Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6,

Published byChristopher Boone Modified over 10 years ago

Similar presentations

Presentation on theme: "Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6,"— Presentation transcript:

1

2 Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6, USM

3 Introduction What is IPv6? What is IPv6? IPv6 is the next generation IP Address. IPv6 = 2001:0468:0C80:1341:0280:1CFF:FE15:5820 Huge Number of addresses 2 128 = 340 Undecillion Addresses Built-in Mobility Support (Main Feature) Why do we need IPv6? Why do we need IPv6? Limited addressing space in IPv4 Growing Internet Community More laptops, Broadband service, Hotspots… Growing Mobile Technology 3G Network, Nokia and Mobile phone service providers What is Mobile IPv6? What is Mobile IPv6?

4 Mobile IPv6 Terms Used Mobile Node -a node which travels from one to another network Home Agent - Router in the Home network Correspondent Node - Node which Mn communicating with Home-of Address – Mns IP Address in Home Network Care-of Address - Mns IP Address in Foreign Network Binding Update - What is binding Update?

5 Binding Update Between Mobile Node and Home AgentBetween Mobile Node and Home Agent (Current Protocol - IPSec) (Current Protocol - IPSec) Between Mobile Node and Correspondent NodeBetween Mobile Node and Correspondent Node (Current Protocol - Return Routability) (Current Protocol - Return Routability) Binding update is the act of Mn, To update its new Care of Address. (to HA & Cn)

6 This paper is about Mobile IPv6 and Binding Update. (only Mn and Cn) This paper is about Mobile IPv6 and Binding Update. (only Mn and Cn) Related Papers What others has done about Binding Update? What others has done about Binding Update? Is it a current issue? Is it a current issue? Is it an interesting topic? Is it an interesting topic? Scope and Background of the Paper

7 Literature Review / Related Work 1. Securing return Routability protocol against Active Attack Uses Modified RR and Digital Signature Uses Modified RR and Digital Signature Also use Public Key Cryptography for strong security Also use Public Key Cryptography for strong security Conclusion : Public Key is very huge, not practical to implement Conclusion : Public Key is very huge, not practical to implement 2. Mobile IPv6 route Optimization Security Design Has made small enhancement to RR Has made small enhancement to RR Introduce time stamp for kbm (eliminate time shifting attack) Introduce time stamp for kbm (eliminate time shifting attack) Conclusion : Introduce Route Optimization (Kbm expiration) Conclusion : Introduce Route Optimization (Kbm expiration)

8 3. Early Binding Updates for Mobile IPv6 Introduces two Early Binding messages Introduces two Early Binding messages Reduces the overall network latency Reduces the overall network latency Conclusion : Provides a good performance Result Conclusion : Provides a good performance Result 3. Using IPSec between Mobile and correspondent IPv6 Nodes New approach introduced New approach introduced Mostly based on assumption and needs more Security Association Mostly based on assumption and needs more Security Association Assumption made as manual selection and peer to peer based Assumption made as manual selection and peer to peer based Conclusion : Ambitious, need more enabled features. (future) Conclusion : Ambitious, need more enabled features. (future) 4. Dynamic Diffie-Hellman based key distribution for Mobile IPv6 Uses Diffie-Hellman key exchange method Uses Diffie-Hellman key exchange method Four message exchange, possible man-in-the middle attack Four message exchange, possible man-in-the middle attack Conclusion : Lacks of Authentication, might need PKI or AAA implementation Conclusion : Lacks of Authentication, might need PKI or AAA implementation Literature Review / Related Work (continue)

9 Methodology Secret Key Binding Technique New Approach to Secure Binding Update Between Mn and Cn to replace Return Routability 1.Pre-Binding Secret Key Exchange Method Key Exchange Process in Home Network Diffie-Hellman Key Exchange Two Message Exchange 2.Secret Key Encryption Method Process takes place in Foreign Network 2 Binding test message exchange 2 Binding update message exchange

10 Pre-Binding Secret Key Exchange Method

11 Secret Key Encryption Method

12 Secret Key Binding Technique Scenario Home Agent Mobile Node FF:01::01 Home-Of Address FF:84::05 Care-Of Address Correspondent Node FF:08::04 Home Network Foreign Network 1 Foreign Network 2 Shown as per Flow Diagram

13 Implementation / Result Simulation presented using Network Simulator 2 (NS2) Simulation presented using Network Simulator 2 (NS2) C++ (System Language) - Simulator Configuration C++ (System Language) - Simulator Configuration TCL (Scripting Language) - Topology Configuration TCL (Scripting Language) - Topology Configuration Results presented using Trace Graph utility. Results presented using Trace Graph utility.

14 Secret Key Binding Technique How it works?

15 Pre-Binding Secret Key Exchange Method Message from Mn to Cn / Cn to Mn (Home Network) MN={FF:01::01} This is the first step: Diffie-Hellman Key Exchange (2 messages) Takes place in Home Network After the Pre-binding Secret key Exchange, the communication process continues as normal.

16 Secret Key Binding (Binding Test) Binding Test message from Mn to Cn (Encrypted with (S) {Sn, HoA, T, MnC}) Binding Test Reply from Cn to Mn thru HA (Encrypted with (S) {Sn, T, CnC}) Second Method: Secret Key encryption step 4 messages Exchange 2 Binding Test messages 2 Binding messages

17 Secret Key Binding (Binding Update) Binding Update (Encrypted with (S) {Sn, T, H(MnC+CnC), BU} ) Binding Acknowledgement (Encrypted with (S) {Sn, T, BA})

18 The parameters used in Secret key Binding Technique show how some of the major security threats eliminated (Security) The parameters used in Secret key Binding Technique show how some of the major security threats eliminated (Security) Number of message exchange, time taken and time delay show the performance efficiency of the protocol (Performance) Number of message exchange, time taken and time delay show the performance efficiency of the protocol (Performance) Protocol Achievement

19 Security Consideration Return Routability Procedure Secret Key Binding Technique AuthenticationYes AuthorizationYes ConfidentialityYes IntegrityYes Non-RepudiationNoYes CryptographyNoYes *Security Threats

20 Security Consideration Return Routability Procedure Secret Key Binding Technique EavesdroppingYesNo Traffic AnalysisYesNo MasqueradingNo Reply AttackNo Message ModificationYesNo Denial-of ServiceNo Man-in-the-middleNo False bindingNo *Possible Vulnerabilities

21 Performance Consideration Secret Key Binding Technique Return Routability Procedure Number of Nodes Involved33 Process Time Length0.079s0.127s Average Network Delay0.00346s0.00537s Total Number of Packets Exchange4752 Total Number of Bytes sent513210824 Total Packets generated by Mn1622 Total Bytes sent by Mn19084192 *Overall Performance of Mobile Network Simulation

22 Performance Measurement Secret Key Binding TechniqueReturn Routability

23 Performance Efficiency measurement & Comparison SKBRRSKBRRSKBRRSKBRR Number of Process1110 100 1000 Total Processing Time79.0ms12.7ms81.7ms129.6ms819.6ms1299.6ms8199.7ms12999.6ms Total Number of packets4752227 340202732162002732016 Minimum Network Delay0.064ms Maximum Network Delay0.457ms0.870ms0.457ms0.870ms0.457ms0.870ms0.457ms0.870ms Average Network Delay0.346ms0.537ms0.444ms0.813ms0.456ms0.853ms0.457ms0.857ms Number of Packet Loss01162819629619962996 Performance Test has been conducted to test the efficiency of the protocol. Comparison made between RR and SKB 1 to 1000 processes in a scenario has been tested Shows the average delay of both protocol. Efficiency 50%

24 Secret Key Binding Performance Trace Output

25 Return Routability Performance Trace output

26 Contribution New approach for Binding Update New approach for Binding Update Secret Key Binding Technique Secret Key Binding Technique Pre-Binding Secret key Exchange Method Pre-Binding Secret key Exchange Method Secret key encryption Method Secret key encryption Method Cryptographic Based Binding Method Cryptographic Based Binding Method Improved performance Improved performance Less number of packet exchange Less number of packet exchange Less time taken to finish the process Less time taken to finish the process

27 Conclusion A new method has been introduced for BU A new method has been introduced for BU Secret Key Binding Technique Secret Key Binding Technique More Secure (cryptographic Based) More Secure (cryptographic Based) Better Performance Better Performance Space for future enhancement Space for future enhancement

28 Future Works Enhancement to the DH key Exchange Enhancement to the DH key Exchange IKE or AAA method can be used to improve the Key Exchange Method IKE or AAA method can be used to improve the Key Exchange Method

29 Thank You. Rahmat Budiarto 20 th APAN 2005 08/2005

Download ppt "Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6,"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Security Issues In Mobile IP

Security Issues In Mobile IP
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?

Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.

INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Similar presentations

Ads by Google