Presentation is loading. Please wait.

Presentation is loading. Please wait.

Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.

Published byCuthbert Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2."— Presentation transcript:

1 Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2

2 Outline ● Nodes in the Architecture ● Problem description ● Identifier – locator split in HIP ● Identifier multiplexed locator translation ● Signaling delegation between identifiers ● Conclusions

3 Nodes in the Architecture Mobile Router (MR) Access Router (AR) Internet Correspondent Node (CN) Mobile network Mobile Node (MN) MR Nested mobile network Rendezvous Server (RS)

4 Problem Statement ● How to inform peers about MN's new location in a secure and efficient way? ● How to sustain optimal routing? MN MR AR CN ? ● Address Binding Update (BU) ● Challenge-response Test

5 Related Problems ● Signaling explosion in highly populated networks. ● Suboptimal routing. ● Authorizing MR to signal on behalf of the MN. ● Address assignment inside mobile network.

6 Identifier - Locator Split in HIP ● A new public-key based Host Identifier (HI) name space ● Sockets bound to HIs, not to IP addresses. ● HIs translated to IP addresses by kernel Process Transport Host Identity IP Layer Link Layer Host ID IP Address Dynamic binding

7 Advantage of Cryptographic HIs ● Public-key based end-point identifiers (HIs) vs. untrustworthy IP addresses. ● Possible to authorize and delegate signaling rights between HIs in a secure way. ● Possible to use authorization certificates, e.g., SPKI certificates.

8 HI multiplexed Locator Translation ● MN registers its HI and local unicast address to MR. ● MN learns MR's HI during the registration. ● MR implements HI multiplexed locator translation. MN MR Internet Registration Local unicast address space

9 Authorizing MR to send BUs ● MR hides the network mobility from MNs. ● MNs authorize MR to send Binding Update messages on behalf of them to CNs. AR CN RS AR BU signaling from MR MN MR MN MR MN-CoA1 MR-CoA1MR-CoA2 Authorization

10 Delegating Rights to Signaling Proxy ● MR may delegate the signaling rights to a trusted signaling proxy. MN MR Signaling proxy Delegation AR Authorization Internet

11 Optimizing MR-to-CNs Signaling ● The signaling proxy sends BUs on behalf of the MNs to CNs. AR RS CN BU signaling from Sig. Proxy MN MR MN MR Signaling proxy AR Single BU from MR CoA2CoA1 Internet

12 Reach-ability Test ● The peer nodes must verify that the MN is in the MR’s location where the signaling proxy claims the MN to be. AR RS CN Challenge-Response MN MR MN MR Signaling proxy AR CoA2CoA1 Internet

13 Optimizing CNs-to-MR Signaling ● The signaling proxy may hide the regional mobility, acting as an on-the-path Mobility Anchor Point (MAP). AR RS CN MN MR MN MR Signaling proxy & MAP AR Single BU from MR Internet MAP Domain

14 Many Roles of a Mobile Router ● Access router (AR) ● HI multiplexed locator translation device ● Mobility Anchor Point (MAP) ● Mobility signaling proxy

15 Conclusions ● The solution is based on the HIP and signaling rights delegation between public-key based HIs. ● Optimized over-the-air mobility signaling inside a mobile network, and between the mobile network and the Internet. ● Optimized routing between MNs and peer nodes.

16 Thank You! Questions, comments?

Download ppt "Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2."

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
© Antônio M. Alberti 2011 Host Identification and Location Decoupling: A Comparison of Approaches Bruno Magalhães Martins Antônio Marcos Alberti.

© Antônio M. Alberti 2011 Host Identification and Location Decoupling: A Comparison of Approaches Bruno Magalhães Martins Antônio Marcos Alberti.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.
Network Localized Mobility Management using DHCP

Network Localized Mobility Management using DHCP
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
T-110.6120 Special Course in Data Communication Software Mobility in the Internet 25.9.2009 Prof. Sasu Tarkoma.

T Special Course in Data Communication Software Mobility in the Internet Prof. Sasu Tarkoma.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
Mobile IP.

Mobile IP.
Host Identity Protocol

Host Identity Protocol
81st IETF, Quebec Citydraft-bernardos-mext-dmm-pmip-01 A PMIPv6-based solution for Distributed Mobility Management draft-bernardos-mext-dmm-pmip-01 Carlos.

81st IETF, Quebec Citydraft-bernardos-mext-dmm-pmip-01 A PMIPv6-based solution for Distributed Mobility Management draft-bernardos-mext-dmm-pmip-01 Carlos.
IPv6 Network Mobility on Ad hoc network for Transportation System Assoc. Prof. Lee Bu Sung, Francis.

IPv6 Network Mobility on Ad hoc network for Transportation System Assoc. Prof. Lee Bu Sung, Francis.
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Similar presentations

Ads by Google