mipv6security: dimension of danger
DESCRIPTION
MIPv6Security: Dimension Of Danger. Unauthorized creation (or deletion) of the Binding Cache Entry (BCE). MIPv6Security: Basic Address Stealing. BU . MN. CN. Original Data Flow. MN sends a BU to the CN with the HoA address IP MN and a COA - PowerPoint PPT PresentationTRANSCRIPT
MIPv6Security: Dimension Of Danger
Unauthorized creation (or deletion) of
the Binding Cache Entry (BCE).
MIPv6Security: Basic Address Stealing
MN CN
BU <HoA = IPMN, CoA = IPCOA >
Original Data Flow
MN sends a BU to the CN with the HoA address IPMN and a COAIPCOA . The CN will create a Binding Cache Entry (BCE) as <HoA = IPMN, CoA = IPCOA >. The data will flow directly from the CN To the MN.
MIPv6Security: Basic Address Stealing-no ingress (continue)
MN CN
Original Data Flow
Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The data will flow will be diverted into The victim node.
Attacker
Victim
BU <HoA = IPMN, CoA = IPvictim >
New Data Flow
Ingress Filter
MIPv6Security: Basic Address Stealing-with ingress (continue)
MN CN
Original Data Flow
Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is The Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The data will flow will be diverted into The victim node.
Attacker
Victim
BU <HoA = IPMN, Alt CoA = IPvictim >
New Data Flow
MIPv6Security: Basic Address Stealing (continue)
The Binding Update Authorization Mechanism is designed to prevent this threat, and to limit the location of the
attacker in the path between a Correspondent Node and the Home
Agent.
MIPv6Security: Address Stealing Of Stationary Node (continue)
MN CNOriginal Data Flow
Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPHTTPServer >. The data will flow will be diverted into The HTTP Server.
Attacker
Victim-HTTP Server
BU <HoA = IPMN, CoA = IPHTTPServer >
New Data Flow
Initiate Data Flow
Ingress Filter
MIPv6Security: Address Stealing Of Stationary Node-with ingress (continue)
MN CN
Original Data Flow
Denial Of Service Attack : Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPHTTPServer >. The data will flow will be diverted into the HTTP Server.
Attacker
Victim-HTTP Server
BU <HoA = IPMN, Alt CoA = IPHTTPServer >
New Data Flow
Address Stealing of a stationary node is more easier than address stealing
of a node which is alwaysconfiguring its IP address. So, it is not the MN
which is vulnerable to address stealing attacks, it is the well known static server. The security designmust make reasonable measure to prevent the
creation of fraudulent binding cache entriesIn the first place
MIPv6Security: Static Nodes vs Mobile Nodes
•Attacker is obtaining a dynamic home IP address.•The attacker can figure out the address which will be used as a home IP address by certain MN.•Attacker will create Binding Cache Entry in a CN with a vectim IP address as a CoA.•The attacker releases the home IP address, and the target node obtains the same address.•If the BCE lifetime is very long, then the attacker will launch a future Denial Of Service or Man In the Middle Attack.
MIPv6Security: Future Address Stealing
MIPv6Security: Future Address Stealing (continue)
MN CN
Initiate Data Flow
Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. TheMN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node.
Attacker
Victim
BU <HoA = Future IPMN, CoA = IPvictim >
New Data Flow
1
2 3
MIPv6Security: Future Address Stealing (continue)
MN CN
Initiate Data Flow
Attacker
Victim
BU <HoA = Future IPMN, Alt CoA = IPvictim >
New Data Flow
1
2 3
Ingress Filter
Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The MN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node.
MIPv6Security: Future Address Stealing (continue)
To limit this type of attack the lifetime
Of BCE entries is limited to few minutes.
MIPv6Security: Attacks against Secrecy and Integrity
MN CN
Original Data Flow
Man In the Middle Attack: Attacker pretends that he is a MN. Send aBU to the CN. The source IP address for the BU is the attacker IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPattacker >. The data will flow will be diverted into The attacker node.
Attacker
BU <HoA = IPMN, CoA = IPattacker >
New Data Flow
Solution: IPsec-E2E encryption/decryption
MIPv6Security: Attacks against Secrecy and Integrity (continue)
• Encryption will limit this type of attacks.• In MIPv6 security design adopt the mechanism to
authenticate the HoA & CoA periodically by RR (Round Routability). The mechanism make sure that the HoA & CoA belong to the same node.
MIPv6Security: Replaying and Blocking Binding Update
The attacker capture the BU packet and impersonate the mobile node. The attacker reserves the MN’s previous address after the MN’s hasMoved away and then replayed the previous BU to redirect packetsBack to the previous location.
MN CN
Attacker
BU <HoA = IPMN, CoA >
Copy BU
MN CN
Attacker
BU <HoA = IPMN, nCoA >
jamming BU <HoA = IPMN, CoA >
Data CapturingMN CN
Attacker
BU <HoA = IPMN, nCoA >
jamming
Denial Of Service Attack
BU <HoA = IPMN, CoA >
Victim (CoA)
MIPv6Security: Replaying and Blocking Binding Update (continue)
Limiting the replay attack effect by:
• Limiting the lifetime of the BCE entry.
• Using nonce.
MIPv6Security: Basic Flooding
CNOriginal Data Flow
•Attacker pretend that he is a MN on a foreign sub-network. •Attacker subscribe video stream with CN.•Attacker redirect the video Stream to Victim.
Attacker
BU <HoA = IP attacker, CoA = IP victim >
Victim
MIPv6Security: Basic Flooding
In MIPv6 security design adopt the mechanism to check if there is a node at the new Care-of address and indeed the node is the one that requested redirecting packets to that Care-of address.
MIPv6Security: Return- to-Home Flooding
CNOriginal Data Flow
Attacker
BU <HoA = IP attacker, CoA = IP temporary IP>
Home Sub-network
•Attacker pretend that he is a MN on a foreign sub-network.•Attacker subscribe video stream with CN.• Attacker send BU cancellation into CN or leave the BCE to expires.•The data flow will be diverted into home network.
New Data Flow
MIPv6Security: Return-to-home Flooding
It is difficult to protect completely against this attach. Some degree of protection is provided by Return routability.
MIPv6Security: Inducing Unnecessary Binding Update
HA
Attacker
•Attacker pretend that he is a large number of CNs and send packets through HA. •MN will start unnecessary BU procedures with CNs.• MN resource will be wasted.
MNVictim n
Victim 1
Binding Update Procedure
Binding Update Procedure
MIPv6Security: Inducing Unnecessary Binding Update
HA
Attacker
•Attacker pretend that he is the Victim CN and send packets to many MNs.•MNs will start a BU procedure with the CN, wasting the CN resources.
MN 1
Victim
Binding Update Procedure
Binding Update Procedure
MN n
MIPv6Security: Inducing Unnecessary Binding Update
This type of DoS attack can be protected against by:• Limiting the resource used for BU. Once the resources
are expired, no more should be used.• Define security policy at the MN to which IP addresses
should initiate BU procedure. Define a security policy at the CN to which MNs it is allowed to communicate with.
MIPv6Security: Reflection & Amplification
•Attacker uses the Home Address Option to hide the source of the traffic.•Attacker include HOA with the packets sent to some other nodes, tricking them to send the same number or more packets to the target.
victimAttacker reflector
TCP SYN with HOA TCP SYN-ACK to HOA
MIPv6Security: Reflection & Amplification
This type of DoS attack can be avoided by ensuring that the CN does reply only to the same address from which it receives the packet.
MIPv6Security: Round Routability
It is basically checking if there is a node is able to respond to packets send to the given address. The mechanism doesn’t work:
• If routing infrastructure is compromised.• If there is an attack between the verifier and the address
to be verified.
MIPv6Security: Reflection & Amplification
•Attacker uses the Home Address Option to hide the source of the traffic.•Attacker include HOA with the packets sent to some other nodes, tricking them to send the same number or more packets to the target.
MN HA
CN
1) HoTI
2) HoT
1) HoTI2) HoT
3) CoTI
4) CoT
5) BU
MIPv6Security: Goals Of Round Routability
• Avoidance Of reflection: CN reply to the source of the message only.
• Avoidance Of Amplification: CN reply with only one packet of similar size of the received packet.
• Avoidance Of state Exhaustion: The RR messages doesn’t create any state. The state will be created when the first Binding Update is received.
MIPv6Security: Home Address Check
It allows the CN to make sure that the received BU is created by the node that has seen the home test packet.
• MN sends HoTI to the CN; the CN will respond back by HoT.• The HoT contains a cryptographic generated token created as follows
home keygen token = hash(Kcn | home address| nonce|0); Kcn is a secret key known only to the CN.
• The assumption is that the path between the CN and HA is more secure than the wireless path between the MN and HA. Accordingly, the HoTI and HoT are traveled encrypted from MN to HA, while it is on the clear from CN and HA.
MIPv6Security: Care-of Address Check
It allows the CN to make sure that the received BU is created by the node that has seen the Care-of test packet.
• MN sends CoTI to the CN; the CN will respond back by CoT.• The CoT contains a cryptographic generated token created as follows
Care-of keygen token = hash(Kcn | Care-of address| nonce|1); Kcn is a secret key known only to the CN.
• The test messages traverse path between the MN and CN which is not protected. It is vulnerable to eavesdroppers near the CN or on the path between the CN and MN.
MIPv6Security: First BU from MN
• MN will create Kbm as follows: Kbm = SHA1(home keygen token| Care-of keygen token).
• BU contains the following information.1. Source address = Care-of address, the same as the source if CoTI
2. Destination Address = CN node IP address.
3. Home address, the same as the source of HoTI
4. Sequence number.
5. Home and Care-of nonce indices.
6. First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU))
MIPv6Security: First BU Authentication
• From the home and Care-of nonce indeces, the home keygen token and the Care-of keygen token will be regenerated:
home keygen token = hash(Kcn | home address| nonce|0). Care-of keygen token = hash(Kcn | Care-of address| nonce|1).• The Kbm will be regenerated as follows:
Kbm = SHA1(home keygen token| Care-of keygen token).• The authenticator will be regenerated as follows:
Authenticator = First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU)• The generated authenticator from the previous step will be compared with the
authenticator in the BU.
MIPv6Security: Time Shifting Attacks
Lifetime of the BCE allows for the time shifting attack.• If the attacker is able to create false BCE, he will
continue his attack until the BCE lifetime expires.• Or, The attacker will be able to delay the return-to-home
flooding until the BCE entry expires.
The lifetime is very restricted in the current design, consequently the time shift attack will be restricted too.
MIPv6Security: Pretending to be your neighbor
• Attacker uses its real home address, but the address of its neighbor as a Care-of address to perform RR procedure.
• The attacker will eavesdrop the care-of Test as it appears on the local link.
• The attacker will divert the traffic into neighboring node, resulting in an flooding attack.
This attack is not very serious because:• It is only possible against neighbors on local link.• Similar attack can be worked out with Neighbor Discovery
spoofing
References
• Mobile IP version 6 Route Optimization Security Design Background.
Draft-nikander-mobileip-v6-ro-sec-01