Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,

Published byMartina Wright Modified over 8 years ago

Similar presentations

Presentation on theme: "A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,"— Presentation transcript:

1 A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research, Singapore

2 Why need security between MN and MAP? When CN sends packets to MN's RCoA, MAP intercepts the packets and forwards them to MN's LCoA. Redirect Attacks: if BU message from MN to MAP is not authenticated when MN changes its AR, an attacker can redirect traffic from MAP to fake destinations. Only the authorized users can use the MAP HA: Home Agent CN: Correspondent Node MAP: Mobility Anchor Point AR: Access Router MN: Mobile Node movement MAP’s Domain

3 How to Provide MN-MAP Security? Authentication-only Mode In this mode, a MAP only needs to ensure that the same MN is sending the BUs to the MAP. It is not necessary for the MN to prove that it is authorized to use a MAP to manage its mobility. BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i long term messages short term messages Cookie0 = {Src=LCoA, Des= MAP, Opt=HoA, C0} Cookie1 = {Src=MAP, Des=LCoA, Opt=HoA, C0, C1, N1}. BU 1 = {Src=LCoA, Des=MAP, Opt=HoA, C0, C1, N1, N2, TS, SIG MN, Cert MN }, SIG MN = Sig(SK MN, LCoA|HoA|MAP|N1|N2|TS). BA 1 = {Src=MAP, Des=LCoA, Opt=HoA, RCoA, C0, C1, N1, N2}, BU i = {Src=LCoA, Des=MAP, Opt=HoA, old_LCoA, TS, SIG MN_i } SIG MN_i = Sig(SK MN, LCoA|MAP|HoA|old_LCoA|TS). BA i = {Src=MAP, Des=LCoA, Opt=HoA}

4 How to Provide MN-MAP Security? Authentication & Authorization Mode In this mode, the MAP and the MN need to know that the other end is "trusted". The MAP also needs to know if the MN is authorized for using it. All 3 parties need certificates; MN’s is issued by its HA Both MAP and HA only need to store a few trusted CAs’ public keys. Similar to SSL, no global PKI is need here. BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i long term messages short term messages HA Req_cert Rep_cert

5 How to Provide MN-MAP Security? Authentication & Authorization Mode BU 1 Cookie1 Cookie0 MNMAP BA 1 BU i BA i HA Req_cert Rep_cert BU 1 = {Src=LCoA, Des=MAP, Opt=HoA, C0, C1, N1, N2, TS, g x, SIG MN, Cert MN }, SIG MN = Sig(SK MN, LCoA|HoA|MAP|g x |N1|N2|TS) Cert MN = {HoA, PK MN, Valid_Iinterval, SIG HA } Req_Cert = {Src=MAP, Des=HA, request_cert} Rep_Cert = {Src=HA, Des=MAP, Cert HA } BA 1 = {Src=MAP, Des=LCoA, Opt=HoA, RCoA, C0, C1, g y, SIG MAP, Cert MAP } SIG MAP = Sig(SK MAP, LCoA|HoA|MAP|g y |BU 1 ) Cert MAP = {MAP, PK MAP, Valid_Iinterval, SIG CA } BU i = {Src=LCoA, Des=MAP, Opt=HoA, old_LCoA, TS, SIG MN_i } BA i = {Src=MAP, Des=LCoA, Opt=HoA, SIG MAP_i }

6 Conclusion The proposal considers security issues in binding update between mobile nodes and a mobility anchor point. Proposed solution for the above, with two security modes for different scenarios. Authentication of MN without the global PKI.

7 Q & A Thank You

Download ppt "A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,"

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Security Issues In Mobile IP

Security Issues In Mobile IP
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
Handover Management for Mobile Nodes in IPv6 Networks Nicolas Montavont and Thomas Noël, IEEE Communications Magazine, August 2002 Speaker:

Handover Management for Mobile Nodes in IPv6 Networks Nicolas Montavont and Thomas Noël, IEEE Communications Magazine, August 2002 Speaker:
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
MOBILE NETWORK LAYER Mobile IP.

MOBILE NETWORK LAYER Mobile IP.
MobiCom 2003 Robert Hsieh and Aruna Seneviratne

MobiCom 2003 Robert Hsieh and Aruna Seneviratne
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003

A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003
1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI

1 Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim ETRI
Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.

Protocol for Hiding Movement of Mobile Nodes in Mobile IPv6 draft-qiu-mip6-hiding-movement-00.txt F. BAO, R. DENG, J. Kempf, Y. QIU and J.Y ZHOU.
Mobile IP Seamless connectivity for mobile computers.

Mobile IP Seamless connectivity for mobile computers.
1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

1 Overview of Mobility Protocols Md. Shohrab Hossain Dec 6, 2014.

Similar presentations

Ads by Google