Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Similar presentations


Presentation on theme: "Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka."— Presentation transcript:

1 Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka

2 1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion

3 1.Introduction 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

4 MotivationMotivation 1.Mobile device and Ebusiness 2.Current solutions are fairly completed to be implemented Related workRelated work 1.Strong authentication: PKI 2.Weak authentication: CGA, CAM and RR Our solutionOur solution Based on asymmetric and symmetric encryption algorithm to distribute an ID and a session key

5 CGA: Cryptographically Generated Address CAM: Child-proof Authentication for MIPv6 RR: Return Routability

6 2. Mobility support 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

7 Mobile Node, it is MIPv6MN: Mobile Node, it is MIPv6 Correspondent Node is communicating node with a MN, it is either stationary node or mobile nodeCN: Correspondent Node is communicating node with a MN, it is either stationary node or mobile node Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoAHA: Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoA A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign linkCoA: A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign link A MN’s permanent IPv6 address on its home linkHoA: A MN’s permanent IPv6 address on its home link

8 Bidirectional tunneling HA MN CN

9 Route Optimization MN CN

10 Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link CN saves the MN’s CoA into its BUC- binding update cache CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities

11 BU process 1.HoA: a MN’s HoA cannot be abused 2.CoA: CN’s BUC must save correct MN’s CoA Source IP Destination IP HoA option ……(CoA)HoA CoA …… BU message’s header CN’s BU entry

12 3. Security mechanisms and threats analysis 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

13 Security Mechanisms Authorization and trust Authentication Integrity Confidentiality Anti-replay

14 Authorization and trust:Authorization and trust: A CN verifies whether a MN has right to create or update its BUC Authentication:Authentication: MN and CN can verify their identifies Integrity:Integrity: BU message cannot be modified by an unauthorized node Confidentiality:Confidentiality: CoA and HoA cannot be disclosed to malicious nodes Anti-replay:Anti-replay: An attacker delivers old, out-of date packet to CN by pretending to be a MN

15 MN CN MN attacker ::20:10:10:10 BU BU False BU ::30:10:10:10 BUC HoA CoA ::40:10:10:10 Source address: ::30:10:10:10 Destination address: ::CN’s IP address Home address option: MN’s home address

16 Threats analysis Man-In-the-Middle attack Denial of Service attack

17 Man-In-the-Middle attack A B Attacker

18 Denial Of Service Attack MN CN Attacker

19 4.Address ownership problem 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

20 1.A MN’s HoA works as a searching key during BU process 2.A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN

21 5. Solution 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Solution 6. Conclusion

22 Solution Overview Using an ID shared only with a pair MN and CN as a searching key Apply RSA asymmetric to distribute an ID and a session key Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process

23 Authentication in MIPv6 Apply in MIPv6 Preparation Binding Update Verifying

24 Preparation Procedure MN-----------------------------------CN Public key MN<---------------------------------CN [ID, session key] public MN saves the ID and session key MN generates public/private key

25 Binding update procedure MN---------------------------------  CN CN decrypts CoA by session CN verifies CoA and saves [CoA] session & ID ID Session key CoA Public key …… CN’s BU entry

26 Verify procedure An attackerAn attacker It is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.

27 Verify procedure An cheater: has a SA beforeAn cheater: has a SA before ID ID or session key is not correct, is not correct, Session key CN drops packet. Compares CoA and Compares CoA and CoA source address CoA source address

28 6. Conclusion 1.Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4.Address ownership problem 5. Present solution 6. Conclusion

29 Summary Solve address ownership problemSolve address ownership problem Prevent possible attacksPrevent possible attacks Implementation simpleImplementation simple Suitable any kinds of computer and memorySuitable any kinds of computer and memory It is difficult to recognize a cheaterIt is difficult to recognize a cheater

30 Future work 1. Combine software and hardware 2. Ciphertext error Transmission processTransmission process Storage mediumStorage medium Recover plaintext from errorsRecover plaintext from errors

31 Thank you


Download ppt "Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka."

Similar presentations


Ads by Google