Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015.

Published byJade Patrick Modified over 9 years ago

Similar presentations

Presentation on theme: "A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015."— Presentation transcript:

1 A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015

2 What are the features of mobile firewall  The guardians can track and control the activities of guarded person when they visit foreign domain as well as in home domain.  The firewall will run at Mobility Anchor Point(MAP) that the Mobile Node(MN) visited.  The guardians could dynamically monitor and control the mobile node’s (MN) activities through a remote machine.  All operations are transparent to the guarded person.  The guardians could remotely specify the security rules of the firewall.

3 HA: Home Agent CN: Correspondent Node MAP: Mobility Anchor Point AR: Access Router MN: Mobile Node Where are the firewalls employed CN movement MAP’s Domain Hierarchical MIPv6 Mobility Management (HMIPv6) framework

4 How to implement the mobile firewall  Security Tables (I) Focuses on how to effectively manage the security stuff, such as security keys, security associations, security rules, etc. in order to minimize the overhead on mobile devices and provide strong security.  Trust MAP cache (in Home Agent HA)  Security association cache (in HA)  Security association cache (in MAP) MAP addressAccepted / Denied MN’s HoA MN’s RCoA MN’s LCoA MN’s RSA Public Key (P H ) Encryption Key (k EN ) Binding Update Key (k BU ) Acknowledgement / Request Key (k BA/R ) Time Stamp MN’s HoA MAP Add MN’s RCoA MAP’s RSA Public Key (P H ) Encryption Key (k EN ) Binding Update Key (k BU ) Acknowledgement / Request Key (k BA/R ) Time Stamp

5 How to implement the mobile firewall  Security Tables (II)  Security rule cache (in both HA and MAP) Item Local Address Remote Address ActionLife timeRestriction Cont- ent MN’s HoA (at HA) or MN’s RCoA (at MAP) HA’s AddressAcceptAnyAll CN 1 ’s Address Pass / Drop Bytes / Time / Both Application protocols / Ports …..….….….….….…. CN n ’s Address Pass / Drop Bytes / Time / Both Application protocols / Ports

6 How to implement the mobile firewall Message exchange among MN, MAP and HA  Firewall Setup (I) MN MAP HA | | | |=====REG_REQ================>| | | | long term |<-----------------MAP_DENY---| messages | | | | |<---IKE_MSG---| | |... | set up | |... | VPN channel | |... | | |----IKE_MSG-->| | | | ------------------------------------------------------ | | | | |===INI_REQ===>| | | | | |<===SEC_RUL===| | | | short term | |====MN_LOG===>| message for | |----MN_LOG--->| monitor/control | |----MN_LOG--->| | | | ------------------------------------------------------ | | | | |<===MN_LEV====| | | |

7 How to implement the mobile firewall  Messages in Mobile Firewall REG_REQ = {Src=HoA, Des=HA, RCoA, MAP, Flag, Ran} MAP_DNY = {Src=HA, Des=RCoA, HoA, MAP, Denial, Ran} IKE Negotiated messages INI_REQ = {Src=HoA, Des=CN, CoA(RCoA), Req, Ran} SEC_RUL = {Src=HoA, Des=MAP, rules*, SIG_h} rules*= e(k_en, security_rules) SIG_h = (S_h, HoA|MAP|rules*) MN_LOG = {Src=MAP, Des=HoA, i, HoA, log*} log*= e(k_en, activity_log)

8 Conclusion There are three main parts in our scheme:  Authentication and authorization  Management  Control and Monitor All the operations are transparent to the mobile nodes A mobile node will be served in a way specified by its guardian no matter where it roams. The mobile firewall could have full features of a conventional stateful firewall.

9 Q & A Thanks

Download ppt "A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
MOBILE NETWORK LAYER Mobile IP.

MOBILE NETWORK LAYER Mobile IP.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)

Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.

Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Mobile IP Seamless connectivity for mobile computers.

Mobile IP Seamless connectivity for mobile computers.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

Similar presentations

Ads by Google