Mobile IP: General Security Issues
Download
Report
Transcript Mobile IP: General Security Issues
Anton Kozlov
Mobile IP: Security Issues
Survey of security chapters from the book by
James D. Solomon, Mobile IP: The Internet Unplugged,
Prentice Hall, 1998
Applied Crypto and e-Security Lab
http://www.cs.bu.edu/groups/aces/
Boston University 2000
Current State of Mobile Computing
Mobile computers are one of the fastest growing
segments of the PC market
Short-range wireless networks (Bluetooth) available
from IBM, Toshiba, Dell, HP…
High-speed (11 Mbps) wireless LAN products are now
easily and cheaply available (IEEE 802.11a, IEEE
802.11b)
Low speed (currently 128 Kbps) Metropolitan Area
Wireless Network services are available in some cities
and spreading (Metricom’s Ricochet)
Applied Crypto and e-Security Lab
Boston University 2000
2
Mobile Computers’ Characteristics
May change point of network connection
frequently
May be in use as point of network connection
changes
Usually have less powerful CPU, less memory
and disk space
Less secure physically
Limited battery power
Applied Crypto and e-Security Lab
Boston University 2000
3
Wireless Networks’ Characteristics
Generally lower bandwidth
Higher latency and variability
Higher error rate
More susceptible to interference and
eavesdropping
Applied Crypto and e-Security Lab
Boston University 2000
4
Outline of the Tutorial
Part 1: The Need for Mobile IP
Part 2: Mobile IP Overview (for IPv4)
Part 3: Security Issues
A Simple Mobile IP Application (Private
Network without Internet connection)
A More Complicated Application: InternetWide Mobility
Applied Crypto and e-Security Lab
Boston University 2000
5
Part 1: The Need for Mobile IP
Problems
Terminology
What Happens When a Node Changes Link?
Can’t We Solve This Problem with HostSpecific Routes?
Why Not Just Change the Node’s IP Address?
Can’t We Just Solve the Problem at the Link
Layer?
What If We Only Need Nomadicity?
Applied Crypto and e-Security Lab
Boston University 2000
6
Mobile IP solves the following problems:
If node moves from one link to another without
changing its IP address, it will be unable to receive
packets at the new link
If a node changes its IP address when it moves, it
will have to terminate and restart any ongoing
communications each time it moves
Mobil IP solves these problems in secure, robust, and
medium-independent manner whose scaling
properties make it applicable throughout the entire
Internet
Applied Crypto and e-Security Lab
Boston University 2000
7
The Need for Mobile IP
Terminology
A home link is the link on which a specific node should be
located; that is the link, which has been assigned the same
network-prefix as the node’s IP address
A foreign link is any link other than a node’s home link – that
is, any link whose network-prefix differs from that of the
node’s IP address
Host-specific route is a routing-table with Prefix-Length of 32
bits, it will provide a match for exactly one IP Destination
Address; namely, the address specified in the Target field
Mobility is the ability of a node to change its point of
attachment from one link to another while maintaining all
existing communications and using the same IP address at
its new link
Applied Crypto and e-Security Lab
Boston University 2000
8
What Happens When a Node Changes
Link?
Applied Crypto and e-Security Lab
Boston University 2000
9
Can’t We Solve the Mobility Problem with
Host-Specific Routes?
How Might Host-Specific Routes Solve the
Problem?
If it Solves the Problem, Is This Solution a
Good One?
Applied Crypto and e-Security Lab
Boston University 2000
10
Is This Solution a Good One?
How Many Mobile Nodes We Can Expect?
How Many Routes Are Required for Each Mobile Node?
How Fast Will a Node Change Links?
Is This Solution Robust?
Is It Secure?
Applied Crypto and e-Security Lab
Boston University 2000
11
Conclusion:Host Specific Routes is an
Unworkable Solution to Node Mobility in
the Internet
Minimally, host-specific routes must be
propagated to all nodes along the path
between a mobile node’s home link and its
foreign link
Some (in the worst case all) of these routes
must be updated every time the node moves
from one link to another
We expect millions of nodes to be operating
Applied Crypto and e-Security Lab
Boston University 2000
12
Host-Specific routing has severe scaling,
robustness, and security problems
Unless host-specific routes are propagated to
a much larger set of routers than minimal set
described in the first item above, then the
Internet mobility to route around isolated
node and link failures is negated by hostspecific routing
Serious security implications would require
authentication, and complicated key
management protocol to address
Applied Crypto and e-Security Lab
Boston University 2000
13
Why Not Just Change the Node’s IP
Address?
Can Connections Survive a Changing IP Address?
How Do We Find a Node Whose IP Address Keeps
Changing?
No, because all open TCP connections will be terminated
Only if a mobile node itself initiates communication, a huge
overhead to keep entries in DNS updated, address returned
by a name server is subject to change at any moment
Can’t we just solve the problem at the Link Layer?
(Cellular Digital Packet Data - CDPD (11Kbps), IEEE
802.11…)
Provides node mobility only in the context of a single type of
medium and within a limited geographic area
Applied Crypto and e-Security Lab
Boston University 2000
14
What If We Only Need Nomadicity?
A nomadic node is one which must terminate
all existing communications before changing
its point-of-attachment, but then can initiate
new connections with a new IP address once
it reaches its new location.
If all communications are initiated by the user
of a mobile node, and the user does not mind
shutting down his applications and restarting
then at a new location, then nomadicity is
indeed sufficient
Applied Crypto and e-Security Lab
Boston University 2000
15
Why Mobility Is Preferable to Nomadicity?
Many applications have configuration data bases which depend
on IP addresses, as opposed to host names
In the future Servers and not just Clients might need to become
mobile (Clients know their Servers only by their IP addresses)
Some license application vendors provide network-licensing
systems which restrict access to only those nodes possessing
specific ranges of IP addresses
Some security mechanisms provide access privileges to nodes
based upon their IP addresses. Mobile nodes employing Mobile
IP allow such mechanisms to work in the presence of node
mobility
Limited availability of IPv4 addresses, need for specific address
assignment mechanisms
Applied Crypto and e-Security Lab
Boston University 2000
16
Summary
A node that changes from one link to another is
incapable of communicating at the new location
unless it changes its IP address
Host-specific routing is not workable solution in the
context of the global Internet
Changing a node’s IP address is undesirable
The difference between mobile and nomadic
computing (impossible for other node to know at
what address a nomadic computer can be reached at
any given moment)
Applied Crypto and e-Security Lab
Boston University 2000
17
Summary (cont.)
All link-layer solutions share limitations in
their geographic applicability and the media
over which they can run.
Even in those instances where a node
requires only nomadicity, the more subtle
advantages offered by Mobile IP mobility can
make network administration much easier.
Applied Crypto and e-Security Lab
Boston University 2000
18
Part 2: Mobile IP Overview (for IPv4)
Is Mobile IP an Official Standard?
What Is the Scope of the Mobile IP Solution?
What Are the Requirements for Mobile IP?
What Assumption Does Mobile IP Make?
Where Does Mobile IP Reside?
Generally How Does Mobile IP Works?
Summary
Applied Crypto and e-Security Lab
Boston University 2000
19
Is Mobile IP an Official Standard?
Mobile IP was approved by the Internet
Engineering Steering Group (IESG) in June
1996 and published as a Proposed Standard
in November 1996.
Main reference document : Request for
Comments (RFC) 2002
There are other RFCs defining specific
aspects of Mobile IP, such as tunneling,
applicability, Management Information Base…
Applied Crypto and e-Security Lab
Boston University 2000
20
What Is the Scope of the Mobile IP
Solution?
Mobile IP is a network-layer solution to node mobility in the Internet
It accomplishes its task by setting up the routing tables in appropriate
nodes, such that IP packets can be sent to mobile nodes not connected
to their home link
Can be considered to be a routing protocol, which has a very
specialized purpose of allowing IP packets to be routed to mobile
nodes which could potentially change their location very rapidly.
Mobile IP is unique in its ability to accommodate heterogeneous
mobility in addition to homogeneous mobility.
Solves the primary problem of routing IP packets to mobile nodes,
which is a first step in providing mobility on the Internet. A complete
mobility solution would involve enhancements to other layers of the
protocol stack.
Applied Crypto and e-Security Lab
Boston University 2000
21
What Are the Requirements for Mobile IP?
A mobile node must be able to communicate with other nodes
after changing its link-layer point-of-attachment to the Internet
Must be able to communicate using its home (permanent) IP
address, regardless of its current link-layer point-of-attachment
to the Internet
Must be able to communicate with other computers that do not
implement the Mobile IP mobility functions
The Mobile IP implementation should be limited only to the mobile
nodes themselves and the few nodes which provide special routing
functions on their behalf
Must not be exposed to any new security threats over and
above those to which any fixed node on the Internet is exposed
Applied Crypto and e-Security Lab
Boston University 2000
22
What Assumption Does Mobile IP Make?
Mobile IP’s fundamental assumption is that
unicast packets – those destined to a single
recipient – are routed without regard to their
IP Source Address.
We will see how that assumption, though
theoretically valid, might not be operationally
valid under certain circumstances (Denial-of
Service)
Applied Crypto and e-Security Lab
Boston University 2000
23
Where Does Mobile IP Reside?
There are 3 functional entities where it is implemented:
Mobile Node – a node which can change its point-of-attachment
to the Internet from one link to another while maintaining any
ongoing communications and using its (permanent) IP home
address
Home Agent – router with an interface on the mobile node’s
home link, which:
Is informed by the mobile node about its current location,
represented by its care-of-address
In some cases, advertises reachability to the network-prefix of
the mobile node’s home address, thereby attracting IP packets
that are destined to the mobile node’s home address
Intercepts packets destined to the mobile nodes home address
and tunnels them to the mobile node’s current location, i.e. to
the care-of-address
Applied Crypto and e-Security Lab
Boston University 2000
24
Where Does Mobile IP Reside?
Foreign Agent – a router on a mobile node’s
foreign link which:
Assists the mobile node in informing its home
agent of its current care-of address
In some cases, provides a care-of address and detunnels packets for the mobile node that have
been tunneled by its home agent
Serves as default router for packets generated by
the mobile node while connected to this foreign
link
Applied Crypto and e-Security Lab
Boston University 2000
25
Mobile IP Entities and Relationships
Applied Crypto and e-Security Lab
Boston University 2000
26
IP Tunneling
A tunnel is a path followed by a fist packet
while it is encapsulated within the payload
portion of a second packet:
Applied Crypto and e-Security Lab
Boston University 2000
27
Properties of Care-of Address
A care-of address is an IP address associated with
mobile node that is visiting a foreign link:
A care-of address is specific to the foreign link currently
being visited by a mobile node
Generally changes every time the mobile node moves from
one foreign link to another
No Mobile IP-specific procedures are needed in order to
deliver packets to a care-of address
Is used as the exit-point of a tunnel from the home agent
toward the mobile node
Is never returned by DNS when another node looks up the
mobile node’s hostname
Applied Crypto and e-Security Lab
Boston University 2000
28
Two Conceptual Types of Care-of
Addresses
A foreign agent care-of address is an IP address of a foreign
agent which has an interface on the foreign link being visited by
a mobile node. Can be shared by many mobile nodes
simultaneously
A collocated care-of address is an IP address temporarily
assigned to an interface of the mobile node itself. The networkprefix of a collocated care-of address must equal the networkprefix that has been assigned to the foreign link being visited by
a mobile node. This type of c/o address might be used by
mobile node in situations where no foreign agents are available
on a foreign link. A collocated c/o address can be used by only
one mobile node at a time
Applied Crypto and e-Security Lab
Boston University 2000
29
Applied Crypto and e-Security Lab
Boston University 2000
30
Generally How Does Mobile IP Works?
Home Agents and Foreign Agents advertise their presence on any
attached links by periodically multicasting or broadcasting special
Mobile IP messages called Agent Advertisements
Mobile Nodes listen to these Agent Advertisements and examine their
contents to determine whether they are connected to their home link
or a foreign link
A Mobile Node connected to a foreign link acquires a care-of address. A
foreign agent care-of address can be read from one of the fields within
the foreign agent’s Agent Advertisement. A collocated care-of address
must be acquired by some assignment procedure, such as Dynamic
Host Configuration Protocol (DHCP), the Point-to-Point Protocol’s IP
Control Protocol (IPCP), or manual configuration
Applied Crypto and e-Security Lab
Boston University 2000
31
How Does Mobile IP Works (cont.)?
The mobile IP Registers the care-of address acquired previously with its home
agent, using a message-exchange defined by Mobile IP. It asks for service from
a Foreign Agent, if one is present on the link. In order to prevent Denial-ofService attacks, the registration messages are required to be authenticated
The Home Agent or some other router on the home link advertises reachability
to the network-prefix of the Mobile Node’s home address, thus attracting
packets that are destined to the Mobile Node’s home address. The Home Agent
intercepts these packets, and tunnels them to the care-of address that the
mobile node registered previously
At the care-of address – at either the Foreign Agent or one of the interfaces of
the mobile node itself – the original packet is extracted from the tunnel and then
delivered to the Mobile Node
In the reverse direction, packets sent by the Mobile Node are routed directly to
their destination, without any need for tunneling. The Foreign Agent serves as a
default router for all packets generated by visiting node
Applied Crypto and e-Security Lab
Boston University 2000
32
Mobile IP Summary
Allows node mobility across media of similar or dissimilar types
Uses the Mobile Node’s permanent home address when it
changes its point of attachment to the Internet
Not requires any hardware and software upgrades to the
existing, installed base of IPv4 hosts and routers – other than
those nodes specifically involved in the provision of mobility
services
Mobile Node must provide strong authentication when it informs
its Home Agent of its current location
Uses tunneling to deliver packets that are destined to the Mobile
Node’s home address
3 main entities: Mobile Nodes, Foreign Agents and Home Agents
3 basic functions: Agent Discovery, Registration, Packet Routing
Applied Crypto and e-Security Lab
Boston University 2000
33
Part 3a. Security Issues:
Simple Mobile IP Application (Intranet
without connection to the Internet)
How is Mobile IP deployed?
Insider Attack
Mobile Node Denial-of-Service
Replay Attacks
Theft of Information: Passive Eavesdropping
Theft of Information: Session-Stealing
(Takeover) Attack
Other Active Attacks
Applied Crypto and e-Security Lab
Boston University 2000
34
How is Mobile IP Deployed?
All hosts are wholly owned by the enterprise
Each router performs both home agent and
foreign agent functionality:
Applied Crypto and e-Security Lab
Boston University 2000
35
Insider Attacks
Usually involve a disgruntled employee
gaining access to sensitive data and then
forwarding it to a competitor
Enforce strict control who can access what data
Use strong authentication of users and computers
Encrypt all data transfer on an end-to-end basis
between the ultimate source and ultimate
destination machines to prevent eavesdropping
Applied Crypto and e-Security Lab
Boston University 2000
36
Mobile Node Denial-of-Service
A Bad guy sends a tremendous number of packets to
a host (e.g., a Web server) that brings the host’ CPU
to its knees. In the meantime, no useful information
can be exchanged with the host while it is processing
all of nuisance packets
A Bad Guy somehow interferes with the packets that
are flowing between two nodes on the network.
Generally speaking, the Bad Guy must be on the path
between the two nodes on order to wreak any such
havoc
Applied Crypto and e-Security Lab
Boston University 2000
37
Denial-of-Service Attack
A Bad Guy generates a bogus Registration Request
specifying his own IP address as the care-of address
for a mobile node. All packets sent by correspondent
nodes would be tunneled by the node’s home agent
to the Bad Guy:
Applied Crypto and e-Security Lab
Boston University 2000
38
How Does Mobile IP Prevents this Denialof-Service Attack?
Note: In case of mobility a Bad Guy could attack from
anywhere in the network, it does not have to be “on
the way”.
Solution: to require cryptographically strong
authentication in all registration messages exchanged
by a mobile node and its home agent.
Mobile IP by default supports MD5 Message-Digest
Algorithm (RFC 1321) that provides secret-key
authentication and integrity checking
Applied Crypto and e-Security Lab
Boston University 2000
39
Authentication of Registration Messages
via Keyed MD5
A mobile node generates a Registration Request, consisting of the fixed length
portion and the Mobile-Home Authentication Extension, it fills in all the fields of
the request and extension except for the Authenticator field. Then it computes
16-byte MD5 message digest over: the shared secret key, the fixed length
portion, all extensions without Authenticator field, and the shared secret key
again. The Mobile IP authentication extensions provide both authentication and
integrity checking
Applied Crypto and e-Security Lab
Boston University 2000
40
Replay Attacks
A Bad Guy could obtain a copy of a valid Registration
Request, store it, and then “replay” it at a later time,
thereby registering a bogus care-of address for the
mobile node
To prevent that the Identification field is generated is
a such a way as to allow the home agent to
determine what the next value should be
In this way, the Bad Guy is thwarted because the
Identification field in his stored Registration Request
will be recognized as being out of date by the home
agent (timestamps or nonces are used for
Identification field)
Applied Crypto and e-Security Lab
Boston University 2000
41
Summary
Mobile IP registration has has built-in
prevention of denial-of-service attacks.
Specifically, it is impossible for a Bad Guy to
lie to a mobile node’s home agent about that
mobile node’s current care-of address,
because all registration messages provide
authentication of the message’s source,
integrity checking and replay protection
Applied Crypto and e-Security Lab
Boston University 2000
42
Theft of Information: Passive
Eavesdropping
Assumption: unauthorized persons will
inevitably gain wired or wireless access to the
network infrastructure
Use of Link-Layer Encryption
We also assume that key management for the
encryption is performed without disclosing
the keys to any unauthorized parties
Use of End-to-End Encryption (SSH, SSL…)
Applied Crypto and e-Security Lab
Boston University 2000
43
End-to-End Encryption vs. Link Encryption
The Encapsulating Security Payload (RFC 1827) can provide end-to-end
encryption to other application programs not supporting it themselves
Applied Crypto and e-Security Lab
Boston University 2000
44
Theft of Information: Session-Stealing
(Takeover) Attack
A Bad Guy waits for a legitimate node to
authenticate itself and start an application
session
Then it takes over the session by
impersonating the identity of the legitimate
node
Usually he must send a tremendous number
of nuisance packets to the legitimate node in
order to prevent it from realizing that its
session was hijacked
Applied Crypto and e-Security Lab
Boston University 2000
45
Session-Stealing on the Foreign Link
The Bad Guy waits for a mobile node to register with
its home agent
The Bad Guy eavesdrops to see if the mobile node
has any interesting conversation taking place (remote
login session to another host, connection to the
electronic mailbox)
The Bad Guy floods the mobile node with nuisance
packets
The Bad Guy steals the session by sending the
packets that appear to have come from the mobile
node and by intercepting packets destined to the
mobile node
Applied Crypto and e-Security Lab
Boston University 2000
46
Session-Stealing Prevention
Same method as in the case of Passive
Eavesdropping:
minimally link-layer encryption between the mobile node and
the foreign agent (session-stealing on the foreign link)
With the preference of end-to-end encryption between the
mobile node and its corresponding node (elsewhere)
Note: a good encryption scheme provides a method by
which a decrypting node can determine whether the
recovered plaintext is gibberish or whether it is legitimate
(integrity checking)
Applied Crypto and e-Security Lab
Boston University 2000
47
Other Active Attacks
The Bad Guy connects to the network jack, figures
out he IP address to use, and tries to break to the
other hosts on the network
He figures out the network-prefix that has been
assigned to the link on which the network jacks
connected
The Bad Guy guesses a host number to use, which
combined with the network-prefix gives him an IP
address to use on the current link
The Bad Guy proceeds to try to break into the hosts
on the network guessing user-name/password pairs
Applied Crypto and e-Security Lab
Boston University 2000
48
Protection against such attacks
All publicly accessible network jacks must
connect to foreign agent that demands any
nodes on the link to be registered
(authenticated).
Remove all non-mobile nodes from the link
and require all legitimate mobile nodes to use
(minimally) link-layer encryption
Applied Crypto and e-Security Lab
Boston University 2000
49
Summary: Intranet Model Security
We described a simple deployment of Mobile IP on individual corporate
campus (intranet)
All of the routers were upgraded to be both home agents and foreign
agents, all reasonably portable host were upgraded to mobile hosts
Home addresses were assigned according to the user’s department
Mobile IP authentication Keys were configured between the mobile
nodes and their respective home agents
Assumed the existence of physical security flaws
Used link encryption over the foreign link to minimally protect the
internal data, but generally preferred end-to-end encryption
Considered Denial-of Service attack in which a Bad Guy lie to a mobile
node’s home agent about mobile node’s current care-of address
Showed how a combination of the Mobile-Home Authentication
Extension and Identification field are designed to provide
Authentication, Integrity Checking, and Replay Protection for all
Registration Requests and Replies
Applied Crypto and e-Security Lab
Boston University 2000
50
Part 3b. Internet-Wide Mobility: A
more Complicated Application
This Mobil IP application allows a user to
move anywhere throughout the entire
Internet without exposing his private network
to additional security threats
We will consider the problem of mobile nodes
getting packets past the firewall when they
are outside of the private network boundary
(the subject of active research in Mobile IP
Working Group of Internet Engineering Task
Force)
Applied Crypto and e-Security Lab
Boston University 2000
51
Model for This Application
Applied Crypto and e-Security Lab
Boston University 2000
52
The Requirements
There must be a firewall between the corporate network and
the global Internet
Authorized mobile nodes belonging to employees of the
corporation must not suffer any loss of connectivity to resources
inside the firewall, even when connected to a foreign link
outside the firewall
The corporate network must not be exposed to any new
security threats over and above those that face any network
connected to the Internet (through a firewall)
A visitor must be able to communicate with the global Internet
(and presumably his own private network) from “public” areas
such as conference rooms, training facilities, etc.
Applied Crypto and e-Security Lab
Boston University 2000
53
Threats That Are the Same As Before
Threats from insiders (restrict access to info)
Denial-of-service attacks (use of strong
authentication)
Passive eavesdropping and active takeover
attacks (encryption)
Physical Intrusion to the “restricted” portion
of the campus (control of physical access)
Applied Crypto and e-Security Lab
Boston University 2000
54
Firewalls
3 basic types of firewalls: packet-filtering routers, applicationlayer relays, and secure tunnelers:
Applied Crypto and e-Security Lab
Boston University 2000
55
Packet-Filtering Router as Firewall
Applied Crypto and e-Security Lab
Boston University 2000
56
Example of Access Control List (ACL)
Forward all packets belonging to connections
initiated by internal machines
Forward all packets belonging to email
connections initiated by outside machines
Forward all DNS messages
Discard all other packets
Applied Crypto and e-Security Lab
Boston University 2000
57
Advantages of Packet-Filtering
Routers
Fast (simple processing involving examining
of IP Source and Destination Address fields,
and TCP and UDP header fields)
Independent of applications
Inexpensive to upgrade
Applied Crypto and e-Security Lab
Boston University 2000
58
Problems
Difficult to configure correctly
Obscure syntax of ACLs (usually there is no GUI)
Any mistake leaves the private network vulnerable to
security attacks
No reliable way to check ACL’s correctness
IP addresses of the machines in the private network
are visible to the public network
Little or no disk space to log a suspicious activity
Do not support user’s authentication before being
allowed to communicate outside the firewall
Applied Crypto and e-Security Lab
Boston University 2000
59
Application-Layer Relays
The two routers are configured with ACLs which
allow packets only to and from the relay host:
Applied Crypto and e-Security Lab
Boston University 2000
60
Advantages
Ability to enforce more sophisticated security
policies since they understand not only packet
headers, but also the applications themselves
Auditing and logging capabilities
Authentication support
Applied Crypto and e-Security Lab
Boston University 2000
61
Disadvantages
Slow and “visible” to end users (might have
many TCP connections open at the same
time)
Some applications might not be supported by
firewall possibly because it does not work
symmetrically in both directions
Applied Crypto and e-Security Lab
Boston University 2000
62
Secure Tunnelers (picture)
Applied Crypto and e-Security Lab
Boston University 2000
63
Secure Tunnelers
If the packet is tunneled to the firewall and
has valid authentication (and usually
encryption), it is de-tunneled and routed
“transparently” to the destination node within
the private network
Otherwise, the packet is submitted to
application-layer relay and is processed
accordingly
Applied Crypto and e-Security Lab
Boston University 2000
64
Virtual Private Network (VPN)
Applied Crypto and e-Security Lab
Boston University 2000
65
Host1 sends a packet to Host2
(see the previous picture)
Host1 builds an IP packet its own IP address as the Source Address
and Host2’s IP address as the Destination Address
The packet is ultimately forwarded to the firewall on the left
The firewall prepends an IP Encapsulating Security Payload header to
the original IP packet and encrypts the original IP header and payload
(the encryption algorithm provides authentication and integrity
checking as well)
The firewall places the resultant Encapsulating Security Payload header
plus encrypted original packet within the payload portion of a new IP
packet. The new IP packet has a Source Address of the leftmost
firewall and a Destination Address of the rightmost firewall
The new packet is transmitted over the Internet, where it is ultimately
received by the firewall on the right
Applied Crypto and e-Security Lab
Boston University 2000
66
Host1 sends a packet to Host2 (cont.)
The firewall consumes the outermost IP packet header and
examines the IP Encapsulating Security Payload header. The
Security Parameters Index field within that header informs
the firewall how to process the received cipher-text. The firewall
proceeds to decrypt and verify the authentication and integrity
of the packet
If the packet is authentic, the firewall removes the IP
Encapsulating Security Payload header to recover the original IP
packet
The firewall forwards the packet, which is ultimately delivered to
Host2 via conventional routing
Applied Crypto and e-Security Lab
Boston University 2000
67
How do we protect a Mobile Node
That Is Outside the Firewall?
Mobile Node as a Special Case of Virtual
Private Networks (VPN)
The “firewall” is a software module running on the
mobile node:
Applied Crypto and e-Security Lab
Boston University 2000
68
Requirements for Secure Firewall
Traversal in Mobile IP
Must protect the mobile node and the private network from
passive eavesdropping and active takeover attack
Must work for organizations that have private addresses (that
are not advertised to the rest of the Internet) on their networks
Must not require the firewall to implement or understand Mobile
IP
Must resolve the problem of the mobile node Registration
through the firewall
Must work in presence of internal private network firewalls
Applied Crypto and e-Security Lab
Boston University 2000
69
Firewall Traversal Using VPN:
Questions to Answer
How does a mobile node establish the authenticated and/or
encrypted tunnel to the firewall?
Does the mobile node establish this tunnel before or after it
registers with its home agent?
Is the mobile node’s home agent inside or outside the firewall?
How do we establish keys between the mobile node and its
firewall?
How do the mobile node and the firewall agree on a set of
encryption and/or authentication algorithms to use?
How does the mobile node know whether it is inside or outside
the firewall?
Applied Crypto and e-Security Lab
Boston University 2000
70
Conclusions
Firewall Traversal is a work in progress in the
Mobile IP community
It usually implements the IP Authentication
Header, IP Encapsulation Security Payload
and ISAKMP/Oakley for key management
The general solution can be formulated as
establishing an encrypted and authenticated
tunnel between the mobile node and the
firewall
Applied Crypto and e-Security Lab
Boston University 2000
71
Summary
We described a more complicated deployment
of Mobile IP on individual corporate campus
that was characterized by placing all publicly
accessible network jacks outside of the
corporation’s firewall
We also sketched in general a solution for
firewall traversal using Virtual Private
Networks
Applied Crypto and e-Security Lab
Boston University 2000
72
Model for Commercial, Mobile IP service
Applied Crypto and e-Security Lab
Boston University 2000
73
References
James D. Solomon, Mobile IP: The Internet
Unplugged, Prentice Hall, 1998.
David B. Johnson. Mobile IP in the Current
and Future Internet, Tutorial for MobiCom
2000.
Charles Perkins, “Mobile Networking with
Mobile IP”, IEEE Internet Computing, 2(1):5869, January/February 1998.
Applied Crypto and e-Security Lab
Boston University 2000
74