not send the advertisements. If a BHA did not receive any advertisement for some period, starts the Down Interval Timer, computed as follows Down Time Interval = 5*Advertisement Interval + ((MHA’s priority-BHA’s priority)/MHA’s priority) 12/24/2018

35 Protocol Description Down Interval Time takes care of packet losses (as it is atleast 5 advertisement intervals) Down Interval Time is a function of BHA’s configured priority (if the priority is more, Down Interval Time is less). 12/24/2018

36 Protocol Description Down Interval Timer of the BHA having the highest priority will expire first and that guarantee BHA transitions from BHA to MHA. New MHA sends advertisements from now onwards. 12/24/2018

37 Advantages of this Election Protocol
Protocol Description Advantages of this Election Protocol No communication between the BHAs is required. There is no confusion about which BHA becomes MHA (only the one whose timer expires first) No additional security threats (like manipulating priorities of BHAs) 12/24/2018

38 Protocol Description State Transitions Backup State Start State
Master State State Transitions 12/24/2018

39 Advantages of the proposed scheme
Has only 3 states and hence the overhead of state maintenance is negligible. Very few tasks need to be performed in each state Flexible – there could be multiple VHAs in the same LAN and a MHA could be a BHA for another VHA, a BHA could be a BHA for more than one VHA at the same time. 12/24/2018

40 Hierarchical Authentication Scheme
Multiple Home Agents in a LAN are organized in a hierarchy (like a tree data structure). A Mobile Host shares a key with each of the Agents above it in the tree (Multiple Keys). At any time, highest priority key is used for sending packets or obtaining any other kind of service. 12/24/2018

41 Hierarchical Authentication Scheme
K2 Database B C K1 Database D E F G (K1, P1) (K2, P2) 12/24/2018

42 Hierarchical Authentication Scheme
Key Priority depends on several factors and computed as cumulative sum of weighted priorities of each factor. Example factors: Communication Delays Processing Speed of the Agents Secret Key Usage Life Time of the Key Configurable Priorities Availability of secret key information to an Agent 12/24/2018

43 Hierarchical Authentication Scheme
Hosts detect the Home Agent’s failure or mobility when the Home Agent does not send an acknowledgement for a request. When the failure is detected, host reduces the priority of the current key and picks up highest priority key to be used now onwards. 12/24/2018

44 Failure is transparent to the user Hierarchical Scheme Tree structure
VHA Scheme Flat structure Host has only one key Failure is transparent to the user Hierarchical Scheme Tree structure number of keys depend on height of the tree. Hosts should be aware of the failure of BS as which key to be used depends on the base station serving it. No Priority is assigned to the keys Each key has priority, the key with the highest priority is used for authentication. 12/24/2018

45 Cluster for scalability
One IP Add. Request Distribution Requests Front End Clients Back-end 12/24/2018

46 Locality-Aware Request Distribution
Cache R1,R1,R1,R1,R1 R1 R1,R1,R1,R2,R3,R2,R1,R1,R2,R3 Back-end nodes Front-end node Cache R2,R3,R2,R2,R3 R2, R3 12/24/2018

47 Back-end Forwarding Forwarded Request Host Front-end Back-end nodes
12/24/2018

48 Request Redirection 1. Request Front End 2. Redirect to Back End
3. Redirected Request Back-end 12/24/2018

49 Future work Quantifying the priorities for each factor and computing the overall key priority as a weighted function of all these factors. Designing a adaptable replication and partitioning scheme for secret keys that increases the system performance. Simulation of these approaches and obtaining performance statistics. 12/24/2018

50 References IP Mobility Support - RFC 2002.
Group Key Management Protocol (GKMP) Architecture - RFC 2094. Key Management for multicast : Issues and Architectures - RFC 2627. Secure Group Communications using Key Graphs, Chung Kei Wong, Md. Gouda 12/24/2018

Download ppt "Mobility in the Internet"

Similar presentations

Olaf Meyer University of Pennsylvania

Olaf Meyer University of Pennsylvania
1 SECURITY IN MOBILE NETWORKS Bharat Bhargava CERIAS and Computer Sciences Departments Purdue University, W. Lafayette, IN 47907 Supported.

1 SECURITY IN MOBILE NETWORKS Bharat Bhargava CERIAS and Computer Sciences Departments Purdue University, W. Lafayette, IN Supported.
Mobile Networking through Mobile IP

Mobile Networking through Mobile IP
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
1 Highly Available and Secure Fault-tolerant Mobile Computing Sanjay K. Madria Department of Computer Science University of Missouri-Rolla

1 Highly Available and Secure Fault-tolerant Mobile Computing Sanjay K. Madria Department of Computer Science University of Missouri-Rolla
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
IP Mobility Support Basic idea of IP mobility management

IP Mobility Support Basic idea of IP mobility management
Mobile IPv4 Courtesy of Scott Midkiff with Virginia Tech Mary Baker with Stanford (Now HP)

Mobile IPv4 Courtesy of Scott Midkiff with Virginia Tech Mary Baker with Stanford (Now HP)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Chapter 13 Mobile IP. Outline  ADDRESSING  AGENTS  THREE PHASES  AGENT DISCOVERY  REGISTRATION  DATA TRANSFER  INEFFICIENCY IN MOBILE IP.

Chapter 13 Mobile IP. Outline  ADDRESSING  AGENTS  THREE PHASES  AGENT DISCOVERY  REGISTRATION  DATA TRANSFER  INEFFICIENCY IN MOBILE IP.
Mobile and cellular IP CS 215 W 01. Mobile IP Mobile IP allows a computer to roam freely on the Internet while being reachable at the same IP address.

Mobile and cellular IP CS 215 W 01. Mobile IP Mobile IP allows a computer to roam freely on the Internet while being reachable at the same IP address.
Mobile IP.

Mobile IP.
IP Mobility Support Basic idea of IP mobility management o understand the issues of network-layer mobility support in IP network o understand the basic.

IP Mobility Support Basic idea of IP mobility management o understand the issues of network-layer mobility support in IP network o understand the basic.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Mobile IP Seamless connectivity for mobile computers.

Mobile IP Seamless connectivity for mobile computers.

Similar presentations

Ads by Google