ppt-5.11.09
TRANSCRIPT
SECURITY SECURITY THREATS IN THREATS IN MOBILE IPv6MOBILE IPv6
ABSTRACTABSTRACT In this project we have analyzed major In this project we have analyzed major
security issues in Mobile IPv6, the security issues in Mobile IPv6, the consequences they have on its consequences they have on its deployment, solutions proposed so far deployment, solutions proposed so far and problems in those solutions.and problems in those solutions.
We have done a comparative study of We have done a comparative study of these threats with respect to the effect these threats with respect to the effect they have on performance of MIPv6they have on performance of MIPv6
We have created a simulation of an We have created a simulation of an improved Return Routability Procedure improved Return Routability Procedure
Mobile IPv6Mobile IPv6 Mobile IPv6(MIPv6) is a mandatory Mobile IPv6(MIPv6) is a mandatory
feature of IPv6 which has been feature of IPv6 which has been developed to enable mobility in IP developed to enable mobility in IP networks for mobile terminals.networks for mobile terminals.
It is intended to enable IPv6 nodes It is intended to enable IPv6 nodes to move from one IP subnet to to move from one IP subnet to another.another.
BINDING UPDATESBINDING UPDATES Under MIPv6 a new class of messages Under MIPv6 a new class of messages
dubbed binding updates confirm the dubbed binding updates confirm the identity of a device, even if it's moving.identity of a device, even if it's moving.
This method allows communications to This method allows communications to go directly to the mobile device go directly to the mobile device without first passing through the home without first passing through the home address, resulting in an increase of address, resulting in an increase of both speed and efficiency.both speed and efficiency.
Internet
Mobile Node sends Binding Update
Home Agent replies with Binding Acknowledgement
Home Agent
Mobile Node
R
R
RNetwork B
Network C
Network A
Corresp.Node C
Mobile Node registers at its Home Agent
Internet
Internet
Internet
Mobile Node sends Binding Updates to Home Agent and all Corresp. Nodes, which already received a previous Binding Update from this Mobile Node
Home Agent
R
R
R
R
Network B
Network C
Network A Network D
Corresp.Node C
Mobile IPv6 Roaming
Mobile IPv6 security vulnerabilities
The security threats The security threats and scenarios have become a driving force to a new set of goals that Mobile IPv6 was required to address in order to be standardized.
In the subsequent slides we will discuss classification of threats, types of attackers and a discussion of possible threat scenarios.
General requirements of Mobile IPv6 security
Should be no worse than Mobile IPv4 as it is today.
Should be as secure as if the mobile node was on the home link without using Mobile IP.
Should optimize the number of message exchanges and bytes sent between the participating entities (MN, CN, and HA), since many MNs are expected to operate over bandwidth constrained wireless links.
Classification of ThreatsClassification of ThreatsIn the absence of a security association between most
MN–CN pairs, there are multiple vulnerabilities that the MN, the CN, or the HA or home network, become exposed to. The major threats can be classified as follows:
a. Tampering with the binding cache entries: . Tampering binding cache entry at a home agent. . Tampering binding cache entry at a
correspondent node. . Tampering binding cache entry at the previous
access router, acting as a temporary packet forwarding home
agent.
Classification of Classification of Threats(contd.)Threats(contd.)
b. b. Denial-of-service (DoS). . Preventing an MN from communicating
with some or all nodes. . Pr. Preventing a CN from communicating with
some or all nodes. . Preventing an HA from serving legitimate
MNs.
c. Disclosure of sensitive information . Disclosure of nodes serving as home agents
in a network.
Classification of Classification of AttackersAttackers
The following classes of attackers are considered as a basis for the types of threat scenarios that occur.
An arbitrary node, anywhere in the Internet, launching an attack against an MN, a CN, or an HA.
An attacker located on the same (wireless) link as the MN.
An attacker located on the same link as the CN. An attacker located on the same link as the HA.
Threat ScenariosThreat ScenariosATTACKER ATTACKER LOCATIONLOCATION
ATTACKSATTACKS EFFECTEFFECT ATTACK ATTACK REQUIREMENTSREQUIREMENTS
Anywhere in the Anywhere in the internetinternet
1. Tampering with MN /CN bindingcache entries
Man-in-the-middle Man-in-the-middle (MITM)(MITM)DoS DoS
Knowledge of home address,and any CN
2. BU flooding DoSDoS
MN/CN LinkMN/CN Link 1. Sending spoofed BU/BA
MITM/DoS Only the knowledge of any CN
2. BU flooding DoSDoS
HA LinkHA Link 1. Acting as the HA Masquerade/DoS No additional knowledgeis required
2. Tampering with HA bindingcache entries
MITM/DoS
3. Sending spoofed BU/BA
MITM/DoS
4. BU flooding DoSDoS
Scenario 1Scenario 1(Attacker knows MNs HA & both (Attacker knows MNs HA & both
end points)end points)Tampering with the CN binding cache
Threat: The attacker can send a BU to the CN using the acquired HoAand a malicious CoA. The CN would believe that the MN has
moved and hence has a new CoA. It updates the entry forthe MN in its binding cache
Effect: The packet stream for the ongoing session from the CN to theMN now is diverted to the malicious node
Scalability: Leads to Denial of Service, intruder can also act himself as Man in the Middle
Scenario 1Scenario 1(Attacker knows MNs HA & both (Attacker knows MNs HA & both
end points)end points)Tampering with the MN binding cache
Threat: The attacker can send a BU to the MN using the acquired CoAand a malicious HoA. The MN would believe that the CN hasmoved and hence has a new address. It updates the entry for
the CN in its binding cache
Effect: The packet stream for the ongoing session from the CN to theMN now is diverted to the malicious node
Scalability: Leads to Denial of Service, intruder can also act himself as Man in the Middle
Scenario 1Scenario 1(Attacker knows MNs HA & both (Attacker knows MNs HA & both
end points)end points)BU Flooding
Threat: A malicious node or virus could keep sending fake BUs to anyCN, the MN itself or the HA, at a very rapid rate and thereby
create unnecessary state at the MIPv6 node.
Effect: Binding cache memory gets inundated with node entries having no meaning,
thus increasing traffic
Scalability: Valid node entry cannot be created hence Denial of Service
Scenario 2Scenario 2(Attacker determines CN through (Attacker determines CN through
passive monitoring)passive monitoring)Sending spoofed BUs
Threat: Attacker knows as to which CNs the MN is sending BUs. It sends spoofed
BUs to CN and to MN to depict co-location
Effect: Causes traffic to be routed elsewhere.If spoofed BUs are send to both CN and MN
then Denial of Service occurs
Scalability: Attacker could possibly change the contents of traffic
Scenario 2Scenario 2(Attacker determines CN through (Attacker determines CN through
passive monitoring)passive monitoring)Sending spoofed BAs
Threat: When MN sends a BUthe attacker would reply to MN with a spoofed BA, different
than the true BA it would receive from the CN
Effect: This attack can result in (1) MN sends unnecessary BU’s (subjectto rate limiting of sending BU’s) or (2) MN does not send
a BU that is necessary
Scalability: Unnecessary triangular routing takes place or MN is not available at all
Scenario 2Scenario 2(Attacker determines CN through (Attacker determines CN through
passive monitoring)passive monitoring)BU Flooding
Threat: Sending fake binding updates to MNor CN or both thereby increasing unnecessary
traffic
Effect: Increase in traffic, packet transfer slows down
Scalability: Denial of Service attack, CN-MN link could break due to excess packets
Scenario 3Scenario 3(Attacker monitors the HA and MN (Attacker monitors the HA and MN
communicating with it)communicating with it)Acting as the HA
Threat: If attacker is on subnet as HA and MN,It could act as HA itself to receive BUs
Effect: Leads to various man in the middle Attacks, flooding of Bus to MN
Scalability: Could lead to spoofing of IP addresses, rejection of BUs
Scenario 3Scenario 3(Attacker monitors the HA and MN (Attacker monitors the HA and MN
communicating with it)communicating with it)Sending Spoofed BUs/BAs
Threat: Attacker can place itself in a way thatit intercepts even BAs and force changes in
node entry
Effect: This attack of sending spoofed BUs can lead to the changingthe route of packets from CN to MN, which is classified as
a DoS attack on the MN or the CN.
Scalabilty: Man in the Middle attack, traffic congestion
Comparison of Threat Comparison of Threat ScenariosScenarios
Probability of Probability of AttackAttack
Number of Number of Affected linksAffected links
Scenario 1Scenario 1 HighHigh >2>2
Scenario 2Scenario 2 HighHigh >1>1
Scenario 3Scenario 3 LowLow 11
Mobile IPv6 security goals Securing binding updates. Securing mobile prefix and dynamic
home agent discovery. Securing the mechanisms that
Mobile IPv6 uses for transporting data packets.
Mobile IPv6 security solutions
The major security solutions of MIPv6 The major security solutions of MIPv6 are:are:
. IPsec and IKE standard solution . Return routability solution . Cross-layering security approach
IPSec in Mobile IPv6IPSec in Mobile IPv6Currently, IPsec is used in protecting messages exchanged
between the mobile node and the home agent, and no new security mechanism exists for this purpose. The use of the mandatory IPsec authentication header (AH) and the encapsulating security payload (ESP) and a key management mechanism help to ensure the integrity of the binding update messages between the MN and the HA.
To prevent the MN from sending a binding update for another mobile node using its association, the home agent also verifies that the binding update message contains the correct HoA, either as the source of the packet or in an optional field at end of the packet. Such a check is provided in the IPsec processing, by having the security policy database entries unequivocally identify a single security association for protecting binding updates between any given home address and the HA.
IKE in Mobile IPv6IKE in Mobile IPv6Internet Key Exchange (IKE) establishes a
secure framework for the distribution of public keys. When IKE is used, either the security policy database entries or the Mobile IPv6 processing relies on the unequivocal identification of the IKE credentials which can be used to authorize the creation of security associations for protecting binding updates for a particular HoA.
Shortcomings in using Shortcomings in using IPSec and IKEIPSec and IKE
IPSec and IKE are strong cryptographic IPSec and IKE are strong cryptographic authentication protocols. authentication protocols. The problem is that the authentication needs to work between any MN and any correspondent in the Internet (mobile or not). No infrastructure-based solution currently exists that could be used to authenticate all IPv6 nodes. One of the main shortcomings of the integration of IPsec/IKE into MIPv6 is that the processing overhead of these protocols can be too high for low-end mobile devices and for a network layer signaling protocol.
Cross Layering Security Cross Layering Security ApproachApproach
It aims at modifying It aims at modifying IPsec/IKE in a way so that so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. It generally makes IPSec multi-layered protocol. This protocol allows a user to define zones within an IP packet. Each zone is encrypted and authenticated with its own security association.
Shortcomings in Cross Shortcomings in Cross Layering Security ApproachLayering Security ApproachThe key management is a major issue The key management is a major issue
in in cross layering approach as in in cross layering approach as distribution of multiple keys is distribution of multiple keys is required for multi-layered IPSec. required for multi-layered IPSec. Also, this approach does not account Also, this approach does not account for mobility, for mobility, and does not provide any implementation or performance insights.
Return routability solutionIt is an example of infrastructureless It is an example of infrastructureless
authentication. authentication. Return routability authentication method is based on the fact that routing in the Internet is semi-reliable. It is difficult for a remote attacker to change the route of packets that do not travel via the attacker’s network. Using RR solution reduces number of attackers significantly.
Return Routability Procedure
Authentication without Public Key infrastructure or pre-shared keys Two tokens, two paths: must have both to complete update Difficult for attacker to intercept both tokens & generate valid MAC MAC also protects integrity of plaintext message
Goal: Should be as secure as regular IPv4 (without mobility)
CN ↔ Mobile via Home1a: Home Test Init2a: Home Test (token1)CN ↔ Mobile1b: Care-of Test Init2b: Care-of Test (token2)
Kbm = SHA(token1|token2)
3: Binding Update (MACKbm)4: Binding ACK (MACKbm)
Correspondent Node (CN)
Home
Mobile
Return Routability Return Routability MessagesMessages
General Descriptions: Kcn: A “node” key generated by correspondent node that is a
random number, 20 octets in length. Nonce: A random number of any length (64 bits is
recommended), generated at regular intervals, and may be stored in an array with the nonce index indicating array position
1a: Home Test Init message Source: Home address Destination: correspondent Contents: Home init cookie – 64 bit random value 1b: Care-of Test Init message Source: Care-of address Destination: correspondent Contents: Care-of cookie – 64 bit random value
RR Messages(contd.) RR Messages(contd.) 2a: Home Test message Source: Correspondent Destination: home address Contents: Home init cookie – received from mobile node Home keygen token – First(64, HMAC_SHA1(Kcn, (home address | nonce
| 0))) Home nonce index – identifies which nonce is being used in this message 2b: Care-of Test message Source: Correspondent Destination: care-of address Contents: Care-of init cookie – received from mobile node Care-of keygen token – First(64, HMAC_SHA1(Kcn, (care-of address | nonce
| 1))) Care-of nonce index – identifies which nonce is being used in this
message Mobile node calculates Kbm = SHA1(home keygen token | care-of keygen
token)
RR Messages(contd.)RR Messages(contd.) 3: Binding update message Source: care-of address Destination: correspondent Contents: Sequence number – 16-bit unsigned int Home nonce index – received from correspondent Care-of nonce index – received from correspondent MAC = First(96, HMAC_SHA1(Kbm, (care-of address |
correspondent | BU message)) Correspondent node verifies the MAC and creates a Binding Cache entry
for the mobile. 4: Binding Acknowledgment message (optional) Source: correspondent Destination: care-of address Contents: Sequence number – 16-bit unsigned int; same as binding
update received MAC = First(96, HMAC_SHA1(Kbm, (care-of address |
correspondent | BA message)))
APPLICATION OF THE APPLICATION OF THE PROJECTPROJECT
Binding update messages used in Mobile IPv6 Binding update messages used in Mobile IPv6 are a shortcut designed to speed wireless are a shortcut designed to speed wireless communications that use IPv6.communications that use IPv6.
Speed is the major advantage MIPv6 has over Speed is the major advantage MIPv6 has over MIPv4 but without proper security measures MIPv4 but without proper security measures the deployment of MIPv6 and IPv6 in general the deployment of MIPv6 and IPv6 in general will be hampered.will be hampered.
The principle of RR procedure is based on a weak assumption of monitoring only one link. Usage of dual key manipulation will make it more effective
Future ScopeFuture ScopeMobile IPv6 specification is still Mobile IPv6 specification is still
unfinished and there is a real chance unfinished and there is a real chance to contribute to the development to contribute to the development work. work. The evaluation of these solutions in terms of security and efficiency remains unclear given the complex interdependencies in critical infrastructure systems and the rapidly evolving nature of networking
THANK YOU THANK YOU
Saumya AgarwalSaumya AgarwalSuhail KhanSuhail Khan