Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 112 views

    Introduction To Mobile IP: Golden G. Richard III, Ph.D. University of New Orleans)

    Uploaded by

    Udit Jain
    Mobile IP allows mobile hosts to change their point of network attachment without changing their IP address. It uses home agents and care-of addresses to tunnel packets to the mobile host's current location. While Mobile IP enables mobility, it introduces security issues like bogus registration attacks. Authentication is needed to prevent such attacks, but it must also avoid replay attacks by making registrations un-replayable. Mobile IP has potential for mobile applications but ongoing work is still needed to fully address security and integration with wireless networks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    Introduction To Mobile IP: Golden G. Richard III, Ph.D. University of New Orleans)

    Uploaded by

    Udit Jain
    112 views26 pages
    Mobile IP allows mobile hosts to change their point of network attachment without changing their IP address. It uses home agents and care-of addresses to tunnel packets to the mobile host's current location. While Mobile IP enables mobility, it introduces security issues like bogus registration attacks. Authentication is needed to prevent such attacks, but it must also avoid replay attacks by making registrations un-replayable. Mobile IP has potential for mobile applications but ongoing work is still needed to fully address security and integration with wireless networks.

    Original Description:

    Original Title

    mobile_ip

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Mobile IP allows mobile hosts to change their point of network attachment without changing their IP address. It uses home agents and care-of addresses to tunnel packets to the mobile host's current location. While Mobile IP enables mobility, it introduces security issues like bogus registration attacks. Authentication is needed to prevent such attacks, but it must also avoid replay attacks by making registrations un-replayable. Mobile IP has potential for mobile applications but ongoing work is still needed to fully address security and integration with wireless networks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    112 views26 pages

    Introduction To Mobile IP: Golden G. Richard III, Ph.D. University of New Orleans)

    Uploaded by

    Udit Jain
    Mobile IP allows mobile hosts to change their point of network attachment without changing their IP address. It uses home agents and care-of addresses to tunnel packets to the mobile host's current location. While Mobile IP enables mobility, it introduces security issues like bogus registration attacks. Authentication is needed to prevent such attacks, but it must also avoid replay attacks by making registrations un-replayable. Mobile IP has potential for mobile applications but ongoing work is still needed to fully address security and integration with wireless networks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 26

    Introduction to Mobile IP

    Golden G. Richard III, Ph.D.


    University of New Orleans

    (With thanks to Sumi Helal @ U of F)


    2

    For More Information...


     Mobile IP: The Internet Unplugged, by James D.
    Solomon, Prentice Hall.
     "Mobility Support in IPv6," C. Perkins and D. Johnson,
    Proceedings of the Second Annual International
    Conference on Mobile Computing and Networking
    (MobiCom '96).
     "Supporting Mobility in MosquitoNet," M. Baker et al,
    Proceedings of the 1996 USENIX Technical
    Conference.
     "Mobile Networking Through Mobile IP," C. Perkins,
    http://www.computer.org/internet/v2n1/perkins.htm
    3

    Mobile Computing: Why?


     Dream: Seamless, ubiquitous network access for
    mobile hosts
    – Laptop computers
    – PDAs
    – Electronic books
     Impacts:
    – Tourism (electronic tour guides)
    – Field research
    – Collaborative applications
    – Lots more
     Computing in your garden!!
    4

    Why Mobile IP?


     Need a protocol which allows network
    connectivity across host movement
     Protocol to enable mobility must not
    require massive changes to router
    software, etc.
     Must be compatible with large installed
    base of IPv4 networks/hosts
     Confine changes to mobile hosts and a few
    support hosts which enable mobility
    5

    Talk Overview
     Will cover:
    – Why IP routing breaks under mobility
    – Mobile IPv4 basics
    – Some Mobile IP security issues
     Won't cover:
    – Details of IP routing
    – IPv6 in detail
    – Low-level protocol details (message formats, headers,
    etc.)
    – All of the Mobile IP-related security issues
    – Any of the other problems with mobile computing!
    6

    Internet Protocol (IP)


     Network layer, "best-effort" packet delivery
     Supports UDP and TCP (transport layer protocols)
     IP host addresses consist of two parts
    – network id + host id
     By design, IP host address is tied to home network
    address
    – Hosts are assumed to be wired, immobile
    – Intermediate routers look only at network address
    – Mobility without a change in IP address results in
    un-route-able packets
    7

    IP Routing Breaks Under Mobility


    .50 .52 .53
    router

    137.30.2.*

    .200

    router

    139.20.3.*
    Why this hierarchical approach? Answer: Scalability!
    Millions of network addresses, billions of hosts!
    8

    Mobile IP: Basics


     Proposed by IETF (Internet Engineering Task
    Force)
    – Standards development body for the Internet
     Mobile IP allows a mobile host to move about
    without changing its permanent IP address
     Each mobile host has a home agent on its home
    network
     Mobile host establishes a care-of address when it's
    away from home
    9

    Mobile IP: Basics, Cont.


     Correspondent host is a host that wants to send
    packets to the mobile host
     Correspondent host sends packets to the mobile
    host’s IP permanent address
     These packets are routed to the mobile host’s
    home network
     Home agent forwards IP packets for mobile host
    to current care-of address
     Mobile host sends packets directly to
    correspondent, using permanent home IP as
    source IP
    10

    Mobile IP: Basics, Cont.

    correspondent host home agent


    11

    Mobile IP: Care-of Addresses


     Whenever a mobile host connects to a remote network,
    two choices:
    – care-of can be the address of a foreign agent on the remote
    network
    • foreign agent delivers packets forwarded from home agent to
    mobile host
    – care-of can be a temporary, foreign IP address obtained
    through, e.g., DHCP
    • home agent tunnels packets directly to the temporary IP address
     Regardless, care-of address must be registered with
    home agent
    12

    IP-in-IP Tunneling
     Packet to be forwarded is encapsulated in
    a new IP packet
     In the new header:
    – Destination = care-of-address
    – Source = address of home agent
    – Protocol number = IP-in-IP

    IP header IP header
    data IP header
    data
    13

    At the Other End...


     Depending on type of care-of address:
    – Foreign agent or
    – Mobile host
     … strips outer IP header of tunneled packet,
    which is then fed to the mobile host
     Aside: Any thoughts on advantages of
    foreign agent vs. co-located (foreign IP)
    address?
    14

    Routing Inefficiency

    Mobile host and correspondent host


    might even be on the same
    network!!

    correspondent host home agent


    15

    Route Optimizations
     Possible Solution:
    – Home agent sends current care-of address to
    correspondent host
    – Correspondent host caches care-of address
    – Future packets tunneled directly to care-of address
     But!
    – An instance of the cache consistency problem arises...
    – Cached care-of address becomes stale when the mobile
    host moves
    – Potential security issues with providing care-of address to
    correspondent (ask me about this when we talk about
    security!)
    16

    Possible Route Optimization


    17

    The Devil is in the Details!


     How does the mobile host get a remote IP?
    – Router advertisements, DHCP, manual...
     How can a mobile host tell where it is?
    – Am I at home?
    – Am I visiting a foreign network?
    – Have I moved?
    – What if I'm in two places at once?
    18

    Devil, Cont.
     Redundancy: What if the home agent
    doesn't answer a registration request?
    – Registration request to broadcast address
    – Rejection carries new home agent ID
     "Ingress" filtering
    – Routers which see packets coming from a
    direction from which they would not have
    routed the source address are dropped
    19

    Packets Dropped due to "Ingress" Filtering

    Correspondent, home agent on


    same network. Packet from mobile
    host is deemed
    "topologically incorrect"

    correspondent host home agent


    20

    Another Devil: Security Issues


     We'll look at only one of the "godzillions"
    of security issues:
     Bogus registration (denial of service) attacks
    – Malicious host sends fake registration messages
    to home agent "on behalf" of the mobile host
    – Packets could be forwarded to malicious host or
    to the bit bucket
    21

    Bogus Registration Attack


    ????
    Send packets to me!!

    Hehehehe!!

    registration request
    Madame Evil home agent
    22

    Authentication
     To fix this problem, authenticate
    registration attempts
     Use private key encryption to generate a
    message digest
     Home agent applies private key to
    message to see if message digest is
    identical
    23

    Authentication, Cont.
    private key
    … care-of address…

    digest

    ???
    home agent
    24

    Ooops. Replay Attacks!

    diges
    t
    home agent

    "…mooohahahahahahahaha!!!!!"
    25

    Avoiding Replay Attacks


     Avoid replay attacks by making registration
    requests un-replayable
     Add estimate of local time or a pseudo-random
    number to registration request/reply
     If time estimate or random number is not the
    expected number, provide info in "NO!" reply
    for resynchronization
     Insufficient information to help malicious host
    26

    Abrupt Conclusions...
     Great potential for mobile application deployment using
    Mobile IP
     Minimizes impact on existing Internet infrastructure
     Security issues being looked at
     (Complicated) firewall solutions proposed
     Several working implementations (e.g., Monarch project
    at CMU)
     Some things still need work: e.g., integration of Mobile
    IP and 802.11 wireless LANs
     Lots of research to do on mobile computing!

    You might also like