Transcript Document
Mobile IP
Presented by: SecureNet
Jayanthi Jayaraman
Meenakshi Mittal
Prachi Albal
Sirisha Maturi
Vineet Mittal
Talk Overview
Introduction to Mobile IP
Working of Mobile IP
Security Issues
Mobile IP in IPV6
Mobile IP: An Introduction
An IP based standard defined by IETF
Mechanism for accommodating host mobility
within the Internet
Useful in cellular environments as well as
wireless LAN,require roaming.
Works with GSM, CDMA, TDMA, GPRS, AMPS,
NAMPS.
Why Mobile IP?
Mobility within the Internet
Communicate with other hosts after moving
from home network without changing IP
address
Mobility must not require changes to other
host’s/router’s software
Mobile IP Functional Entities
Mobile Node -that moves from home n\w to
Home Network-having n\w prefix matching with
foreign n\w.
mobile node's home address.
Foreign Network-other network.
Home Agent-router in home n\w which tunnels
the datagram to Mobile Node.
Foreign Agent-foreign n\w router for Mobile
Node.
Mobile IP Functional Entities
Correspondent node:Mobile node
communicates with this peer node.
Mobility binding: It is association of a
home address with a care-of address,
along with the remaining lifetime of
that association
Mobile IP Functional Entities
Care-of addresses
Whenever a mobile node has moved to a
foreign network, a care-of address is obtained
in one of the following modes:
Foreign agent Care-of Address
Co-located Care-of Address
Mobile IP Architecture
Mobile IP Architecture
To retain the IP address, a mobile node can
have two IP addresses:
Home address: Permanent address used
by higher layer protocols (TCP, UDP).
Care-Of Address: Associated with
foreign n\w and it is different for different
foreign networks. In IPV4 care-of-address
management is achieved by foreign agent.
Mobile IP Architecture
Home agent maintains mobility binding
table where each entry is identified by
tuple <permanent home address, temp
care-of address, association lifetime>
Mobile IP Architecture
Foreign agent maintains visitor list where,
each entry is identified by tuple: <
permanent home address, home agent
address, media address of the mobile node,
association lifetime>.
Mobile IP Architecture
When a mobile node enters a foreign network,
it should obtain the care-of-address through
foreign agent.
Foreign network registers the new care-ofaddress with the home agent
Home agent delivers a mobile node’s packet to
mobile node’s care-of-address by redirecting
or tunneling the packet by placing care-ofaddress in the destination IP address.
Mobile IP Architecture
Foreign agent de-capsulate the received
packet such that mobile node’s home
address will be in the destination IP
address and forwards the packet to the
mobile node.
Mobile IP Architecture
Minimal Encapsulation
Mobile IP Architecture
Triangle routing: When acting
as sender, mobile node
simply sends packets
directly to the other
communicating node through
the foreign agent
Mobile IP Operation
Agent Advertisement
Determine network
Registration
On home network
Moved to foreign network
Exchange of Data
Phase 1: Agent Discovery
Method by which a mobile node determines
whether it is currently connected to its home network
or to a foreign network
and by which a mobile node can detect when it has
moved from one network to another
Mobile IP extends ICMP Router Discovery as its primary
mechanism for Agent Discovery.
An Agent Advertisement is formed by including a Mobility
Agent Advertisement Extension in an ICMP Router
Advertisement message.
Phase 1: Agent Discovery
ICMP Router Discovery Protocol (IRDP)
advertisements.
Specify whether home agent, foreign agent or both.
Care-of address
Types of services it provides(reverse tunneling, GRE)
Allowed registration lifetime
Phase 1: Agent Discovery
Move detection
Algorithm 1
Mobile node starts timer
based on lifetime field
when it receives
advertisement from
foreign agent
If it does not receive
another advertisement
before lifetime has
expired it assumes it
has lost contact
Algorithm 2
Mobile Node checks if
newly received agent
advertisement is on
same subnet as its
current care-of
address.
If network prefix
different assumes it
has moved
Phase 2 : Registration
Mechanism for mobile nodes to communicate their current
reachability information to their home agent.
Used to
request forwarding services when visiting a foreign
network
inform their home agent of their current care-of
address
renew a registration which is due to expire
deregister when they return home
Phase 2 : Registration
Mobile node uses
IP address and mobility security association
(including shared key)
Information from foreign agent advertisement
Phase 2: Registration (cont’d)
Check Validity (including Authentication of Mobile Node)
If valid
1)Home agent creates mobility binding
2)Tunnel to care-of address
3) Routing entry for forwarding packets
to home address through the tunnel
4) And sends a registration reply to
mobile node
If not valid home agent rejects the
request by sending a registration
reply with appropriate error code
Phase 2 : Registration (cont’d)
Foreign agent checks validity of registration reply
adds the mobile node to its visitor list
establishes tunnel to home agent
Creates routing entry for forwarding packets to
home address
Relays registration reply to mobile node
Phase 3: Tunneling
IP in IP encapsulation
Alternate methods
Minimal encapsulation
Generic Routing Encapsulation
(GRE)
Security Issues in Mobile IP
Features exploited by attackers
Wireless communication is inherently less secure.
Provides easier means for attacker to intercept as well
as disrupt operation.
Registration and data forwarding mechanism of Mobile
IP
Types of attacks
Denial of service
Resource Exhaustion
Packet capture
Prevention: Mobile IP supports MD5 (by default) to provide secret
key authentication and integrity checking
Replay Attack
Prevention: Identification field in Registration Request and
Registration Reply messages
Use of timestamps (mandatory) and noonces (optional)
Theft of Information
Passive eavesdropping
Session stealing
Mobility support for IPv6
Mobile IPV6 doesn’t require special foreign
agents as mobile IPV4.
Support for route optimization.
Ensure symmetric reachability between mobile
nodes and its router at current location
Most packets sent to a mobile node while away
from home in Mobile IPv6 are sent using an
IPv6 routing header rather than IP
encapsulation.
Mobility support for IPv6
Mobile
IPv6
is
decoupled from any
particular link layer,
as it uses IPv6
Neighbor Discovery
instead of ARP.
Mobility support for IPv6
Mobility IPv6 Protocol header structure:
8
16
Next
header
Length
24
32 bit
Type Reserved
Home address
Checksum
Data (Variable)
Mobility support for IPv6
Next Header - Identifies the protocol following
this header.
Length - 8 bits unsigned. Size of the header in
units of 8 bytes excluding the first 8 bytes.
Type - Mobility message types.
reserved - MUST be cleared to zero by the sender
and MUST be ignored by the receiver.
Checksum - The 16 bit one's complement
checksum of the Mobility Header.
Data - Variable length.
Route Optimization
Route Optimization
Return Routability Flow diagram
Mobile Node
Home Agent
Correspondent Node
|
|
| Home test Init
|-------------------------------|---------------------------------------|
| Care of test init
|-------------------------------------------------------------------------> |
|
home test
|
|<----------------------------------|<------------------------------------ |
|
Care of Test
|
|-------------------------------------------------------------------------|
|
|
Binding message flow
Mobile Node
Correspondent Node
|
Binding Update
|
|-----------------------------------------------------------|
|
(Seq no. , nonce indices , care of address)
|
|
|
|
|
|
Binding ACK
|
|----------------------------------------------------------|
(Seq no. , status)
Source Address = care-of address
Destination Address = correspondent
Parameters: home address
sequence number
home nonce index
care-of nonce index
First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU)))
Route Optimization
Route Optimization provides three main
operations:
Updating binding caches
Managing smooth handoffs between foreign
agents.
Acquiring
registration keys for smooth
handoffs.
Conclusion
Enables network mobility.
It is scalable.
It is transparent.
And it is secure.
References
http://www.ietf.org/rfc/rfc3344.txt
http://www.ietf.org/rfc/rfc3775.txt
http://www.cisco.com/en/US/tech/tk827/tk369/tec
hnologies_white_paper09186a00800c9906.shtml
http://www.redbooks.ibm.com/redbooks/pdfs/gg2
43376.pdf
http://www.tcpipguide.com/free/t_MobileIPSecuri
tyConsiderations.htm
http://www.javvin.com/protocolMIP.html
Questions???