Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

Published byMarjorie Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014."— Presentation transcript:

1 1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014

2 2 Why Mobility Protocols Satellites with IP- enabled devices capture videos, images and send them to control centers on earth Need to maintain continuous connectivity with remote computer Mobility protocols are required to ensure session continuity

3 3  Employs mechanism similar to postal service mail forwarding  Problems:  Inefficient routing  High handover latency  Packet loss IETF Solution to IP Mobility: Mobile IP Home Network Home Agent Foreign Agent Visiting Network Correspondent Node (CN) Location Update Packets from CN to MH Internet Encapsulated Packets Decapsulated Packets Home Address Acquires CoA

4 4 Network Mobility (NEMO) A collection of nodes moving as a unit (Example: airplanes, trains, ships) Mobility can be managed in an aggregated way in NEMO Mobile Router acts as default gateway and manages mobility on behalf of mobile network nodes HA

5 5 NEMO Architecture Data path  Inside NEMO  MR: Mobile Router  LFN: Local Fixed Node  LMN: Local Mobile node  VMN: Visiting Mobile Node  Problems:  Routing through HA  Heavy load on HA  Drop in throughput during handover NEMO

6 6 SIGMA Transport layer solution proposed by the researchers at the TNRL lab Exploits IP-diversity (having multiple IP addresses) of a mobile host Benefits:  Establishes a new connection before disconnecting the old one  Decouples location management from data transmission  Less handover delay and packet loss, Optimal routing between MH-CN CN Location Manager

7 7 SINEMO SIGMA-based seamless mobility solution for mobile networks  Exploits IP-diversity of the MR The MR maintains a translation table for all the mobile network nodes  MNN’s private IPs do not change Default gateway

8 8 Hierarchical Mobility Protocols: HMIPv6 For high mobility of nodes, frequent location updates for HA  Bandwidth wastage  Overhead for HA Hierarchical Mobile IPv6 attempts to reduce signaling by introducing new Mobility agent: MAP Local HA

9 9 Network-based Mobility Protocols

10 10  Employs mechanism similar to postal service mail forwarding  Problems:  MH must send updates to HA  CoA changes in every handoff  High handover latency  Packet loss Terminal-based Mobility Protocol: Mobile IP Home Network Home Agent Foreign Agent Visiting Network Correspondent Node (CN) Location Update Packets from CN to MH Internet Encapsulated Packets Decapsulated Packets Home Address Acquires CoA

11 11 Problems of Terminal-based Mobility Protocols Problems:  Requires low-end mobile devices to perform all kinds of mobility signaling to maintain connectivity  New CoA after each handoff, so the cache entry needs to be changed  Wireless bandwidth wastage due to mobility signaling  High handover latency  Sub-optimal routing and tunneling Solution: Network-based Mobility Management  Network takes care of all the mobility signaling  Network entities are responsible to track the mobile device  Network entities send required signaling messages on behalf the mobile devices

12 12 Proxy Mobile IP: Network-based Mobility Management  Local Mobility Anchor Local HA for the MH in a PMIPv6 domain All traffic destined to are routed through LMA  Mobility Anchor Gateway Access router that tracks MH’s movement in its access link Informs the LMA through Proxy BU Local Home Agent PMIPv6 domain Access Router that detects node mobility

13 13 PMIPv6 Operation Router Solicitation AAA procedure Binding Cache entry for MH Proxy BU Proxy BA PMIPv6 domain

14 14 Proxy Mobile IP Signaling AAA : Authentication, Authorization and Accounting BCE: Binding Cache Entry PBU: Proxy Binding Update PBA: Proxy Binding Ack

15 15 Benefits of Network-based Mobility Management Battery power saving No modification in end devices Unique IP address in the whole LMA-domain Movement detection by the network Reduced signaling in the wireless access network Low handover latency Efficient tunneling Less signaling in each handoff  No Duplicate Address Detection (DAD) in each handoff  No return routability

16 16 Security Issues of Mobility Protocols

17 17  After moving to new location, MH informs CN about its location though binding update  Improved performance Route optimization in Mobile IPv6 Home Network Home Agent Visiting Network Correspondent Node Location Update Internet Optimized route without any encapsulation Binding update to CN

18 18 Major Security Threats  Man-in-the-middle attack  Traffic redirection attack  Bombing Attack  Replay Attack  Home Agent poisoning  Blocking legitimate BU  Resource exhaustion  Forcing sub-optimal route  Exploitation of routing headers

19 19 Traffic Redirection Attack Correspondent Node MH Attacker Node B Spoofed binding update (MH’s ID, Node B’s IP) Ongoing communication Binding Ack accepted by CN Redirected Traffic Home Agent

20 20 Man-in-the-middle (MITM) Attack Correspondent Node Home Agent MH Spoofed binding update (MH’s ID, Attacker’s IP) Ongoing Communication Binding Ack accepted by CN TrafficRedirected to the Attacker Attacker learns and modify packets Modified packets received

21 21 Bombing Attack Streaming server MH Spoofed binding update involving MH’s address Unwanted streaming data Connection Setup with server

22 22 Replay Attack CN Subnet A MH sends BU from subnet A Subnet B Recorded BU replayed to CN CN sends packets to MH’s previous location ???? Moving to subnet B MH sends BU from Subnet B Home Agent Attacker records BU for future attack

23 23 Reflection Attack Correspondent Node Home Agent MH receives every packet sent by the attacker twice False initial message

24 24 Home Agent Poisoning Spoofed BU Binding ACK Query for MH Location information corrupted Reply (Wrong IP)

25 25 Resource Depletion Memory and transmission power wasted Subnet A Subnet B Attacker establishes many connections with fake IPs MH sends BUs to all those fake hosts Home Agent

26 26 Exploitation of Routing Header  Attack traffic sent to node B with a Routing Header (RH)  Node B overwrites destination field with RH  Traffic is then sent to victim node  Difficult to find source of attack

27 27 Exploitation of HoA Option  Attack traffic to V  Node V replaces source IP with HoA field (B)  It appears to be an attack from Node B

28 28 Defense Mechanisms

29 29 Defense Mechanisms  Goals  Simple enough to be implemented in mobile devices  Requiring low processing power  Low latency solutions  Infrastructure-less approach: No such global infrasturcture  Existing defense mechanisms for Mobile IPv6  IP Security protocol  Internet Key Exchange (IKE)-based schemes  Return Routability protocol  Protection for routing headers  Other general measures

30 30 IP Security Protocols  A suite of protocols to provide security in IP networks  Authentication Header (AH) protocol  Encapsulating Security Payload (ESP) protocol  In IPsec, a preconfigured Security Associations (SA) is established between MH and HA / CN to choose security parameters / algorithms  Advantage:  Very strong authentication  Difficult to break  Limitations:  High CPU requirement  Does not protect against misbehaving MH

31 31 IPsec: Authentication Header (AH) protocol  AH guarantees data origin authentication of IP packets  Use of such AH ensures that any attacker cannot deceive HA or CN with spoofed BU  As a result, traffic redirection attacks can be avoided  Limitations:  Cannot ensure data confidentiality

32 32 IPsec: AH Operation Correspondent Node Home Agent Security Association Securing BU with AH

33 33 IPSec: Encapsulating Security Payload (ESP) protocol  ESP protocol can ensure data confidentiality in addition to authentication  ESP ensures privacy of data by encryption  An encryption algorithm combines data in the datagram with a key to transform it into an encrypted form

34 34 IPsec: Securing Data using ESP Correspondent Node Home Agent Security Association Securing BU with ESP Securing data from inconsistency

35 35 IKE-based Schemes  Commonly used for mutual authentication and establishing and maintaining security associations for IPSec protocol suite  Ensures confidentiality, data integrity, access control, and data source authentication  IKE helps to dynamically exchange the secret key that is used as the input to the cryptographic algorithms  Limitations:  Require existence of a certification authority  Very complex and power consuming operations

36 36 Return Routability Protocol  Proposed to secure binding updates between CN-MH  A node sending a binding update must prove its right to redirect the traffic  RR messages are exchanged among MH, CN and HA before binding updates are sent

37 37 Message Exchange in RR protocol  MH initiates RR by sending HoTI and CoTI msg to the CN  The CN then sends corresponding challenge packets (HoT and CoT) destined to MH  If successful, CN accepts BU from MH  Advantages  Infrastructure-less  Low CPU required  Limitations  Weak authentication  Does not protect against attackers on the path between HA and CN HoTI CoTI HoT CoT

38 38 Protection against Routing Header (RH) issues  To protect misuse of routing headers, following restrictions are applied while processing RH:  Only one RH per packet  All IPv6 nodes must verify that the address contained within RH is the node’s own HoA  The IP address must be a unicast routable address since it is the MH’s HoA  A node must drop the packet if any of these are NOT met

39 39 Other possible approaches  Keeping nodes stateless: To avoid resource exhaustion  Keeping short lifetime for binding entry: To avoid replay attack  Use of Cryptographically Generated Address: To avoid redirection / MTIM attacks

40 40 Comparison among the Schemes Defense Mechanisms Protection fromBenefitsLimitations IPsec and IKEAttack on BU between MH-HA Strong authentication, data confidentiality High CPU overhead, assumes trust relationship Return routability Attack on BU between MH-CN Infra-structureless, Less CPU requirement Weak authentication Keeping nodes stateless Resource exhaustion attack Helps in avoiding DoS attacks May introduce delay for legitimate BU Short lifetime of BU Replay attack, HA poisoning Ensures up-to-date entry in binding cache Frequent refreshing updates wastes bandwidth Use of CGABombing attack, MTIM, traffic redirection Hard to target a nodeHigher complexity, higher CPU

41 41 Thank You

Download ppt "1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
Mobile IP.

Mobile IP.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Similar presentations

Ads by Google