1

Overview ofMobility Protocols

Md. Shohrab Hossain

Dec 6, 2014

2

Why Mobility Protocols

Satellites with IP-enabled devices capture videos, images and send them to control centers on earth

Need to maintain continuous connectivity with remote computer

Mobility protocols are required to ensure session continuity

3

Employs mechanism similar to postal service mail forwarding

Problems: Inefficient routing High handover latency Packet loss

IETF Solution to IP Mobility: Mobile IP

Home Network

Home Agent

Foreign Agent

Visiting Network

Correspondent Node (CN)

Location Update

Packets from

CN to MHInternet

Encapsulated Packets

Decapsulated Packets

Home Address

Acquires CoA

4

Network Mobility (NEMO)

A collection of nodes moving as a unit (Example: airplanes, trains, ships)

Mobility can be managed in an aggregated way in NEMO Mobile Router acts as default gateway and manages mobility

on behalf of mobile network nodes

Internet

HA

5

NEMO Architecture

Data path

Inside NEMO MR: Mobile Router LFN: Local Fixed Node LMN: Local Mobile node VMN: Visiting Mobile

Node Problems:

Routing through HA Heavy load on HA Drop in throughput

during handover

NEMO

6

Internet

SIGMA

Transport layer solution proposed by the researchers at the TNRL lab Exploits IP-diversity (having multiple IP addresses) of a mobile host Benefits:

Establishes a new connection before disconnecting the old one Decouples location management from data transmission Less handover delay and packet loss, Optimal routing between MH-CN

CN

LocationManager

7

SINEMO

SIGMA-based seamless mobility solution for mobile networks Exploits IP-diversity of the MR

The MR maintains a translation table for all the mobile network nodes

MNN’s private IPs do not change

Default gateway

8

Hierarchical Mobility Protocols: HMIPv6

For high mobility of nodes, frequent location updates for HA

Bandwidth wastage Overhead for HA

Hierarchical Mobile IPv6 attempts to reduce signaling by introducing new Mobility agent: MAP Local HA

Local HA

9

Network-based Mobility Protocols

10

Employs mechanism similar to postal service mail forwarding

Problems: MH must send updates

to HA CoA changes in every

handoff High handover latency Packet loss

Terminal-based Mobility Protocol: Mobile IP

Home Network

Home Agent

Foreign Agent

Visiting Network

Correspondent Node (CN)

Location Update

Packets from

CN to MHInternet

Encapsulated Packets

Decapsulated Packets

Home Address

Acquires CoA

11

Problems of Terminal-based Mobility Protocols

Problems: Requires low-end mobile devices to perform all kinds of mobility

signaling to maintain connectivity New CoA after each handoff, so the cache entry needs to be

changed Wireless bandwidth wastage due to mobility signaling High handover latency Sub-optimal routing and tunneling

Solution: Network-based Mobility Management Network takes care of all the mobility signaling Network entities are responsible to track the mobile device Network entities send required signaling messages on behalf the

mobile devices

12

Proxy Mobile IP: Network-based Mobility Management

Local Mobility Anchor• Local HA for the MH in

a PMIPv6 domain• All traffic destined to

are routed through LMA

Mobility Anchor Gateway• Access router that

tracks MH’s movement in its access link

• Informs the LMA through Proxy BU

Local Home Agent

PMIPv6domain

Access Router that detects node mobility

13

PMIPv6 Operation

Rout

er

Solic

itatio

n

AAA procedure

Binding Cache entry for MH

Prox

y BU

Prox

y BA

PMIPv6domain

14

Proxy Mobile IP Signaling

AAA: Authentication, Authorization and AccountingBCE: Binding Cache EntryPBU: Proxy Binding UpdatePBA: Proxy Binding Ack

15

Benefits of Network-based Mobility Management

Battery power saving No modification in end devices Unique IP address in the whole LMA-domain Movement detection by the network Reduced signaling in the wireless access network Low handover latency Efficient tunneling Less signaling in each handoff

No Duplicate Address Detection (DAD) in each handoff No return routability

16

Security Issues of

Mobility Protocols

17

After moving to new location, MH informs CN about its location though binding update

Improved performance

Route optimization in Mobile IPv6

Home Network

Home Agent

Visiting Network

Correspondent Node

Location Update

Internet

Op

tim

ized

ro

ute

wit

ho

ut

any

enca

psu

lati

on

Bin

din

g u

pd

ate

to C

N

18

Major Security Threats

Man-in-the-middle attack Traffic redirection attack Bombing Attack Replay Attack Home Agent poisoning Blocking legitimate BU Resource exhaustion Forcing sub-optimal route Exploitation of routing headers

19

Traffic Redirection Attack

Internet

Correspondent Node

MHAttacker

Node B

Spo

ofed

bin

ding

upd

ate

(MH

’s ID

, Nod

e B

’s IP

)O

ng

oin

g co

mm

un

icationB

indi

ng A

ck a

ccep

ted

by C

N

Redirected Traffic

Home Agent

20

Man-in-the-middle (MITM) Attack

Internet

Correspondent Node

Home Agent

MHSpoofe

d b

indin

g u

pdate

(MH

’s ID

, Att

ack

er’

s

IP)

Ongoin

g

Com

munica

tion

Bin

din

g A

ck a

ccep

ted b

y

CN

Traf

ficR

edir

ecte

d to

the

Att

acke

r

Attacker learns and modify packets Modified packets

received

21

Bombing Attack

Internet

Streaming server

MHSpoo

fed

bind

ing

upda

te in

volv

ing

MH’s

add

ress

Unw

ante

d stre

am

ing

data

Conn

ection

Set

up w

ith

serv

er

22

Replay Attack

Internet

CN

Subnet A

MH

sen

ds B

U

from

su

bn

et

A

Subnet B

Rec

orde

d B

U

repl

ayed

to C

N

CN

sen

ds p

ackets

to

MH

’s p

revio

us

locati

on

????

Moving to subnet B

MH

sends B

U

from

Subnet B

Home Agent

Attacker records BU for future attack

23

Reflection Attack

Internet

Correspondent Node

Home Agent

MH receives every packet sent by the attacker twice

False in

itial messag

e

24

Home Agent Poisoning

Spoofed BU

Binding ACK

Query for MH

Location information corrupted

Reply (Wrong IP)

25

Resource Depletion

Internet

Memory and transmission power wasted

Subnet A

Subnet B

Att

acke

r es

tab

lish

es m

any

con

nec

tio

ns

wit

h f

ake

IPs

MH sends BUs to all those fake hosts

Home Agent

26

Exploitation of Routing Header

Attack traffic sent to node B with a Routing Header (RH)

Node B overwrites destination field with RH

Traffic is then sent to victim node

Difficult to find source of attack

27

Exploitation of HoA Option

Attack traffic to V

Node V replaces source IP with HoA field (B)

It appears to be an attack from Node B

28

Defense Mechanisms

29

Defense Mechanisms

Goals Simple enough to be implemented in mobile devices Requiring low processing power Low latency solutions Infrastructure-less approach: No such global

infrasturcture

Existing defense mechanisms for Mobile IPv6 IP Security protocol Internet Key Exchange (IKE)-based schemes Return Routability protocol Protection for routing headers Other general measures

30

IP Security Protocols

A suite of protocols to provide security in IP networks Authentication Header (AH) protocol Encapsulating Security Payload (ESP) protocol

In IPsec, a preconfigured Security Associations (SA) is established between MH and HA / CN to choose security parameters / algorithms

Advantage: Very strong authentication Difficult to break

Limitations: High CPU requirement Does not protect against misbehaving MH

31

IPsec: Authentication Header (AH) protocol

AH guarantees data origin authentication of IP packets

Use of such AH ensures that any attacker cannot deceive HA or CN with spoofed BU

As a result, traffic redirection attacks can be avoided

Limitations: Cannot ensure data confidentiality

32

IPsec: AH Operation

Internet

Correspondent Node

Home Agent

Security A

ssociation

Securing BU with AHIP AH

33

IPSec: Encapsulating Security Payload (ESP) protocol

ESP protocol can ensure data confidentiality in addition to authentication

ESP ensures privacy of data by encryption

An encryption algorithm combines data in the datagram with a key to transform it into an encrypted form

34

IPsec: Securing Data using ESP

Internet

Correspondent Node

Home Agent

Sec

uri

ty A

sso

ciat

ion

Secu

ring

BU

with

ES

P

IP

ES

P

IP

ES

PD

ataS

ecurin

g d

ata from

inco

nsisten

cy

35

IKE-based Schemes

Commonly used for mutual authentication and establishing and maintaining security associations for IPSec protocol suite

Ensures confidentiality, data integrity, access control, and data source authentication

IKE helps to dynamically exchange the secret key that is used as the input to the cryptographic algorithms

Limitations: Require existence of a certification authority Very complex and power consuming operations

36

Return Routability Protocol

Proposed to secure binding updates between CN-MH

A node sending a binding update must prove its right to redirect the traffic

RR messages are exchanged among MH, CN and HA before binding updates are sent

37

Message Exchange in RR protocol

MH initiates RR by sending HoTI and CoTI msg to the CN

The CN then sends corresponding challenge packets (HoT and CoT) destined to MH

If successful, CN accepts BU from MH

Advantages Infrastructure-less Low CPU required

Limitations Weak authentication Does not protect

against attackers on the path between HA and CN

HoTI

HoTI

Co

TIHoT

HoT

Co

T

38

Protection against Routing Header (RH) issues

To protect misuse of routing headers, following restrictions are applied while processing RH:

Only one RH per packet

All IPv6 nodes must verify that the address contained within RH is the node’s own HoA

The IP address must be a unicast routable address since it is the MH’s HoA

A node must drop the packet if any of these are NOT met

39

Other possible approaches

Keeping nodes stateless: To avoid resource exhaustion

Keeping short lifetime for binding entry: To avoid replay attack

Use of Cryptographically Generated Address: To avoid redirection / MTIM attacks

40

Comparison among the Schemes

Defense Mechanisms

Protection from Benefits Limitations

IPsec and IKE

Attack on BU between MH-HA

Strong authentication, data confidentiality

High CPU overhead,assumes trust relationship

Return routability

Attack on BU between MH-CN

Infra-structureless,Less CPU requirement

Weak authentication

Keeping nodes stateless

Resource exhaustion attack

Helps in avoiding DoS attacks

May introduce delay for legitimate BU

Short lifetime of BU

Replay attack, HA poisoning

Ensures up-to-date entry in binding cache

Frequent refreshing updates wastes bandwidth

Use of CGA Bombing attack, MTIM, traffic redirection

Hard to target a node Higher complexity, higher CPU

41

Thank You