Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka."— Presentation transcript:

1 Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka

2 1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion

3 1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

4 MotivationMotivation 1.Mobile device and Ebusiness 2.Current solutions are fairly completed to be implemented Related workRelated work 1.Strong authentication: PKI 2.Weak authentication: CGA, CAM and RR Our solutionOur solution Based on asymmetric and symmetric encryption algorithm to distribute an ID and a session key

5 CGA: Cryptographically Generated Address CAM: Child-proof Authentication for MIPv6 RR: Return Routability

6 2. Mobility support 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

7 Mobile Node, it is MIPv6MN: Mobile Node, it is MIPv6 Correspondent Node is communicating node with a MN, it is either stationary node or mobile nodeCN: Correspondent Node is communicating node with a MN, it is either stationary node or mobile node Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoAHA: Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoA A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign linkCoA: A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign link A MN’s permanent IPv6 address on its home linkHoA: A MN’s permanent IPv6 address on its home link

8 Bidirectional tunneling HA MN CN

9 Route Optimization MN CN

10 Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link CN saves the MN’s CoA into its BUC- binding update cache CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities

11 BU process 1.HoA: a MN’s HoA cannot be abused 2.CoA: CN’s BUC must save correct MN’s CoA Source IP Destination IP HoA option ……(CoA)HoA CoA …… BU message’s header CN’s BU entry

12 3. Security mechanisms and threats analysis 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

13 Security Mechanisms Authorization and trust Authentication Integrity Confidentiality Anti-replay

14 Authorization and trust:Authorization and trust: A CN verifies whether a MN has right to create or update its BUC Authentication:Authentication: MN and CN can verify their identifies Integrity:Integrity: BU message cannot be modified by an unauthorized node Confidentiality:Confidentiality: CoA and HoA cannot be disclosed to malicious nodes Anti-replay:Anti-replay: An attacker delivers old, out-of date packet to CN by pretending to be a MN

15 MN CN MN attacker ::20:10:10:10 BU BU False BU ::30:10:10:10 BUC HoA CoA ::40:10:10:10 Source address: ::30:10:10:10 Destination address: ::CN’s IP address Home address option: MN’s home address

16 Threats analysis Man-In-the-Middle attack Denial of Service attack

17 Man-In-the-Middle attack A B Attacker

18 Denial Of Service Attack MN CN Attacker

19 4.Address ownership problem 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

20 1.A MN’s HoA works as a searching key during BU process 2.A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN

21 5. Solution 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

22 Solution Overview Using an ID shared only with a pair MN and CN as a searching key Apply RSA asymmetric to distribute an ID and a session key Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process

23 Authentication in MIPv6 Apply in MIPv6 Preparation Binding Update Verifying

24 Preparation Procedure MN-----------------------------------CN Public key MN<---------------------------------CN [ID, session key] public MN saves the ID and session key MN generates public/private key

25 Binding update procedure MN---------------------------------  CN CN decrypts CoA by session CN verifies CoA and saves [CoA] session & ID ID Session key CoA Public key …… CN’s BU entry

26 Verify procedure An attackerAn attacker It is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.

27 Verify procedure An cheater: has a SA beforeAn cheater: has a SA before ID ID or session key is not correct, is not correct, Session key CN drops packet. Compares CoA and Compares CoA and CoA source address CoA source address

28 6. Conclusion 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion

29 Summary Solve address ownership problemSolve address ownership problem Prevent possible attacksPrevent possible attacks Implementation simpleImplementation simple Suitable any kinds of computer and memorySuitable any kinds of computer and memory It is difficult to recognize a cheaterIt is difficult to recognize a cheater

30 Future work 1. Combine software and hardware 2. Ciphertext error Transmission processTransmission process Storage mediumStorage medium Recover plaintext from errorsRecover plaintext from errors

31 Thank you

Download ppt "Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka."

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Security Issues In Mobile IP

Security Issues In Mobile IP
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
Mobile Communications-Network Protocols/Mobile IP

Mobile Communications-Network Protocols/Mobile IP
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.

Similar presentations

Ads by Google