1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the...

1 Nokia Siemens Networks Presentation / Author / Date University of Twente

On the Security of the Mobile IP Protocol Family

Ulrike Meyer and Hannes TschofenigNokia Siemens Networks

Georgios KaragiannisUniversity of Twente

2 Nokia Siemens Networks Presentation / Author / 26 November 2007 University of Twente

Overview

• The Mobile IP protocol family

• Security Challenges of the MIP protocol family

• Security solutions standardized by the IETF– Mobile IPv6 and Proxy Mobile IPv6

• Applications of MIP and MIP security solutions– in 3GPP and WiMAX

• Open Problems

• Conclusion


MIP Protocol Family

• Mobile IPv4 (RFC 3344), Mobile IPv6 (RFC 3775)– Enable MN to keep IP address although moving to new subnet

• Proxy Mobile IP (PMIP, draft)– Enables network node to do mobility signalling on behalf of mobile

nodes that do not support MIP

• Dual Stack Mobile IP (DSMIP, draft)– Supports MIPv4 and MIPv6 collocated/home addresses within one

protocol

• Hierarchical Mobile IP (HMIP, RFC 4140)– Hierarchy of home agents to optimize routing in local mobility

• Fast Handovers for Mobile IP (FMIP, RFC 4068)– Enables fast handover by preparing before movement


Network architecture for MIPv4, MIPv6, and DSMIP

↔Mobility signaling between MN and HA for binding updates (BU): binds home IP address to care of address (CoA) binding acknowledgements (BA): acknowledges binding

↔Data traffic between CN and MN (via HA)

Correspondent Node (CN)

Mobile Node (MN)

Network of

Correspondent Node

Visited Network Home Network

Home Agent (HA)

Home

AAA Server

Foreign

AAA Server


Network architecture for PMIP

↔Mobility signaling between PMIP Client and HA Proxy MIP Client binds home address of MN to care of address with BUs Home agent (LMA) acknowledges binding with BAs

↔Data traffic between CN and MN

Correspondent Node

Mobile Node

Network of

Correspondent Node

Visited Network Home Network

Home Agent

(Local Mobility Anchor)

Home

AAA Server

Foreign

AAA Server

Proxy MIP Client

(Mobile Access Gateway)


Main Security Challenges

• Establishment of security associations (SAs) between mobility signaling end points

• Integrity and replay protection of mobility signaling


Security solutions for MIPv6 standardized in IETF

• IPsec / IKEv2 (Internet Key Exchange v2) RFC 4877– Part of base MIPv6 RFC 3775– IPsec for Integrity and replay protection – IKEv2 with EAP (Extensible Authentication Protocol) for authentication

used for SA establishment between MN and HA, ▪ home AAA server acts as EAP authentication server

• Authentication protocol RFC 4285– Message authentication code on BUs/BAs for integrity protection– Sequence numbers / Time stamps for replay protection– MN-HA security association established during first binding update

▪ with the help of a security association between MN and HAAA▪ draft-devarapalli-mip6-authprotocol-bootstrap-03.txt

– MN-HAAA SA static or established during network authentication ▪ out of scope


Security Solutions for PMIPv6

• Base PMIPv6 draft (draft-ietf-netlmm-proxymip6)– IPsec for integrity and reply protection between PMIP client MAG and

PMIP home agent LMA▪ same IPsec SAs used for all mobile nodes in base PMIP draft

– IKEv2 to set up SAs between MAG and LMA ▪ only one pair of SAs need to be setup

– Requires MAG to be trusted▪ send only BUs for MNs that are present


Application of MIP in the EPS/E-UTRAN context

• MIP protocols used– for mobility between E-UTRAN and non 3GPP networks – not for mobility within E-UTRAN or mobility with 3GPP networks

• Evolved Packet System of 3GPP will support– MIPv4 in FA (Foreign Agent) mode– DSMIPv6– Proxy MIPv6

• MIPv4 security– As in base RFC but establishement of MN-AAA key currently unsolved

• DSMIPv6– IPsec/IKEv2 was selected over RFC 4285 recently

• Proxy MIPv6– Will use NDS (Network Domain Security) for IPsec SA establishment – Open problem: compromised MAG problem if non 3GPP not trusted


Application of MIP in WiMAX

• MIP protocols used for mobility within WiMAX– MIPv4

– MIPv6

– Proxy MIPv4

• Proxy MIPv6 will be supported in future

• MIPv6 currently secured with RFC 4285– MN-AAA key established during EAP-based network authentication

▪ MN-AAA key derived from Extended Master Session Key

• Use of IPsec/IKEv2 planned as option for MIPv6

• Proxy MIPv6 used with RFC 4285 – Separate key per mobile node used

– MAG-LMA key established during EAP-based network authentication


Main Open Problems / Work in Progress

• IETF– Firewall traversal problem (RFC 4487)

▪ Off-the-shelf firewalls interfere with MIP signaling traffic• MN behind firewall: BUs protected with ESP blocked, ...

• CN behind firewall: problems if route optimization is used as state is created based on HoA, ...

• HN behind firewall: blocking ESP traffic, blocking of unsolicited incoming traffic

– Location privacy (RFC 4882)▪ CoA reveals location information to CN and eavesdroppers

▪ Eavesdropping on BUs allows for• identifying the MN by its HoA and observing the binding

• tracking of MN on subnet granularity

• 3GPP– Compromised MAG problem if PMIP used for global mobility

– Dynamic establishment of MN-AAA key for MIPv4 in 3GPP


Conclusion

• MIP protocol family matured

• Used more and more in mobile systems

• Security issues still often solved in system specific way– WiMAX as very obvious example

– Goal is often to ▪ optimize the system as a whole

▪ leverage security procedures already available

– E.g. WiMAX derives MIP SAs from keys established during network authentication

14 Nokia Siemens Networks Presentation / Author / Date University of Twente

Thank You!

Questions?

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the...

Documents

Transcript of 1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the...