Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
-
date post
18-Dec-2015 -
Category
Documents
-
view
218 -
download
0
Transcript of Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
![Page 1: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/1.jpg)
Authentication In Mobile Internet Protocol version 6
Liu Ping
Supervisor: professor Jorma Jormakka
![Page 2: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/2.jpg)
1.1. IntroductionIntroduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership
problem5. Present solution6. Conclusion
![Page 3: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/3.jpg)
1.1. IntroductionIntroduction2. Mobility support3. Security mechanisms
and threats analysis4. Address ownership
problem5. Solution6. Conclusion
![Page 4: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/4.jpg)
• MotivationMotivation1. Mobile device and Ebusiness 2. Current solutions are fairly completed to be
implemented
• Related workRelated work1. Strong authentication: PKI 2. Weak authentication: CGA, CAM and RR
• Our solutionOur solution Based on asymmetric and symmetric
encryption algorithm to distribute an ID and a session key
![Page 5: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/5.jpg)
• CGA: Cryptographically Generated Address
• CAM: Child-proof Authentication for MIPv6
• RR: Return Routability
![Page 6: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/6.jpg)
1. Introduction2. 2. Mobility supportMobility support3. Security mechanisms
and threats analysis4. Address ownership
problem5. Solution6. Conclusion
![Page 7: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/7.jpg)
• MN: Mobile Node, it is MIPv6Mobile Node, it is MIPv6• CN: Correspondent Node is Correspondent Node is
communicating node with a MN, it is communicating node with a MN, it is either stationary node or mobile nodeeither stationary node or mobile node
• HA: Home Agent, a router is on a MN’s Home Agent, a router is on a MN’s home link. It registers all necessary home link. It registers all necessary information for a MN, i.g. CoA, HoAinformation for a MN, i.g. CoA, HoA
• CoA: A MN’s Care-of Address, which is A MN’s Care-of Address, which is temporary and a foreign link assigns to temporary and a foreign link assigns to the MN on the foreign linkthe MN on the foreign link
• HoA: A MN’s permanent IPv6 address A MN’s permanent IPv6 address on its home linkon its home link
![Page 8: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/8.jpg)
Bidirectional tunneling
HA
MN
CN
![Page 9: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/9.jpg)
Route Optimization
MN CN
![Page 10: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/10.jpg)
• Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link
• CN saves the MN’s CoA into its BUC-binding update cache
• CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA
• Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities
![Page 11: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/11.jpg)
BU processBU process
1.1. HoA: a MN’s HoA cannot be abusedHoA: a MN’s HoA cannot be abused2.2. CoA: CN’s BUC must save correct CoA: CN’s BUC must save correct
MN’s CoAMN’s CoA
Source IP
Destination IP
HoA optionHoA option
……(CoA)
HoAHoA
CoA
……
BU message’s headerBU message’s header CN’s BU entryCN’s BU entry
![Page 12: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/12.jpg)
1. Introduction2. Mobility support3. 3. Security mechanisms Security mechanisms
and threats analysisand threats analysis4. Address ownership
problem5. Solution6. Conclusion
![Page 13: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/13.jpg)
Security Mechanisms
• Authorization and trust
• Authentication
• Integrity
• Confidentiality
• Anti-replay
![Page 14: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/14.jpg)
• Authorization and trust:Authorization and trust: A CN verifies whether a MN has right to create or update its BUC
• Authentication:Authentication: MN and CN can verify their identifies
• Integrity:Integrity: BU message cannot be modified by an unauthorized node
• Confidentiality:Confidentiality: CoA and HoA cannot be disclosed to malicious nodes
• Anti-replay:Anti-replay: An attacker delivers old, out-of date packet to CN by pretending to be a MN
![Page 15: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/15.jpg)
MN CN
MN attacker
::20:10:10:10
BUBU
False BUFalse BU::30:10:10:10
BUC
HoA
CoA
::40:10:10:10
Source address: ::30:10:10:10
Destination address: ::CN’s IP address
Home address option: MN’s home address
![Page 16: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/16.jpg)
Threats analysis
•Man-In-the-Middle attack
•Denial of Service attack
![Page 17: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/17.jpg)
Man-In-the-Middle attack
A B
Attacker
![Page 18: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/18.jpg)
Denial Of Service Attack
MN CN
Attacker
![Page 19: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/19.jpg)
1. Introduction2. Mobility support3. Security mechanisms
and threats analysis4.4. Address ownership Address ownership
problemproblem5. Solution6. Conclusion
![Page 20: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/20.jpg)
1. A MN’s HoA works as a searching key during BU process
2. A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN
![Page 21: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/21.jpg)
1. Introduction2. Mobility support3. Security mechanisms
and threats analysis4. Address ownership
problem5. 5. SolutionSolution6. Conclusion
![Page 22: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/22.jpg)
Solution Overview
• Using an ID shared only with a pair MN and CN as a searching key
• Apply RSA asymmetric to distribute an ID and a session key
• Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process
![Page 23: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/23.jpg)
Authentication in MIPv6
Apply in MIPv6
Preparation Binding Update Verifying
![Page 24: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/24.jpg)
Preparation Procedure
MN-----------------------------------CNPublic key
MN<---------------------------------CN[ID, session key] public
MN saves the ID and session key
MN generates public/private key
![Page 25: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/25.jpg)
Binding update procedure
MN---------------------------------CN
CN decrypts CoA by session
CN verifies CoA and saves
[CoA] session & ID
IDID
Session keySession key
CoACoA
Public keyPublic key
……
CN’s BU entryCN’s BU entry
![Page 26: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/26.jpg)
Verify procedure
• An attackerAn attackerIt is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.
![Page 27: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/27.jpg)
Verify procedure
• An cheater: has a SA beforeAn cheater: has a SA before
ID ID ID or session keyID or session key
is not correct,is not correct,
Session key Session key CNCN drops packet.drops packet.
Compares CoA andCompares CoA and
CoA CoA source addresssource address
![Page 28: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/28.jpg)
1. Introduction2. Mobility support3. Security mechanisms
and threats analysis4. Address ownership
problem5. Present solution6. 6. ConclusionConclusion
![Page 29: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/29.jpg)
Summary• Solve address ownership Solve address ownership
problemproblem
• Prevent possible attacks Prevent possible attacks
• Implementation simpleImplementation simple
• Suitable any kinds of computer Suitable any kinds of computer and memory and memory
• It is difficult to recognize a It is difficult to recognize a cheatercheater
![Page 30: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/30.jpg)
Future work
1. Combine software and 1. Combine software and hardwarehardware
2. Ciphertext error2. Ciphertext error
• Transmission processTransmission process
• Storage mediumStorage medium
• Recover plaintext from errorsRecover plaintext from errors
![Page 31: Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.](https://reader035.fdocuments.us/reader035/viewer/2022062515/56649d245503460f949faafa/html5/thumbnails/31.jpg)
Thank youThank you