Securing binding updates between mobile node and correspondent node in mobile ipv6 environment
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment PowerPoint PPT Presentation


  • 101 Views
  • Uploaded on
  • Presentation posted in: General

20 th APAN Network Research Workshop. Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment. Rahmat Budiarto NAv6, USM. Introduction What is IPv6? IPv6 is the next generation IP Address. IPv6 = 2001:0468:0C80:1341:0280:1CFF:FE15:5820

Download Presentation

Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

20th APAN Network Research Workshop

Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment

Rahmat Budiarto

NAv6, USM


Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

Introduction

  • What is IPv6?

    IPv6 is the next generation IP Address.

    IPv6 = 2001:0468:0C80:1341:0280:1CFF:FE15:5820

    Huge Number of addresses 2128 = 340 Undecillion Addresses

    Built-in Mobility Support (Main Feature)

  • Why do we need IPv6?

    Limited addressing space in IPv4

    Growing Internet Community

    • More laptops, Broadband service, Hotspots…

      Growing Mobile Technology

    • 3G Network, Nokia and Mobile phone service providers

  • What is Mobile IPv6?


  • Mobile ipv6

    Mobile IPv6

    Terms Used

    • Mobile Node -a node which travels from one to another network

    • Home Agent - Router in the Home network

    • Correspondent Node - Node which Mn communicating with

    • Home-of Address – Mn’s IP Address in Home Network

    • Care-of Address - Mn’s IP Address in Foreign Network

    • Binding Update - What is binding Update?


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Binding Update

    Binding update is the act of Mn,

    To update its new Care of Address. (to HA & Cn)

    • Between Mobile Node and Home Agent

    • (Current Protocol - IPSec)

    • Between Mobile Node and Correspondent Node

    • (Current Protocol - Return Routability)


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Scope and Background of the Paper

    • This paper is about Mobile IPv6 and Binding Update. (only Mn and Cn)

      Related Papers

    • What others has done about Binding Update?

    • Is it a current issue?

    • Is it an interesting topic?


    Literature review related work

    Literature Review / Related Work

    • Securing return Routability protocol against Active Attack

      • Uses Modified RR and Digital Signature

      • Also use Public Key Cryptography for strong security

      • Conclusion : Public Key is very huge, not practical to implement

  • Mobile IPv6 route Optimization Security Design

    • Has made small enhancement to RR

    • Introduce time stamp for kbm (eliminate time shifting attack)

    • Conclusion : Introduce Route Optimization (Kbm expiration)


  • Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Literature Review / Related Work (continue)

    • Early Binding Updates for Mobile IPv6

      • Introduces two Early Binding messages

      • Reduces the overall network latency

      • Conclusion : Provides a good performance Result

  • Using IPSec between Mobile and correspondent IPv6 Nodes

    • New approach introduced

    • Mostly based on assumption and needs more Security Association

    • Assumption made as manual selection and peer to peer based

    • Conclusion : Ambitious, need more enabled features. (future)

  • Dynamic Diffie-Hellman based key distribution for Mobile IPv6

    • Uses Diffie-Hellman key exchange method

    • Four message exchange, possible man-in-the middle attack

    • Conclusion : Lacks of Authentication, might need PKI or AAA implementation


  • Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    • Methodology

    • Secret Key Binding Technique

      • New Approach to Secure Binding Update Between Mn and Cn to replace Return Routability

    • Pre-Binding Secret Key Exchange Method

      • Key Exchange Process in Home Network

      • Diffie-Hellman Key Exchange

      • Two Message Exchange

    • Secret Key Encryption Method

      • Process takes place in Foreign Network

      • 2 Binding test message exchange

      • 2 Binding update message exchange


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Pre-Binding Secret Key Exchange Method


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Secret Key Encryption Method


    Secret key binding technique scenario

    Mobile Node

    Secret Key Binding Technique Scenario

    Shown as per Flow Diagram

    Home Network

    FF:01::01

    Home-Of Address

    FF:08::04

    Home Agent

    Correspondent Node

    Foreign Network 2

    FF:84::05

    Care-Of Address

    Foreign Network 1


    Implementation result

    Implementation / Result

    • Simulation presented using Network Simulator 2 (NS2)

      • C++ (System Language) - Simulator Configuration

      • TCL (Scripting Language) - Topology Configuration

  • Results presented using Trace Graph utility.


  • Secret key binding technique

    Secret Key Binding Technique

    How it works?


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Pre-Binding Secret Key Exchange Method

    • This is the first step:

      • Diffie-Hellman Key Exchange (2 messages)

      • Takes place in Home Network

      • After the Pre-binding Secret key Exchange, the communication process continues as normal.

    Message from Mn to Cn / Cn to Mn (Home Network) MN={FF:01::01}


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Secret Key Binding (Binding Test)

    • Second Method:

      • Secret Key encryption step

      • 4 messages Exchange

        • 2 Binding Test messages

        • 2 Binding messages

    Binding Test message from Mn to Cn (Encrypted with (S) {Sn , HoA , T , MnC})

    Binding Test Reply from Cn to Mn thru HA (Encrypted with (S) {Sn , T , CnC})


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Secret Key Binding (Binding Update)

    Binding Update (Encrypted with (S) {Sn , T , H(MnC+CnC) , BU} )

    Binding Acknowledgement (Encrypted with (S) {Sn , T , BA})


    Protocol achievement

    Protocol Achievement

    • The parameters used in Secret key Binding Technique show how some of the major security threats eliminated (Security)

    • Number of message exchange, time taken and time delay show the performance efficiency of the protocol (Performance)


    Security consideration

    Security Consideration

    *Security Threats


    Security consideration1

    Security Consideration

    *Possible Vulnerabilities


    Performance consideration

    Performance Consideration

    *Overall Performance of Mobile Network Simulation


    Performance measurement

    Performance Measurement

    Secret Key Binding Technique

    Return Routability


    Performance efficiency measurement comparison

    Performance Efficiency measurement & Comparison

    • Performance Test has been conducted to test the efficiency of the protocol.

      • Comparison made between RR and SKB

      • 1 to 1000 processes in a scenario has been tested

      • Shows the average delay of both protocol. Efficiency ≈ 50%


    Secret key binding performance trace output

    Secret Key Binding Performance Trace Output


    Return routability performance trace output

    Return Routability Performance Trace output


    Contribution

    Contribution

    • New approach for Binding Update

    • Secret Key Binding Technique

      • Pre-Binding Secret key Exchange Method

      • Secret key encryption Method

  • Cryptographic Based Binding Method

  • Improved performance

    • Less number of packet exchange

    • Less time taken to finish the process


  • Conclusion

    Conclusion

    • A new method has been introduced for BU

    • Secret Key Binding Technique

      • More Secure (cryptographic Based)

      • Better Performance

  • Space for future enhancement


  • Future works

    Future Works

    • Enhancement to the DH key Exchange

    • IKE or AAA method can be used to improve the Key Exchange Method


    Securing binding updates between mobile node and correspondent node in mobile ipv6 environment

    Thank You.

    Rahmat Budiarto

    20th APAN 2005

    08/2005


  • Login