1 / 38

Mobile IP

Mobile IP. Presented by: SecureNet Jayanthi Jayaraman Meenakshi Mittal Prachi Albal Sirisha Maturi Vineet Mittal. Talk Overview. Introduction to Mobile IP Working of Mobile IP Security Issues Mobile IP in IPV6. Mobile IP: An Introduction. An IP based standard defined by IETF

fahim
Download Presentation

Mobile IP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile IP Presented by: SecureNet Jayanthi Jayaraman Meenakshi Mittal Prachi Albal Sirisha Maturi Vineet Mittal

  2. Talk Overview • Introduction to Mobile IP • Working of Mobile IP • Security Issues • Mobile IP in IPV6

  3. Mobile IP: An Introduction • An IP based standard defined by IETF • Mechanism for accommodating host mobility within the Internet • Useful in cellular environments as well as wireless LAN,require roaming. • Works with GSM, CDMA, TDMA, GPRS, AMPS, NAMPS.

  4. Why Mobile IP? • Mobility within the Internet • Communicate with other hosts after moving from home network without changing IP address • Mobility must not require changes to other host’s/router’s software

  5. Mobile IP Functional Entities • Mobile Node -that moves from home n\w to foreign n\w. • Home Network-having n\w prefix matching with mobile node's home address. • Foreign Network-other network. • Home Agent-router in home n\w which tunnels the datagram to Mobile Node. • Foreign Agent-foreign n\w router for Mobile Node.

  6. Mobile IP Functional Entities • Correspondent node:Mobile node communicates with this peer node. • Mobility binding: It is association of a home address with a care-of address, along with the remaining lifetime of that association

  7. Mobile IP Functional Entities Care-of addresses Whenever a mobile node has moved to a foreign network, a care-of address is obtained in one of the following modes: • Foreign agent Care-of Address • Co-located Care-of Address

  8. Mobile IP Architecture

  9. Mobile IP Architecture To retain the IP address, a mobile node can have two IP addresses: • Home address: Permanent address used by higher layer protocols (TCP, UDP). • Care-Of Address: Associated with foreign n\w and it is different for different foreign networks. In IPV4 care-of-address management is achieved by foreign agent.

  10. Mobile IP Architecture Home agent maintains mobility binding table where each entry is identified by tuple <permanent home address, temp care-of address, association lifetime>

  11. Mobile IP Architecture Foreign agent maintains visitor list where, each entry is identified by tuple: < permanent home address, home agent address, media address of the mobile node, association lifetime>.

  12. Mobile IP Architecture • When a mobile node enters a foreign network, it should obtain the care-of-address through foreign agent. • Foreign network registers the new care-of-address with the home agent • Home agent delivers a mobile node’s packet to mobile node’s care-of-address by redirecting or tunneling the packet by placing care-of-address in the destination IP address.

  13. Mobile IP Architecture • Foreign agent de-capsulate the received packet such that mobile node’s home address will be in the destination IP address and forwards the packet to the mobile node.

  14. Mobile IP Architecture Minimal Encapsulation

  15. Mobile IP Architecture Triangle routing: When acting as sender, mobile node simply sends packets directly to the other communicating node through the foreign agent

  16. Mobile IP Operation • Agent Advertisement • Determine network • Registration • On home network • Moved to foreign network • Exchange of Data

  17. Phase 1: Agent Discovery • Method by which a mobile node determines • whether it is currently connected to its home network or to a foreign network • and by which a mobile node can detect when it has moved from one network to another • Mobile IP extends ICMP Router Discovery as its primary mechanism for Agent Discovery. • An Agent Advertisement is formed by including a Mobility Agent Advertisement Extension in an ICMP Router Advertisement message.

  18. Phase 1: Agent Discovery • ICMP Router Discovery Protocol (IRDP) advertisements. • Specify whether home agent, foreign agent or both. • Care-of address • Types of services it provides(reverse tunneling, GRE) • Allowed registration lifetime

  19. Algorithm 2 Mobile Node checks if newly received agent advertisement is on same subnet as its current care-of address. If network prefix different assumes it has moved Algorithm 1 Mobile node starts timer based on lifetime field when it receives advertisement from foreign agent If it does not receive another advertisement before lifetime has expired it assumes it has lost contact Phase 1: Agent DiscoveryMove detection

  20. Phase 2 : Registration • Mechanism for mobile nodes to communicate their current reachability information to their home agent. • Used to • request forwarding services when visiting a foreign network • inform their home agent of their current care-of address • renew a registration which is due to expire • deregister when they return home

  21. Phase 2 : Registration • Mobile node uses • IP address and mobility security association (including shared key) • Information from foreign agent advertisement

  22. Phase 2: Registration (cont’d)

  23. Phase 2 : Registration (cont’d) • Foreign agent checks validity of registration reply • adds the mobile node to its visitor list • establishes tunnel to home agent • Creates routing entry for forwarding packets to home address • Relays registration reply to mobile node

  24. Phase 3: Tunneling • IP in IP encapsulation • Alternate methods • Minimal encapsulation • Generic Routing Encapsulation (GRE)

  25. Security Issues in Mobile IP • Features exploited by attackers • Wireless communication is inherently less secure. Provides easier means for attacker to intercept as well as disrupt operation. • Registration and data forwarding mechanism of Mobile IP

  26. Types of attacks • Denial of service • Resource Exhaustion • Packet capture • Prevention: Mobile IP supports MD5 (by default) to provide secret key authentication and integrity checking • Replay Attack • Prevention: Identification field in Registration Request and Registration Reply messages • Use of timestamps (mandatory) and noonces (optional) • Theft of Information • Passive eavesdropping • Session stealing

  27. Mobility support for IPv6 • Mobile IPV6 doesn’t require special foreign agents as mobile IPV4. • Support for route optimization. • Ensure symmetric reachability between mobile nodes and its router at current location • Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 routing header rather than IP encapsulation.

  28. Mobility support for IPv6 • Mobile IPv6 is decoupled from any particular link layer, as it uses IPv6 Neighbor Discovery instead of ARP.

  29. Mobility support for IPv6 Mobility IPv6 Protocol header structure:

  30. Mobility support for IPv6 • Next Header - Identifies the protocol following this header. • Length - 8 bits unsigned. Size of the header in units of 8 bytes excluding the first 8 bytes. • Type - Mobility message types. • reserved - MUST be cleared to zero by the sender and MUST be ignored by the receiver. • Checksum - The 16 bit one's complement checksum of the Mobility Header. • Data - Variable length.

  31. Route Optimization

  32. Route Optimization

  33. Return Routability Flow diagram • Mobile Node Home Agent Correspondent Node • | | • | Home test Init | • |-------------------------------|---------------------------------------| • | Care of test init | • |-------------------------------------------------------------------------> | • | home test | • |<----------------------------------|<------------------------------------ | • | Care of Test | • |-------------------------------------------------------------------------|

  34. Binding message flow Mobile Node Correspondent Node | Binding Update | |-----------------------------------------------------------| | (Seq no. , nonce indices , care of address) | | | | | | Binding ACK | |----------------------------------------------------------- | (Seq no. , status) Source Address = care-of address Destination Address = correspondent Parameters: home address sequence number home nonce index care-of nonce index First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU)))

  35. Route Optimization Route Optimization provides three main operations: • Updating binding caches • Managing smooth handoffs between foreign agents. • Acquiring registration keys for smooth handoffs.

  36. Conclusion • Enables network mobility. • It is scalable. • It is transparent. • And it is secure.

  37. References • http://www.ietf.org/rfc/rfc3344.txt • http://www.ietf.org/rfc/rfc3775.txt • http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800c9906.shtml • http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf • http://www.tcpipguide.com/free/t_MobileIPSecurityConsiderations.htm • http://www.javvin.com/protocolMIP.html

  38. Questions???

More Related