Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research.

Published byCarol Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research."— Presentation transcript:

1 Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research

2 Contents Background Mobile IPv6 Demo Security

3 Background

4 The Internet A network of networks Machines have 32-bit addresses comprising: –Network Id: network of attachment –Host: unique within network Machines hear traffic local to their network Routers forward packets between networks Machines send to remote net via router DNS provides name to address lookup

5 Why IPv6 Initiative first started June 1992 –First draft published Jan 1996 Initial response to concerns about IPv4 –Shortage of IPv4 32-bit addresses –Size of IPv4 routing tables 128-bit address space –64-bit network prefix (hierarchic structure to assist routing) –64-bit Interface Id (~unique: e.g. derived from MAC address) IPv6 addresses are cheap and easily acquired –Stateless address auto-configuration: router’s prefix plus IF-Id –Duplicate Address Detection (DAD) is integral to protocol

6 MIPv6 Status 1 – still no RFC, IETF draft 15 –awaiting consensus on security (~8 proposals) 2 – IPv6 in XP-Pro (obscured) &.NET Server 3 – MIPv6 for Win2000 (based on MSR NT4 stack) –Free download for research (src & bin) 4 – Mobile extensions to.NET Server stack –Lancaster LandMARC project 5 – (M)IPv6 code to CE4.0 Core OS group –Lancaster LandMARC project 6 – Proposed security protocol to IETF –Joint with Ericsson Research

7 Mobile IPv6

8 Moving Between Networks Today

9 Reason why Traditional IP address = (network + host-id) –is bound to a specific network –Connections break if node moves between nets –Problem for mobile, wireless computers (future)

10 Solution: Mobile IPv6 MIPv6 mobile node (MN) uses two addresses –Home Address (HoA): well known / used by apps –Care-of Address (CoA): forwarding address IPv6 addresses: cheap and plentiful Network connections survive movement Mobile machines may use multiple link types Transparent support for any IPv6-enabled app NB: does not provide for IPv4 connections

11 Mobile on home net Correspondent elsewhere on internet

12 Packets arrive on home net (normal)

13 Mobile node moves to foreign net

14 Mobile tells Home Agent its location

15 Packets still arrive on home net

16 Home agent forwards onto mobile

17 Tell correspondent the current net

18 So home agent can be bypassed

19 Demo

20 Demo : Logical network

21 Demo : Home Agent in router

22 Demo : Correspondent in router

23 Demo : one router suffices

24 Demo : small enough to carry

25 MIPv6 on CE4.0+ WebPad

26 MIPv6 on Outlook (pre-release)

27 Security

28 Attacks that exploit MIPv6 Spoofed Binding Update –Attacker knows or guesses the address to attack Secrecy and integrity –Attacker redirect packet flows via itself Break packet flows (DoS) –Redirect packet flow into black hole Amplification attack –Send packet to X –Asking X to send many packets to Y –“dump your 100GB disk to this UDP port”

29 IETF draft (13) : use IPSec V13 mandates IPsec AH on Binding Updates Works, but too hard to configure and test Doesn’t scale with manual key distribution Doesn’t validate care-of address Helps if administrator has: –network monitors attached –kernel debugger(s) installed on all machines –source code for IPv6 stack –program for configuring the program for configuring IPSec

30 Elements of our protocol Cryptographically Generated Addresses –Establish “ownership” of a Home Address Return routability tests for CoA and HoA –A sort of cookie exchange (low cost) –Test the addresses we are given by a MN –Does a packet sent to CoA get correct response? –Is MN reachable on HoA via its Home Agent? –Precursor to any expensive public-key operations

31 CAM: Childproof Authentication for MIPv6 Mobile node m chooses key pair (PK m,SK m ) Mobile m chooses Home addr (IF-Id) A m = H(PK m, i) –Int i used to resolve IPv6 address collisions Binding Update from m includes: A’ m, A c, A m, PK m, i, {H(A’ m, A c, A m, T m )}SK m Correspondent verifies A m = H(PK m, i) and the hash from the Binding Update Use of PK m is uncertified, but says nothing about real- world identify Impostor cannot submit bogus BU without finding (PK’, SK’) where H(PK’, i) = A m –(which is hard)

32 References Childproof Authentication for Mobile IPv6 (CAM), Greg O’Shea and Michael Roe, ACM Communications Review, April 2001. Authentication of Mobile IPv6 Binding Updates and Acknowledgements, M. Roe, T. Aura, G. O’Shea, J. Arkko, http://www.ietf.org/internet- drafts/draft-roe-mobileip-updateauth-01.txthttp://www.ietf.org MIPv6 BU Attacks and Defences, T.Aura and J. Arkko, http://www.ietf.org/internet-drafts/draft- aura-mipv6-BU-attacks-01.txt

33

Download ppt "Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
DAD Optimization Youn-Hee Han Samsung Advanced Institute of Technology 57 th IETF, Vienna, Austria July 13-18, 2003.

DAD Optimization Youn-Hee Han Samsung Advanced Institute of Technology 57 th IETF, Vienna, Austria July 13-18, 2003.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Similar presentations

Ads by Google