1 / 11

Security in MobileIP Fahd Ahmad Saeed

Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem. Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can read it, regardless of destination address. Common Security Problem. Denial of Service Replay Attacks

hollismills
Download Presentation

Security in MobileIP Fahd Ahmad Saeed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in MobileIPFahd Ahmad Saeed

  2. Wireless Domain Problem • Wireless domain insecure • Data gets broadcasted to everyone, and anyone hearing this can read it, regardless of destination address.

  3. Common Security Problem • Denial of Service • Replay Attacks • Theft of Information by Passive Eavesdropping • Session Hijacking • Malicious Mobile Node Flooding • Other Active Attacks

  4. Dos Attack at MobileIP • If the bad guy manages to get a bogus registration of a new care-of-address for a certain mobile node, the Dos attack can occur and can cause these problems: • The actual mobile node is no longer connected. • The bad buy can see all the traffic going to the actual mobile node.

  5. Replay Attacks • A malicious node obtains a valid Registration Request, stores it, and then replay it to accomplish a forged care-of-address for a mobile node. • Two ways for protecting from this kind of attack. • Timestamp • Nonce value

  6. Theft of Information by Passive Eavesdropping • Bad guy somehow manages to listen to the traffic between the Mobile node and home agent. The traffic can be accessed in two ways: • Physical access to the network and connect as host. • Receive packets that are transmitted wirelessly. • Solution: • Encryption • End to End Encryption • Link Layer encryption

  7. Session-Hijacking • Active form of Information theft. • Solution: • End to End Encryption • Link Layer encryption

  8. Malicious Mobile Node Flooding • Insider attack: valid mobile node of the network

  9. Other Active Attacks • Do not require that a mobile IP session should be going on. • If physical access of the network is available, the following attacks could happen: • Attacker can figure out the network prefix to use for listening the Mobile IP agent advertisement or doing a DHCP configuration request • Can guess an available host number to use • If attacker succeeded in guessing the available host number, then the attacker can gain access to the IP hosts.

  10. Other Attacks • Solutions: • The entire visiting node must be registered to the foreign agent. The foreign agent will not route any packet for the mobile node that is not being registered with the foreign agent. • Each mobile node trying to connect to the foreign agent must perform link layer encryption.

  11. Conclusion • The Mobile Node and the Home Agent share the same security association and use the message digest 5 (MD5) with 128-bit encryption. • Replay attacks are prevented by MN and HA using shared random number. During registration, the HA verifies the random number and issues a new random number for use for the next registration

More Related