Download
1 / 7
70 likes | 143 Views
Improvement of Return Routability Protocol. draft-qiu-mip6-RR-improvement-00.txt Institute for Infocomm Research Singapore. Outline. Three attacks to RR. Our Improvement to RR. MN 1. CN / Server. MN 2. MN 3. Intruder. Traffic Permutation Attacks. Intruder
E N D
Improvement of Return Routability Protocol draft-qiu-mip6-RR-improvement-00.txt Institute for Infocomm Research Singapore
Outline • Three attacks to RR. • Our Improvement to RR.
MN1 CN / Server MN2 MN3 Intruder Traffic Permutation Attacks • Intruder • Collect HoTs and CoTs at the server edge • Randomly form Kbu • Send BU to CN • Random redirection
Session Hijacking Attacks MN2 CN CoTI MN2 / CoTMN2 MN1 FWD HoTMN1 HoTMN1 HA • Intruder • Get HoTMN1 • MN2 send its own CoTIMN2 and get CoTMN2 • MN2 forges as MN1 Intruder
CoA CN / Server CoA’ Intruder Movement Halting Attacks CoTold CoT HoT’ HoTnew • Intruder • Get old CoT • Get new HoT’ • Form valid Kbu • Redirect to old CoA
The Improvement • HoA and CoA are bound together HoTI = {HoA, CNA, CoA, HomeInitCookie } CoTI = {CoA, CNA, HoA, CareInitCookie } HomeKeygenToken = HMAC_SHA1(Kcn, (HoA|Nj|CoA|0)) CareKeygenToken= HMAC_SHA1(Kcn, (CoA|Ni|HoA|1)) • Advantages: • Prevent the 3 attacks • No additional cost • No change of RR protocol architecture
