ppt-5.11.09

SECURITY SECURITY THREATS IN THREATS IN MOBILE IPv6MOBILE IPv6

ABSTRACTABSTRACT In this project we have analyzed major In this project we have analyzed major

security issues in Mobile IPv6, the security issues in Mobile IPv6, the consequences they have on its consequences they have on its deployment, solutions proposed so far deployment, solutions proposed so far and problems in those solutions.and problems in those solutions.

We have done a comparative study of We have done a comparative study of these threats with respect to the effect these threats with respect to the effect they have on performance of MIPv6they have on performance of MIPv6

We have created a simulation of an We have created a simulation of an improved Return Routability Procedure improved Return Routability Procedure

Mobile IPv6Mobile IPv6 Mobile IPv6(MIPv6) is a mandatory Mobile IPv6(MIPv6) is a mandatory

feature of IPv6 which has been feature of IPv6 which has been developed to enable mobility in IP developed to enable mobility in IP networks for mobile terminals.networks for mobile terminals.

It is intended to enable IPv6 nodes It is intended to enable IPv6 nodes to move from one IP subnet to to move from one IP subnet to another.another.

BINDING UPDATESBINDING UPDATES Under MIPv6 a new class of messages Under MIPv6 a new class of messages

dubbed binding updates confirm the dubbed binding updates confirm the identity of a device, even if it's moving.identity of a device, even if it's moving.

This method allows communications to This method allows communications to go directly to the mobile device go directly to the mobile device without first passing through the home without first passing through the home address, resulting in an increase of address, resulting in an increase of both speed and efficiency.both speed and efficiency.

Internet

Mobile Node sends Binding Update

Home Agent replies with Binding Acknowledgement

Home Agent

Mobile Node

R

R

RNetwork B

Network C

Network A

Corresp.Node C

Mobile Node registers at its Home Agent

Internet

Internet

Internet

Mobile Node sends Binding Updates to Home Agent and all Corresp. Nodes, which already received a previous Binding Update from this Mobile Node

Home Agent

R

R

R

R

Network B

Network C

Network A Network D

Corresp.Node C

Mobile IPv6 Roaming

Mobile IPv6 security vulnerabilities

The security threats The security threats and scenarios have become a driving force to a new set of goals that Mobile IPv6 was required to address in order to be standardized.

In the subsequent slides we will discuss classification of threats, types of attackers and a discussion of possible threat scenarios.

General requirements of Mobile IPv6 security

Should be no worse than Mobile IPv4 as it is today.

Should be as secure as if the mobile node was on the home link without using Mobile IP.

Should optimize the number of message exchanges and bytes sent between the participating entities (MN, CN, and HA), since many MNs are expected to operate over bandwidth constrained wireless links.

Classification of ThreatsClassification of ThreatsIn the absence of a security association between most

MN–CN pairs, there are multiple vulnerabilities that the MN, the CN, or the HA or home network, become exposed to. The major threats can be classified as follows:

a. Tampering with the binding cache entries: . Tampering binding cache entry at a home agent. . Tampering binding cache entry at a

correspondent node. . Tampering binding cache entry at the previous

access router, acting as a temporary packet forwarding home

agent.

Classification of Classification of Threats(contd.)Threats(contd.)

b. b. Denial-of-service (DoS). . Preventing an MN from communicating

with some or all nodes. . Pr. Preventing a CN from communicating with

some or all nodes. . Preventing an HA from serving legitimate

MNs.

c. Disclosure of sensitive information . Disclosure of nodes serving as home agents

in a network.

Classification of Classification of AttackersAttackers

The following classes of attackers are considered as a basis for the types of threat scenarios that occur.

An arbitrary node, anywhere in the Internet, launching an attack against an MN, a CN, or an HA.

An attacker located on the same (wireless) link as the MN.

An attacker located on the same link as the CN. An attacker located on the same link as the HA.

Threat ScenariosThreat ScenariosATTACKER ATTACKER LOCATIONLOCATION

ATTACKSATTACKS EFFECTEFFECT ATTACK ATTACK REQUIREMENTSREQUIREMENTS

Anywhere in the Anywhere in the internetinternet

1. Tampering with MN /CN bindingcache entries

Man-in-the-middle Man-in-the-middle (MITM)(MITM)DoS DoS

Knowledge of home address,and any CN

2. BU flooding DoSDoS

MN/CN LinkMN/CN Link 1. Sending spoofed BU/BA

MITM/DoS Only the knowledge of any CN


HA LinkHA Link 1. Acting as the HA Masquerade/DoS No additional knowledgeis required

2. Tampering with HA bindingcache entries

MITM/DoS

3. Sending spoofed BU/BA

MITM/DoS


Scenario 1Scenario 1(Attacker knows MNs HA & both (Attacker knows MNs HA & both

end points)end points)Tampering with the CN binding cache

Threat: The attacker can send a BU to the CN using the acquired HoAand a malicious CoA. The CN would believe that the MN has

moved and hence has a new CoA. It updates the entry forthe MN in its binding cache

Effect: The packet stream for the ongoing session from the CN to theMN now is diverted to the malicious node

Scalability: Leads to Denial of Service, intruder can also act himself as Man in the Middle


end points)end points)Tampering with the MN binding cache

Threat: The attacker can send a BU to the MN using the acquired CoAand a malicious HoA. The MN would believe that the CN hasmoved and hence has a new address. It updates the entry for

the CN in its binding cache

Effect: The packet stream for the ongoing session from the CN to theMN now is diverted to the malicious node

Scalability: Leads to Denial of Service, intruder can also act himself as Man in the Middle


end points)end points)BU Flooding

Threat: A malicious node or virus could keep sending fake BUs to anyCN, the MN itself or the HA, at a very rapid rate and thereby

create unnecessary state at the MIPv6 node.

Effect: Binding cache memory gets inundated with node entries having no meaning,

thus increasing traffic

Scalability: Valid node entry cannot be created hence Denial of Service

Scenario 2Scenario 2(Attacker determines CN through (Attacker determines CN through

passive monitoring)passive monitoring)Sending spoofed BUs

Threat: Attacker knows as to which CNs the MN is sending BUs. It sends spoofed

BUs to CN and to MN to depict co-location

Effect: Causes traffic to be routed elsewhere.If spoofed BUs are send to both CN and MN

then Denial of Service occurs

Scalability: Attacker could possibly change the contents of traffic


passive monitoring)passive monitoring)Sending spoofed BAs

Threat: When MN sends a BUthe attacker would reply to MN with a spoofed BA, different

than the true BA it would receive from the CN

Effect: This attack can result in (1) MN sends unnecessary BU’s (subjectto rate limiting of sending BU’s) or (2) MN does not send

a BU that is necessary

Scalability: Unnecessary triangular routing takes place or MN is not available at all


passive monitoring)passive monitoring)BU Flooding

Threat: Sending fake binding updates to MNor CN or both thereby increasing unnecessary

traffic

Effect: Increase in traffic, packet transfer slows down

Scalability: Denial of Service attack, CN-MN link could break due to excess packets

Scenario 3Scenario 3(Attacker monitors the HA and MN (Attacker monitors the HA and MN

communicating with it)communicating with it)Acting as the HA

Threat: If attacker is on subnet as HA and MN,It could act as HA itself to receive BUs

Effect: Leads to various man in the middle Attacks, flooding of Bus to MN

Scalability: Could lead to spoofing of IP addresses, rejection of BUs

Scenario 3Scenario 3(Attacker monitors the HA and MN (Attacker monitors the HA and MN

communicating with it)communicating with it)Sending Spoofed BUs/BAs

Threat: Attacker can place itself in a way thatit intercepts even BAs and force changes in

node entry

Effect: This attack of sending spoofed BUs can lead to the changingthe route of packets from CN to MN, which is classified as

a DoS attack on the MN or the CN.

Scalabilty: Man in the Middle attack, traffic congestion

Comparison of Threat Comparison of Threat ScenariosScenarios

Probability of Probability of AttackAttack

Number of Number of Affected linksAffected links

Scenario 1Scenario 1 HighHigh >2>2

Scenario 2Scenario 2 HighHigh >1>1

Scenario 3Scenario 3 LowLow 11

Mobile IPv6 security goals Securing binding updates. Securing mobile prefix and dynamic

home agent discovery. Securing the mechanisms that

Mobile IPv6 uses for transporting data packets.

Mobile IPv6 security solutions

The major security solutions of MIPv6 The major security solutions of MIPv6 are:are:

. IPsec and IKE standard solution . Return routability solution . Cross-layering security approach

IPSec in Mobile IPv6IPSec in Mobile IPv6Currently, IPsec is used in protecting messages exchanged

between the mobile node and the home agent, and no new security mechanism exists for this purpose. The use of the mandatory IPsec authentication header (AH) and the encapsulating security payload (ESP) and a key management mechanism help to ensure the integrity of the binding update messages between the MN and the HA.

To prevent the MN from sending a binding update for another mobile node using its association, the home agent also verifies that the binding update message contains the correct HoA, either as the source of the packet or in an optional field at end of the packet. Such a check is provided in the IPsec processing, by having the security policy database entries unequivocally identify a single security association for protecting binding updates between any given home address and the HA.

IKE in Mobile IPv6IKE in Mobile IPv6Internet Key Exchange (IKE) establishes a

secure framework for the distribution of public keys. When IKE is used, either the security policy database entries or the Mobile IPv6 processing relies on the unequivocal identification of the IKE credentials which can be used to authorize the creation of security associations for protecting binding updates for a particular HoA.

Shortcomings in using Shortcomings in using IPSec and IKEIPSec and IKE

IPSec and IKE are strong cryptographic IPSec and IKE are strong cryptographic authentication protocols. authentication protocols. The problem is that the authentication needs to work between any MN and any correspondent in the Internet (mobile or not). No infrastructure-based solution currently exists that could be used to authenticate all IPv6 nodes. One of the main shortcomings of the integration of IPsec/IKE into MIPv6 is that the processing overhead of these protocols can be too high for low-end mobile devices and for a network layer signaling protocol.

Cross Layering Security Cross Layering Security ApproachApproach

It aims at modifying It aims at modifying IPsec/IKE in a way so that so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. It generally makes IPSec multi-layered protocol. This protocol allows a user to define zones within an IP packet. Each zone is encrypted and authenticated with its own security association.

Shortcomings in Cross Shortcomings in Cross Layering Security ApproachLayering Security ApproachThe key management is a major issue The key management is a major issue

in in cross layering approach as in in cross layering approach as distribution of multiple keys is distribution of multiple keys is required for multi-layered IPSec. required for multi-layered IPSec. Also, this approach does not account Also, this approach does not account for mobility, for mobility, and does not provide any implementation or performance insights.

Return routability solutionIt is an example of infrastructureless It is an example of infrastructureless

authentication. authentication. Return routability authentication method is based on the fact that routing in the Internet is semi-reliable. It is difficult for a remote attacker to change the route of packets that do not travel via the attacker’s network. Using RR solution reduces number of attackers significantly.

Return Routability Procedure

Authentication without Public Key infrastructure or pre-shared keys Two tokens, two paths: must have both to complete update Difficult for attacker to intercept both tokens & generate valid MAC MAC also protects integrity of plaintext message

Goal: Should be as secure as regular IPv4 (without mobility)

CN ↔ Mobile via Home1a: Home Test Init2a: Home Test (token1)CN ↔ Mobile1b: Care-of Test Init2b: Care-of Test (token2)

Kbm = SHA(token1|token2)

3: Binding Update (MACKbm)4: Binding ACK (MACKbm)

Correspondent Node (CN)

Home

Mobile

Return Routability Return Routability MessagesMessages

General Descriptions: Kcn: A “node” key generated by correspondent node that is a

random number, 20 octets in length. Nonce: A random number of any length (64 bits is

recommended), generated at regular intervals, and may be stored in an array with the nonce index indicating array position

1a: Home Test Init message Source: Home address Destination: correspondent Contents: Home init cookie – 64 bit random value 1b: Care-of Test Init message Source: Care-of address Destination: correspondent Contents: Care-of cookie – 64 bit random value

RR Messages(contd.) RR Messages(contd.) 2a: Home Test message Source: Correspondent Destination: home address Contents: Home init cookie – received from mobile node Home keygen token – First(64, HMAC_SHA1(Kcn, (home address | nonce

| 0))) Home nonce index – identifies which nonce is being used in this message 2b: Care-of Test message Source: Correspondent Destination: care-of address Contents: Care-of init cookie – received from mobile node Care-of keygen token – First(64, HMAC_SHA1(Kcn, (care-of address | nonce

| 1))) Care-of nonce index – identifies which nonce is being used in this

message Mobile node calculates Kbm = SHA1(home keygen token | care-of keygen

token)

RR Messages(contd.)RR Messages(contd.) 3: Binding update message Source: care-of address Destination: correspondent Contents: Sequence number – 16-bit unsigned int Home nonce index – received from correspondent Care-of nonce index – received from correspondent MAC = First(96, HMAC_SHA1(Kbm, (care-of address |

correspondent | BU message)) Correspondent node verifies the MAC and creates a Binding Cache entry

for the mobile. 4: Binding Acknowledgment message (optional) Source: correspondent Destination: care-of address Contents: Sequence number – 16-bit unsigned int; same as binding

update received MAC = First(96, HMAC_SHA1(Kbm, (care-of address |

correspondent | BA message)))

APPLICATION OF THE APPLICATION OF THE PROJECTPROJECT

Binding update messages used in Mobile IPv6 Binding update messages used in Mobile IPv6 are a shortcut designed to speed wireless are a shortcut designed to speed wireless communications that use IPv6.communications that use IPv6.

Speed is the major advantage MIPv6 has over Speed is the major advantage MIPv6 has over MIPv4 but without proper security measures MIPv4 but without proper security measures the deployment of MIPv6 and IPv6 in general the deployment of MIPv6 and IPv6 in general will be hampered.will be hampered.

The principle of RR procedure is based on a weak assumption of monitoring only one link. Usage of dual key manipulation will make it more effective

Future ScopeFuture ScopeMobile IPv6 specification is still Mobile IPv6 specification is still

unfinished and there is a real chance unfinished and there is a real chance to contribute to the development to contribute to the development work. work. The evaluation of these solutions in terms of security and efficiency remains unclear given the complex interdependencies in critical infrastructure systems and the rapidly evolving nature of networking

THANK YOU THANK YOU

Saumya AgarwalSaumya AgarwalSuhail KhanSuhail Khan

ppt-5.11.09

Documents