Download presentation
Presentation is loading. Please wait.
1
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka
2
1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion
3
1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion
4
MotivationMotivation 1.Mobile device and Ebusiness 2.Current solutions are fairly completed to be implemented Related workRelated work 1.Strong authentication: PKI 2.Weak authentication: CGA, CAM and RR Our solutionOur solution Based on asymmetric and symmetric encryption algorithm to distribute an ID and a session key
5
CGA: Cryptographically Generated Address CAM: Child-proof Authentication for MIPv6 RR: Return Routability
6
2. Mobility support 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion
7
Mobile Node, it is MIPv6MN: Mobile Node, it is MIPv6 Correspondent Node is communicating node with a MN, it is either stationary node or mobile nodeCN: Correspondent Node is communicating node with a MN, it is either stationary node or mobile node Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoAHA: Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoA A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign linkCoA: A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign link A MN’s permanent IPv6 address on its home linkHoA: A MN’s permanent IPv6 address on its home link
8
Bidirectional tunneling HA MN CN
9
Route Optimization MN CN
10
Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link CN saves the MN’s CoA into its BUC- binding update cache CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities
11
BU process 1.HoA: a MN’s HoA cannot be abused 2.CoA: CN’s BUC must save correct MN’s CoA Source IP Destination IP HoA option ……(CoA)HoA CoA …… BU message’s header CN’s BU entry
12
3. Security mechanisms and threats analysis 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion
13
Security Mechanisms Authorization and trust Authentication Integrity Confidentiality Anti-replay
14
Authorization and trust:Authorization and trust: A CN verifies whether a MN has right to create or update its BUC Authentication:Authentication: MN and CN can verify their identifies Integrity:Integrity: BU message cannot be modified by an unauthorized node Confidentiality:Confidentiality: CoA and HoA cannot be disclosed to malicious nodes Anti-replay:Anti-replay: An attacker delivers old, out-of date packet to CN by pretending to be a MN
15
MN CN MN attacker ::20:10:10:10 BU BU False BU ::30:10:10:10 BUC HoA CoA ::40:10:10:10 Source address: ::30:10:10:10 Destination address: ::CN’s IP address Home address option: MN’s home address
16
Threats analysis Man-In-the-Middle attack Denial of Service attack
17
Man-In-the-Middle attack A B Attacker
18
Denial Of Service Attack MN CN Attacker
19
4.Address ownership problem 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion
20
1.A MN’s HoA works as a searching key during BU process 2.A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN
21
5. Solution 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion
22
Solution Overview Using an ID shared only with a pair MN and CN as a searching key Apply RSA asymmetric to distribute an ID and a session key Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process
23
Authentication in MIPv6 Apply in MIPv6 Preparation Binding Update Verifying
24
Preparation Procedure MN-----------------------------------CN Public key MN<---------------------------------CN [ID, session key] public MN saves the ID and session key MN generates public/private key
25
Binding update procedure MN--------------------------------- CN CN decrypts CoA by session CN verifies CoA and saves [CoA] session & ID ID Session key CoA Public key …… CN’s BU entry
26
Verify procedure An attackerAn attacker It is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.
27
Verify procedure An cheater: has a SA beforeAn cheater: has a SA before ID ID or session key is not correct, is not correct, Session key CN drops packet. Compares CoA and Compares CoA and CoA source address CoA source address
28
6. Conclusion 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion
29
Summary Solve address ownership problemSolve address ownership problem Prevent possible attacksPrevent possible attacks Implementation simpleImplementation simple Suitable any kinds of computer and memorySuitable any kinds of computer and memory It is difficult to recognize a cheaterIt is difficult to recognize a cheater
30
Future work 1. Combine software and hardware 2. Ciphertext error Transmission processTransmission process Storage mediumStorage medium Recover plaintext from errorsRecover plaintext from errors
31
Thank you
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.