Network Security. Security of Mobile Internet Communications. Chapter 17. Network Security (WS 2002): 17 Mobile Internet Security 1 Dr.-Ing G.

Transcription

1 Network Security Chapter 17 Security of Mobile Internet Communications Network Security (WS 2002): 17 Mobile Internet Security 1

2 Motivation for Mobile IP Routing in the Internet: Based on IP destination address, network prefix determines subnet Change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables Non-Solutions: Specific routes to end-systems: does not scale well with the number of mobile hosts and frequent changes in the location Changing the IP-address: almost impossible to find a mobile system, DNS updates take to long time, TCP connections break Basic Idea [RFC 2002, RFC 3220]: Forwarding of IP packets is based on temporary IP addresses Change of network requires additional functionality: new network entities: home agent, foreign agent Mechanisms are (mostly) transparent to end systems [Acknowledgement: Parts of these slides are based on material by Prof. Dr.-Ing. J. Schiller] Network Security (WS 2002): 17 Mobile Internet Security 2

3 Some Terminology for Mobile IP Mobile Node (MN) System (node) that can change the point of connection to the network without changing its IP address Typically a mobile end-system Home Agent (HA) System in the home network of the MN, typically a router Registers the location of the MN, tunnels IP datagrams to the COA Foreign Agent (FA) System in the current foreign network of the MN, typically a router Forwards the tunneled datagrams to the MN, typically also the default router for the MN, provides the COA Care-of Address (COA) Address of the current tunnel end-point for the MN Actual location of the MN from an IP point of view Can be chosen, e.g., via DHCP Network Security (WS 2002): 17 Mobile Internet Security 3

4 Route of IP Packets in Standard Mobile IP MN Home Network 1. Router HA Change of Network 2. Internet Router FA MN Foreign Network CN Router HA: Home Agent FA: Foreign Agent MN: Mobile Node CN: Corresponding Node 1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP) 2. HA tunnels packet to COA (here FA) by encapsulation 3. FA forwards the packet to the MN Network Security (WS 2002): 17 Mobile Internet Security 4

5 Encapsulation (1) original IP header original data new IP header new data outer header inner header original data Encapsulation of one packet into another as payload: e.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone) here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE (Generic Routing Encapsulation) Network Security (WS 2002): 17 Mobile Internet Security 5

6 Encapsulation (2) IP-in-IP-encapsulation (mandatory in RFC 2003) Tunnel between HA and COA ver. IHL TOS length IP identification flags fragment offset TTL IP-in-IP IP checksum IP address of HA Care-of address COA ver. IHL TOS length IP identification flags fragment offset TTL lay. 4 prot. IP checksum IP address of CN IP address of MN TCP/UDP/... payload Network Security (WS 2002): 17 Mobile Internet Security 6

7 Network Integration of a Mobile Node Agent Advertisement: HA and FA periodically send advertisement messages into their physical subnets MN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network) MN reads a COA from the FA advertisement messages Registration (always limited lifetime!): MN signals COA to the HA via the FA, HA acknowledges via FA to MN This procedure have to be secured by authentication Advertisement: HA advertises the IP address of the MN (as for fixed systems), i.e. standard routing information Routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time) Packets to the MN are sent to the HA, Independent of changes in COA/FA Network Security (WS 2002): 17 Mobile Internet Security 7

8 Mobile IP Registration Registration in a Foreign Network Registration in the Home Network MN FA HA MN HA registration request registration request registration reply registration request t registration reply registration reply t Network Security (WS 2002): 17 Mobile Internet Security 8

9 Optimization of Packet Forwarding Triangular routing of standard Mobile IP: Sender sends all packets via HA to MN Higher latency and network load One proposed solution, route optimization for Mobile IP [Perkins00a]: Sender learns the current location of MN from HA (binding update) Direct tunneling to this location Change of FA: Packets on-the-fly during the change can be lost New FA informs old FA to avoid packet loss, old FA now forwards remaining packets to new FA This information also enables the old FA to release resources for the MN Security problems: Tunnel hijacking: binding updates to CNs are not authenticated Location privacy: route optimization reveals the MN s current location However, it can be configured to which CNs the COA is revealed Network Security (WS 2002): 17 Mobile Internet Security 9

10 Route Optimization: Change of Foreign Agent CN HA FA old FA new MN request update ACK data registration data registration MN changes location update data warning data ACK data update ACK data data t Network Security (WS 2002): 17 Mobile Internet Security 10

11 Mobile IP with Reverse Tunneling Routers accept often only topological correct addresses (e.g. firewalls): Standard Mobile IP lets MNs send their packets with their home address Furthermore, there exist some multicast and TTL problems (TTL in the home network correct, but MN is to far away from the receiver) Reverse tunneling for Mobile IP [RFC3024] addresses these problems: 1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case) This extension can be implemented easily and co-operates with current implementations without reverse tunneling However, reverse tunneling does not solve: Further problems with firewalls: the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking) Optimization of data paths: this gets even worse, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing) Network Security (WS 2002): 17 Mobile Internet Security 11

12 Authentication for Mobile IP Access (1) Motivations for different authentication relations: Authentication between MN and home network: Basically serves to counter hijacking attacks Authentication between MN and visited network: Control access to network resources Secure accounting of resource usage Authentication between visited network and home network: Control which MN may use network resources Secure accounting of resource usage Control which networks may be accessed by an MN Standard Mobile IP does not include sufficient means to provide authentication and key management for truly mobile Internet access: IETF is currently defining interaction with an authentication, authorization & accounting (AAA) infrastructure [RFC2977] Network Security (WS 2002): 17 Mobile Internet Security 12

13 Authentication for Mobile IP Access (2) Which entities are involved in authentication? Visited network: Mobile node (MN) Foreign agent (FA) Local authentication, authorization & accounting server (AAAL) Home network: Home AAA server (AAAH) Home agent (HA) Intermediate Network: AAA brokers Network Security (WS 2002): 17 Mobile Internet Security 13

14 Authentication for Mobile IP Access (3) Broker Broker... Broker AAAL 1... AAAL n AAAH FA 1,1 FA 1,m1 Fa n,1 Fa n,mn HA Intra-Domain HO Inter-Domain HO Network Security (WS 2002): 17 Mobile Internet Security 14

15 Authentication for Mobile IP Access (4) Two aspects have to be separated: Mobile IP registration: Main issue: securely configuring re-routing of IP packets AAA authentication: Main issue: authenticate user for accounting purposes May additionally facilitate authentication with HA / FA Remark: Location privacy is currently not considered sufficiently in design of the authentication procedure Current plans are even worse than GSM location privacy! Network Security (WS 2002): 17 Mobile Internet Security 15

16 Authentication for Mobile IP Access (5) Mobile IP registration authentication protocol: Authentication is performed by piggy-packing MACs on to exchanged registration messages: 1.) MN FA: (RegReq, Flags, Lifetime, Addr MN, Addr HA, CoA, Id Req, NAI MN, Sig MN,HA, [Sig MN,FA ]) 2.) FA HA: (RegReq, Flags, Lifetime, Addr MN, Addr HA, CoA, Id Req, NAI MN, Sig MN,HA, [Sig MN,FA ], [Sig FA,HA ]) 3.) HA FA: (RegRep, Code, Lifetime, Addr MN, Addr HA, Id Rep, NAI MN, Sig HA,MN, [Sig HA,FA ]) 4.) FA MN: (RegRep, Code, Lifetime, Addr MN, Addr HA, Id Rep, NAI MN, Sig HA,MN, [Sig HA,FA ], [Sig FA,MN ]) Network Security (WS 2002): 17 Mobile Internet Security 16

17 Authentication for Mobile IP Access (6) There remains one important issue to be resolved: How to establish the security associations: FA HA? MN FA? While the relationship FA HA could be established with a standard IPSec internet key exchange (IKE), this is not possible for MN FA, as the MN has not yet obtained a valid IP address. Furthermore, IKE is a (very) general purpose protocol, which requires more effort than a dedicated protocol might need. This (among other things) motivates integration with AAA infrastructure Network Security (WS 2002): 17 Mobile Internet Security 17

18 AAA Static and Dynamic Trust Relationships Dynamic Trust Relationship Broker Static Trust Relationship Broker... Broker AAAL 1... AAAL n AAAH FA 1,1 FA 1,m1 Fa n,1 Fa n,mn HA AAAH generates keys for dynamic relationships Network Security (WS 2002): 17 Mobile Internet Security 18

19 Authentication with AAA Infrastructure (1) Challenge Signing MN FA AAAL Broker AAAH HA Adv. RegReq. AMR AMR AMR Authenticity Check HAR RegRep. AMA AMA AMA HAA Network Security (WS 2002): 17 Mobile Internet Security 19

20 Authentication with AAA Infrastructure (2) In roaming scenarios, the AAA infrastructure is planned to serve as a trusted third party (TTP) for mobile IP: Foreign agents include challenges in their advertisements (via challenge-response extension) The MN includes an NAI-extension and an MN-AAA-extension in his Mobile IP registration request The FA creates an AAA mobile node request (AMR) and sends it to the local AAA server (AAAL) The message is send to the AAA server of the MN s home domain (AAAH), eventually using AAA brokers AAAH checks the authenticity of the MN-AAA extension Network Security (WS 2002): 17 Mobile Internet Security 20

21 Authentication with AAA Infrastructure (3) AAA serving as TTP for Mobile IP (cont.): AAAH creates session keys for use between: MN HA (encrypted with K AAAH,MN / K AAAH,HA ) MN FA (encrypted with K AAAH,MN / K AAAH,AAAL / K AAAH,AAAB ) HA FA (encrypted with K AAAH,HA / K AAAH,AAAL / K AAAH,AAAB ) For key distribution purposes these session keys are encrypted with the keys indicated above AAAH sends a home agent mobile IP request (HAR) to the HA HA processes the request and answers with a home agent mobile IP answer (HAA) This message is forwarded as an AMA message to AAAL and then to FA FA sends an appropriate RegRep message to MN Network Security (WS 2002): 17 Mobile Internet Security 21

22 Authentication with AAA Infrastructure (4) Remarks: Mobile IP registration and AAA authentication are realized with one Internet traversal Subsequent re-registration is performed with standard Mobile IP means The distributed session keys have a limited lifetime Inter-domain handover requires AAA authentication Network Security (WS 2002): 17 Mobile Internet Security 22

23 Authentication with AAA Infrastructure (5) Some security remarks: The MN authentication procedure involves quite a few entities which makes security analysis difficult The challenge-response verification is distributed: FA provides challenge, but he can not verify the response FA has to trust an AAAH he does not know via a chain of trust created by AAAL and AAA brokers AAAH can verify the response, but does not provide the challenge AAAH may not deduce that the RegReq is fresh The brokers can read the session keys for FA / AAAL NAI extension is send in clear no location privacy, not even on the air interface! Network Security (WS 2002): 17 Mobile Internet Security 23

24 Additional References [Perkins00a] C. Perkins, D. B. Johnson. Route Optimization in Mobile IP. Internet Draft draft-ietf-mobileip-optim-10.txt (work in progress), [RFC2002] C. Perkins. IP Mobility Support. Internet RFC 2002, obsoleted by RFC 3220, [RFC2977] S. Glass, T. Hiller, S. Jacobs, C. Perkins. Mobile IP Authentication, Authorization, and Accounting Requirements. Internet RFC 2977, [RFC3024] G. Montenegro. Reverse Tunneling for Mobile IP, revised. RFC 3024, [RFC3220] C. Perkins. IP Mobility Support, revised. Internet RFC 3220, Network Security (WS 2002): 17 Mobile Internet Security 24