Mobile IPv6 Security while traversing a NAT
|
|
- Aubrey Roberts
- 6 years ago
- Views:
Transcription
1 Mobile Pv6 Security while traversing a NAT Geon-Woo Kim, Jong-Wook Han, Dong-1 Seo Electronics and Telecommunications Research nstitute 161 Gajeong-Dong Yuseong-Gu Daejeon, KOREA Abstract- The mobile Wv6 protocol allows a mobile node to move from one link to another without changing the mobile node s home address by using a care-of address. When a mobile node moves to a foreign link bebind a NAT, it uses a local-scope care-of address, which bas been allocated by a foreign router dominating the visited nehvork, as identification of itself. On the other hand, other nodes outside the NAT are going to identify the mobile node by a public care-of address translated into from the local-scope care-of address by the NAT. As each security mechanism running over mobile Pv6 relies on the P address information, it brings about many critical problems. Therefore, io this paper, we propose some modifications to the legacy mobility messages by just adding single flag to address incompatibilities caused by NAT-deployment. With the new proposed mechanism, we can provide secure and seamless Pv6 mobility services regardless of the mobile node s current point of attacbment to the nternet, even though it is located behind a NAT.. NTRODUCTON The mobile Pv6 protocol allows a mobile node to move from one link to another without changing the mobile node s home address. Packets may be routed to the mobile node using this address regardless of the mobile node s current point of attachment to the nternet. The movement of mobile node away from its home link is transparent to transport and higher-layer protocols and applications []. Mobile nodes are uniquely identifiable by a globally routable P address [2]. This assumption breaks down when a mobile node attempts to communicate from behind a Network Address Translation [3]. Since each binding update to home agent and correspondent nodes relies on the mobile node s home address and primary care-of address, which uniquely identifies the mobile node, care must be taken when moving into behind a NAT. Especially, mobile Pv6 route optimization can operate securely even Without pre-arranged security associations; it uses return routability procedure for correspondent nodes to authorize a mobile node On recognition of the NAT-deployment, the mobile node might suppose that it is identifiable by a local-scope care-of address allocated by the NAT. Nevertbeless, the home agent and the correspondent nodes still use a globally routable address translated into from the local-scope care-of address by the NAT as the mobile node s identification. After all, the mobile node isn t to be provided with seamless mobile network services, as authenticatiodauthorization processes during binding update and return routability procedure may not be completed due to inconsistency between both identifications of the mobile node. n this paper, we propose some modifications to the legacy Pv6 mobility messages to unify the identifications and make it possible to securely authorize the mobile node, even when traversing a NAT. 11. NCOMPATBLTES BY NAT-DEPLOYMENT Mobile Pv6 relies on exchanging traffic between home network and mobile node through Psec ESP transport/tunnel modes. A mobile node that communicates from behind a NAT is reachable only through a globally routable address used by the NAT, called a public care-of address. A mobile node that resides behind a NAT is going to continue communicating with correspondent nodes through a local-scope address, called private care-of address, configured by the NAT, not routable in public network outside the NAT. Anyway, the mobile pv6 employs the Psec ESP in tunnel mode instead of -in-p used by mobile P for tunneling packets between home agent and mobile node. ipsec ESP in tunnel mode doesn t need to care about legal access to address fields of P packets by the NAT, just decapsulates the packets and forwards to correspondent node or absorbs them. Also, we can employ Psec ESP in transport mode for exchanging traffic between home agent and mobile, e.g., home registration, prefix advertisementholicitation, etc. Generally, it is out of the question when one identifies the other by the outer P address. n some cases of exchanging control traffic, there may be another way for ensuring each other. For instance, home agent sends binding acknowledgement message in reply to bind update message to the address contained in the Altemate Care-of Address option, not the source address of the P packet translated by a NAT. Consequently, it leads to that the home agent uses private address in the nternet, which isn t routable. Besides, references to SAS are based on P address, so both end hosts may have different SAS for Psec enforcement from each other. n this paper, we d better concern about only how to handle the two care-of addresses (private, public) contained in the payload and Psec SAS, as well as extensions of binding update message, binding acknowledgement message and router advertisement message for NAT-awareness NAT DEPLOYMENT EN-KOWE TO MOBLE NODE Each mobile pv6 node is able to travel any foreign link and be provided with seamless communications regardless of its current point of attachment to the htemet. Also, sometimes it is likely to be located bebind a NAT, which permits only private care-of address for it. n this case, some special cares must be /03/$ EEE. 331
2 taken for secure mobile service. t can be summarized as follows; A. Psec ESP Transpori SA Establishment between home agent and mobile node SAS with Psec ESP in transport mode contain secnrity mechanisms for the traffic between a mobile node and a home agent, where each operates as an end-node. f this traffic is not protected, mobile nodes and correspondent nodes are vulnerable to Man-in-the-Middle, Hijacking, Confidentiality, mpersonation, and Denial-of-Service attacks. Any third parties are also vulnerable to Denial-of-Service attacks. n order to avoid these attacks, the base specification uses Psec to protect traffic between the home agent and the mobile node. t consists of various messages camed by the Mobility Header protocol in Pv6. The traffic takes the following forms: 0 Binding update and acknowledgement messages exchanged between the mobile node and the home agent. 0 CMPv6 messages exchanged between the mobile node and the home agent for the purposes of prefix discovery. 0 All payloads exchanged between the mobile node and the home agent as end nodes. 0 f multicast group membership cootrol protocols or stateful address auto-configuration protocols are supported, payload data protection support is required. When the control traffic between the mobile node and the home agent requires message authentication, integrity, correct ordering and replay protection, both the mobile node and the home agent should use the ESP header in transport mode and must use a non-null payload authentication algorithm. The mobile node and the home agent must have a security association to protect the traffic. Furthermore, great cares need to be taken when using ME for establishing secnrity associations to the mobile mv6 home agent. The right kind of addresses must be used for transporting KE. This is necessary to avoid circular dependencies in which the use of a binding update triggers the need for an KE exchange that cannot complete prior to the binding update having been completed ~41. f there is no existing secnrity association to protect the binding update, KE is initiated. The phase 1 identity used for the mobile node may be a FQDN. During the negotiation, the mobile node is identifiable by its new private care-of address and the home agent identifies it by public care-of address translated into from the private care-of address by a NAT. But each node negotiating Psec SAS through KE protocol identifies each other by the dentification Payload in phase 1 and phase 2. The phase 2 identity used for the mobile node is the mobile node s home address. Consequently, the negotiated new SAS are based on both the mobile node s home address and home agent s address, and we can employ them for traffic between home agent and mobile node as they are. Since mobile F v6 uses Home Address Destination Option and Type 2 Routing header for notifying the mobile node s home address, we can apply Psec based on the home address regardless of its current location. NAT traversal can t disturb SA deployments for traffic between home agent and mobile node. B. ome Regishation through a NAT When a mobile node moves into foreign link away from home, it can realize that it is attached to foreign link on the receipt of a router advertisement message from the foreign router. With it, the mobile node can perform network renumbering and mobile configuration. Furthermore, if a NAT is deployed, we need to inform the mobile of the existence of NAT. n order to make the mobile node NAT-aware, it is reasonable to extend the existing router advertisement message by adding single N flag, which indicates that they are behind a NAT. Receiving the router advertisement message with N flag set, the mobile node send a binding update message to its home agent in order to register the primary care-of address, A following example depicts the proposed home registration flow. M.*N* Binding Ae owledgemen1 _de* Fig. 1 Home Registration Procedure through a NAT According to the standard procedure specified in the ETF document, a home registration needs only single BUBA pair. But, where a NAT is deployed, due to the intermediate access to outer P header, home registration may not be performed correctly. That is to say, the mobile node should use Psec ESP in transport mode to ensure the security of the binding information, especially the primary care-of address. On the other hand, the primary care-of address is not to be protected, because it is contained in the source address field of the P header, where Psec ESP in transport mode can t guarantee the security. n order to fix up it, the binding update message has been configured to contain an Alternate Care-of Address option to make the primary care-of address be protected. As the NAT translates the private care-of address into the public care-of address, the source address of P header differs from the care-of address contained in the Alternate Care-of Address option. Then, the home agent deduces that someone has modified the P header and it is not correct any more, so uses the care-of address contained in the Alternate Care-of Address option as a primary care-of address ofthe mobile node, 332
3 which is a private care-of address of the mobile node. Accordingly, it leads to a result that packets destined to the mobile node are forwarded with the private care-of address by the home agent. But those packets can t be delivered to its destination in that the destination address is local-scope and invalid in public network. Consequently, we can conclude that the home agent must know the public care-of address of the mobile node. To make it possible, we extends the binding update message and the binding acknowledgement message by adding single N flag to indicate that NAT is running over the path and has a permission to access messages passing through. C. Establishment of Tunneling nterface Psec ESP in tunnel mode must be supported and should be used for the protection of packets belonging to the retum routability procedure. A non-null encryption transform and authentication algorithm must he applied. Mobile node establishes a pair of security associations in tunnel mode for protecting retum routability packets. This step uses the phase connection established in A, and multiple phase 1 connections are also possible. M.U BU c Home Network Private care4 Address Fig. 2 Messages exchanged between mobile node and home agent while registering a binding The home agent receiving the binding update message with the N flag set deduces that the message bas traversed a NAT and its source address of 1P header has been translated from the private care-of address into the public care-of address. According to the specification of mobile F v6, a home agent can recognize a mobile node s primary care-of address by inspecting a care-of address field contained in the Alternate Care-of Address option. But in this case, the address from the Alternate Care-of Address option is a private care-of address, which the home agent doesn t want to know. Therefore, the home agent would better use the source address ofthe p heade as a primary care-of address of the mobile node. t is applicable only when N flag is set. The home agent processes the binding update and replies with binding acknowledgement whose N flag is set. Here, how the home agent can ensure that the source address of the P header bas not been illegally modified by someone en-route? n order to guarantee the legality of the translations, we employ an additional binding update message, which gives a conviction that the binding acknowledgement message destined to the public care-of address has been delivered to the correct mobile node. Receiving the second binding update message means that the fmt binding update message deserves to be trusted. Mer the home agent receives the second binding update message, the home registration is completed. When the mobile node issues the second binding update message, its sequence number must he incremented by 1. Fig. 3 Tunnel Mode between the home agent and mobile node f the mobile node and the home agent have the capability to change the ME endpoints, they would better change the address. Strictly speaking, the mobile node changes the source address into its own private care-of address and the home agent into the public care-of address respectively. f they don t have the capability, both nodes remove their phase 1 connections created on top of the previous care-of address and establish a new KE phase 1 on top of the care-of addresses. This capability to change the ME phase 1 endpoints is indicated through setting the Key Management Mobility Capability (K) flag in the binding update message and binding achowledgement message [4]. Consequently, the home agent and the mobile node maintain their own SAS different from each other. D. Return Routability Procedure Protection of binding updates sent to correspondent nodes does not require the configuration of security associations or existence of authentication infrastructure between the mobile nodes and the correspondent nodes. nstead, a method called the rehun routability procedure is used to assure that the right mobile node is sending the binding update message. This procedure is not secure against attackers who are on the path between the home network and the correspondent node. However, attackers in such a location are capable of performing the same attacks even without mobile lpv6. The main advantage of the return routability procedure is that it limits the potential attackers to those having an access to one specific path in the nternet, and avoids forged binding updates from anywhere else in the nternet. 333
4 Correspondent Node private care-of address. With N flag in binding update message, the correspondent node can he aware of the deployment of NAT and uses a source address field as a primary care-of address, whicb is the private care-of address. n order to ensure the source address field, they exchange an additional binding update message from the mobile node to the correspondent node. After receiving the binding update message, then the correspondent node can be convinced that the translated source address has been pure en-route. The exchanged messages are as follows; Fig. 4 Retum Routability Procedure through a NAT Every HoT and HOT messages are processed based on the mobile node's home address, so not affected by the mobility. Especially, NAT deployment doesn't have an effect on the Home Test in return mutability procedure. But it is likely to bring about some considerations in processing the CoT and COT messages, whicb are performed based on the primary care-of address. The care-of keygen token has been generated based on the public care-of address by the correspondent node, and mobile node is not aware of the public care-of address resulting from translating its own private care-of address into. However, since the mobile node is going to use the care-of keygen token from the correspondent node as it is, without generating a new care-of keygen token for itself, the deployment of NAT can't be an obstacle to processing the return routability procedure. E. Correspondent Binding Procedure A correspondent node is able to authorize a mobile node which is supposed to originate correspondent binding procedure according to the Kbm created during rem routability procedure, where the Kbm is a key used for authorizing a binding cache management message. A way to enhance compatibilities between return routability procedure and NAT is similar to that of home registration, so we are able to settle problems that are occurred during a correspondent binding procedure with the same way used during the home registration through a NAT. A correspondent binding procedure is different from a home registration in that it uses a binding authorization data option for authorizing binding update message and binding acknowledgement message instead of using Psec. f a correspondent binding procedure is capable of using Psec, there is no need to perform a return routability procedure, which is just a substitution for Psec for simplicity. To speak honestly, Psec is so heavy that it is not desirable to employ it in every connection between mobile node and correspondent node. A binding management key, Kbm is created as follows; MAC mn MAC S A(Kbm. (core-ofaddress CNoddress BlJj MAC cn MAC S Al(Kbm, (care-ofaddress CNaddmSs BA) The same care-of address that are used in calculating the MAC values as input parameters must be used and may be the Fig. 5 Correspondent Binding Procedure through a NAT V. CONCLUSON n order to continue communication in spite of its movement, a mobile node could change its F' address each time it moves to a new link. But the mobile node would then not be able to maintain transport and higher-layer connections when it changes location. The mobile Pv6 allows a mobile node to move from one link to another without changing the mobile node's home address. Packets may be routed to the mobile node using this address regardless of the mobile node's current point of attachment to the nternet. The mobile node may also continue to communicate with other nodes (stationary or mobile) after moving to a new link. The movement of a mobile node away from its home link is thus transparent to transport and higher-layer protocols and applications. However, if a mobile node moves to foreign link behind a NAT, then it brings about many critical problems. As the mobile node uses a private care-of address allocated by a foreign router behind the NAT as its own new primary care-of address, it may attempts to register the private care-of address to its home agent and correspondent nodes, but which is local-scope and can not be routed in public network. n order to fix up these issues, we need some modifications to the router advertisement message, the binding update message, and binding acknowledgement just by adding single N flag in the resewed field to indicate that NAT is running en-route and F' header may change while traversing it. With the flag in the router advertisement message, the mobile node can recognize that it is currently located behind a NAT. Binding update messages and binding acknowledgement message use the flag to inform that p address in each message has been translated by the NAT. 334
5 As a result, it is possible to make binding update and return routability procedure recognize the relationship among the mobile node home address, public care-of address and the private care-of address. t is clear that all security mechanisms deployed in mobile Pv6 depend on P address used mobile node. n order to make some network devices against Psec security paradigms such as NAT device work well, it is mandatoty to enhance compatibilities between mobile F v6 and NAT By adding single flag to binding update messages and binding achowledgement messages for notifying that NAT is deployed en-route and the visible address outside the NAT is not a real care-of address from the mobile node s point of view, we can fix up many incompatibilities occurred during movement behind a NAT. As well, in order to trust the source address field of binding update message, which might not be protected by Psec, we are encouraged to append an additional binding update message from the mobile node to both the home agent and the correspondent nodes. Consequently, we can provide the security in mobile Pv6 regardless of mobile node s current point of attachment to the nternet, including foreign link behind a NAT, by adding single flag in each binding message, which burdens legacy network with little overheads. [] [2] [3] [4] REFERENCES D. Johnson, C. Perkins,. Arkko, Mobility Support in Pv6. ETF Mobile P Workies roup lnrernel-drofr Perkins, C., 1P Mobility Support for Pv4, RFC 3344, August H. Levkowetz, S. Vaarala, Mobile P NATiNAF T Travenal using UDP Tunneling, ETF Mobile P Working Group nternet-draa, November4, Arkko, V. devarapalli, F.Dupant, Using Psec to Protect Mobile 1Pv6 Signaling between Mobile Nodes and Home Agents, ETF Mobile P Working Group nternet-draft, Febuary 18,
Network Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004
Network Working Group Request for Comments: 3776 Category: Standards Track J. Arkko Ericsson V. Devarapalli Nokia Research Center F. Dupont GET/ENST Bretagne June 2004 Using IPsec to Protect Mobile IPv6
More informationInternet Engineering Task Force (IETF) Ericsson July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6275 Obsoletes: 3775 Category: Standards Track ISSN: 2070-1721 C. Perkins, Ed. Tellabs, Inc. D. Johnson Rice University J. Arkko Ericsson July
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationCategory: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers
Network Working Group H. Soliman, Ed. Request for Comments: 5555 Elevate Technologies Category: Standards Track June 2009 Status of This Memo Mobile IPv6 Support for Dual Stack Hosts and Routers This document
More informationIntroduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology
2005 / High Speed Networks II Outline Introduction Mobility Support Overview of IPv6 Mobility Support Handover Management Mobility Support What means Mobility Support? allow transparent routing of IPv6
More informationExtended Correspondent Registration Scheme for Reducing Handover Delay in Mobile IPv6
Extended Correspondent Registration Scheme for Reducing Handover Delay in Mobile IPv6 Ved P. Kafle Department of Informatics The Graduate University for Advanced Studies Tokyo, Japan Eiji Kamioka and Shigeki
More informationLECTURE 8. Mobile IP
1 LECTURE 8 Mobile IP What is Mobile IP? The Internet protocol as it exists does not support mobility Mobile IP tries to address this issue by creating an anchor for a mobile host that takes care of packet
More informationRequest for Comments: Category: Best Current Practice June 2008
Network Working Group Request for Comments: 5266 BCP: 136 Category: Best Current Practice V. Devarapalli Wichorus P. Eronen Nokia June 2008 Secure Connectivity and Mobility Using Mobile IPv4 and IKEv2
More informationTechological Advantages of Mobile IPv6
Techological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 / HFl Outline
More informationCSE 123A Computer Netwrking
CSE 123A Computer Netwrking Winter 2005 Mobile Networking Alex Snoeren presenting in lieu of Stefan Savage Today s s issues What are implications of hosts that move? Remember routing? It doesn t work anymore
More informationMobile IPv4 Secure Access to Home Networks. Jin Tang
Mobile IPv4 Secure Access to Home Networks A Thesis Presented to The Academic Faculty by Jin Tang In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy School of Electrical and
More informationCharles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo
IETF Mobile IP Working Group INTERNET-DRAFT David B. Johnson Rice University Charles Perkins Nokia Research Center 2 July 2000 Mobility Support in IPv6 Status of This
More informationRequest for Comments: Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009
Network Working Group Request for Comments: 5648 Category: Standards Track R. Wakikawa, Ed. Toyota ITC V. Devarapalli Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009 Multiple
More informationSlide 1. Slide 2. Slide 3. Technological Advantages of Mobile IPv6. Outline of Presentation. Earth with 2 Billion Mobile devices
Slide 1 Technological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 /
More informationA Service Management Architecture for NEMO in IPv4 and IPv6 Networks
A Service Management Architecture for NEMO in IPv4 and IPv6 Networks JinHoKim,ChoongSeonHong, Dae Sun Kim Department of Computer Engineering, Kyung Hee University, Seocheon, Giheung, Yongin, Gyeonggi,
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Stefan Savage Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to
More informationQuick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to be part of the
More informationMobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP
Introduction: Mobile IP Overview An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet
More informationCommunications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage
CSE 123b CSE 123b Communications Software Spring 2003 Lecture 10: Mobile Networking Stefan Savage Quick announcement My office hours tomorrow are moved to 12pm May 6, 2003 CSE 123b -- Lecture 10 Mobile
More informationQuick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003
CSE 123b Communications Software Quick announcement My office hours tomorrow are moved to 12pm Spring 2003 Lecture 10: Mobile Networking Stefan Savage May 6, 2003 CSE 123b -- Lecture 10 Mobile IP 2 Last
More informationMOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS
MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS Albert Cabellos-Aparicio and Jordi Domingo-Pascual * Technical University of Catalonia, Department of Computer Architecture
More informationA New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks
A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo 1, Jungsook Koo 2, Dong Chun Lee 3 1 Dept. of Computer Science and Eng., Hanyang Univ., Korea jdkoo@cse.hanyang.ac.kr
More informationModule 28 Mobile IP: Discovery, Registration and Tunneling
Module 28 Mobile IP: Discovery, and Tunneling Learning Objectives Introduction to different phases of Mobile IP Understanding how a mobile node search the agents using Discovery process Understand how
More informationMobile IP and its trends for changing from IPv4 to IPv6
Mobile IP and its trends for changing from IPv4 to IPv6 Nguyen Ngoc Chan*, Tran Cong Hung Ph.D. (Posts & Telecommunications Institute of Technology, Viet Nam) E-mail: ngoc_chan@ptithcm.edu.vn, conghung@ptithcm.edu.vn
More informationIPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol
IPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol Ryuji Wakikawa Carl Williams Keisuke Uehara Jun Murai Keio University. Graduate School of Media and Governance KDDI
More informationNetwork Security. Security of Mobile Internet Communications. Chapter 17. Network Security (WS 2002): 17 Mobile Internet Security 1 Dr.-Ing G.
Network Security Chapter 17 Security of Mobile Internet Communications Network Security (WS 2002): 17 Mobile Internet Security 1 Motivation for Mobile IP Routing in the Internet: Based on IP destination
More informationMobile IPv6. Washington University in St. Louis
Mobile IPv6 Raj Jain Professor of Computer Science and Engineering Washington University in Saint Louis Saint Louis, MO 63130 Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse574-08/
More informationMobile IP. Mobile Computing. Mobility versus Portability
Mobile IP Mobile Computing Introduction Amount of mobile/nomadic computing expected to increase dramatically in near future. By looking at the great acceptance of mobile telephony, one can foresee a similar
More informationModification to Ipv6 Neighbor Discovery and Mobile Node Operation
RESEARCH INVENTY: International Journal of Engineering and Science ISSN: 2278-4721, Vol. 1, Issue 6 (October 2012), PP 39-49 www.researchinventy.com Modification to Ipv6 Neighbor Discovery and Mobile Node
More informationInternet Engineering Task Force (IETF) Request for Comments: 6279 Category: Informational ISSN: Q. Wu Huawei June 2011
Internet Engineering Task Force (IETF) Request for Comments: 6279 Category: Informational ISSN: 2070-1721 M. Liebsch, Ed. NEC S. Jeong ETRI Q. Wu Huawei June 2011 Abstract Proxy Mobile IPv6 (PMIPv6) Localized
More informationOverview of the MIPv6 Implementation
Overview of the MIPv6 Implementation Tunneling Tunneling support was added as it is necessary for MIPv6. Interfaces have interfaceids that uniquely identify them. Similarly, every tunnel has a virtual
More informationMobility Support in IPv6
Mobility Support in IPv6 Charles E. Perkins David B. Johnson T. J. Watson Research Center Computer Science Department IBM Corporation Carnegie Mellon University Hawthorne, NY 10532 Pittsburgh, PA 15213
More information11. IP Mobility 최 양 희 서울대학교 컴퓨터공학부
11. IP Mobility Introduction Terminal Mobility Person Mobility Network Mobility Internet 2002 Yanghee Choi 2 Mobile IP : Why IP addressing scheme optimized for stationary environment point of attachment
More informationMIP4 Working Group. Generic Notification Message for Mobile IPv4 draft-ietf-mip4-generic-notification-message-16
MIP4 Working Group Internet-Draft Intended status: Standards Track Expires: April 28, 2011 H. Deng China Mobile H. Levkowetz Netnod V. Devarapalli WiChorus S. Gundavelli Cisco Systems B. Haley Hewlett-Packard
More informationMobile IPv6. Raj Jain. Washington University in St. Louis
Mobile IPv6 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 13-1 Overview! IPv6:
More information2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,
2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationOn using Mobile IP Protocols
Journal of Computer Science 2 (2): 211-217, 2006 ISSN 1549-3636 2006 Science Publications On using Mobile IP Protocols Fayza A. Nada Faculty of Computers and Information, Suez Canal University, Ismailia,
More informationSecurity Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
More informationMobile IP. rek. Petr Grygárek Petr Grygarek, Advanced Computer Networks Technologies 1
Mobile IP Petr Grygárek rek 1 Basic principle Picture from IOS IP and IP Routing Configuration Guide Mobile node maintains the same IP address even while roaming in foreign networks even if it s address
More informationDesign and Implementation of NEMO based ZigBee Mobile Router for Healthcare System
2010 10th Annual International Symposium on Applications and the Internet Design and Implementation of based for Healthcare System Jin Ho Kim, Rim Haw, Eung Jun Cho, Choong Seon Hong Department of Computer
More informationT Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.
T-0.50 Computer Networks II Mobility Issues 6.0.008 Overview Mobile IP NEMO Transport layer solutions i SIP mobility Contents Prof. Sasu Tarkoma Mobility What happens when network endpoints start to move?
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationMobile & Wireless Networking. Lecture 9: Mobile IP. [Schiller, Section 8.1]
192620010 Mobile & Wireless Networking Lecture 9: Mobile IP [Schiller, Section 8.1] Geert Heijenk Outline of Lecture 11 q Mobile IP Basics q 3 parts of Mobile IP: q Advertising Care-of Addresses q Registration
More informationECS-087: Mobile Computing
ECS-087: Mobile Computing Mobile IP Most of the slides borrowed from Prof. Sridhar Iyer Diwakar Yagyasen.1 Effect of Mobility on Protocol Stack Application: new applications and adaptations Transport:
More informationIPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land
IPv6 1 IPv4 & IPv6 Header Comparison IPv4 Header IPv6 Header Ver IHL Type of Service Total Length Ver Traffic Class Flow Label Identification Flags Fragment Offset Payload Length Next Header Hop Limit
More informationgenerated, it must be associated with a new nonce index, e.g., j. CN keeps both the current value of N j and a small set of previous nonce values, N j
Authenticated Binding Update in Mobile IPv6 Networks Qiu Ying Institute for Infocomm Research Singapore qiuying@i2r.a-star.edu.sg Bao Feng Institute for Infocomm Research Singapore baofeng@i2r.a-star.edu.sg
More informationP A R T T W O MOBILE IPv6
P A R T T W O MOBILE IPv6 Mobile IPv6 T H R E E Consider a scenario where you had to change your place of residence on a semipermanent basis, for instance, due to relocation of your company. One problem
More informationMobile Communications Chapter 9: Network Protocols/Mobile IP
Mobile Communications Chapter 9: Network Protocols/Mobile IP Motivation Data transfer Encapsulation Security IPv6 Problems DHCP Ad-hoc s Routing protocols 9.0.1 Motivation for Mobile IP Routing based on
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationCisco IP Fragmentation and PMTUD
Table of Contents IP Fragmentation and PMTUD...1 Introduction...1 IP Fragmentation and Reassembly...1 Issues with IP Fragmentation...3 Avoiding IP Fragmentation: What TCP MSS Does and How It Works...4
More informationMohammad Hossein Manshaei 1393
Mohammad Hossein Manshaei manshaei@gmail.com 1393 Mobile IP 2 Mobile Network Layer: Problems and Concerns Entities and Terminology in Mobile IP Mobile Indirect Routing Mobile IP Agent Advertisement Registration
More informationAn Analysis of The Fast Handovers for Mobile IPv6 Protocol
An Analysis of The Fast Handovers for Mobile IPv6 Protocol Janne Lundberg Helsinki University of Technology Laboratory for Theoretical Computer Science May 28, 2003 Abstract Fast Handovers for Mobile IPv6
More informationMobile IP version 6 (MIPv6) Route Optimization Security Design
IP version 6 (MIPv6) Route Optimization Security Design Pekka Nikander Jari Arkko Ericsson Research NomadicLab Hirsalantie FIN-02420 JORVAS, Finland Tuomas Aura Microsoft Research Cambridge 7 J J Thomson
More informationIPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local
1 v4 & v6 Header Comparison v6 Ver Time to Live v4 Header IHL Type of Service Identification Protocol Flags Source Address Destination Address Total Length Fragment Offset Header Checksum Ver Traffic Class
More informationIPsec NAT Transparency
The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities
More information3GPP TS V9.4.0 ( )
TS 24.303 V9.4.0 (2011-09) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Mobility management based on Dual-Stack Mobile IPv6; Stage
More informationIPv6: An Introduction
Outline IPv6: An Introduction Dheeraj Sanghi Department of Computer Science and Engineering Indian Institute of Technology Kanpur dheeraj@iitk.ac.in http://www.cse.iitk.ac.in/users/dheeraj Problems with
More informationWhat is mobility? Mobile IP. Mobility Impact on Protocol Stack (cont.) Advanced Topics in Computer Networks
Advanced Topics in Computer Networks What is mobility? spectrum of mobility, from the perspective: Mobile IP no mobility high mobility Chalermek Intanagonwiwat Slides courtesy of James F. Kurose, Keith
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with
More informationOutline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model
CS5984 Mobile Computing Outline Host Mobility problem and solutions IETF Mobile IPv4 Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Mobile IPv4 1 2 Host Mobility Problem 1/2 Host Mobility
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationInternet Networking recitation #
recitation # UDP NAT Traversal Winter Semester 2013, Dept. of Computer Science, Technion 1 UDP NAT Traversal problems 2 A sender from the internet can't pass a packet through a NAT to a destination host.
More informationOutline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.
CS6504 Mobile Computing Outline Host Mobility problem and solutions IETF Mobile IPv4 Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Mobile IPv4 1 2 Host Mobility Problem 1/2 Host Mobility
More informationLecture 13 Page 1. Lecture 13 Page 3
IPsec Network Security: IPsec CS 239 Computer Software March 2, 2005 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided
More informationA Hybrid Load Balance Mechanism for Distributed Home Agents in Mobile IPv6
A Hybrid Load Balance Mechanism for Distributed Home Agents in Mobile IPv6 1 Hui Deng 2Xiaolong Huang 3Kai Zhang 3 Zhisheng Niu 1Masahiro Ojima 1R&D Center Hitachi (China) Ltd. Beijing 100004, China 2Dept.
More informationFast Location Opposite Update Scheme for Minimizing Handover Latency over Wireless/Mobile Networks
Fast Location Opposite Update Scheme for Minimizing Handover Latency over Wireless/Mobile Networks Sunguk Lee Research Institute of Industrial Science and Technology Pohang, Gyeongbuk, 790-330, S.KOREA
More informationBinding information contains the entries in the mobility binding table.
GLOSSARY Numerics 802.11b/g An IEEE specification for a wireless LAN airlink. A agent advertisement agent discovery agent solicitation An advertisement message constructed by attachment of a special extension
More informationMobile IP and IPSec in Enterprise use
Mobile IP and IPSec in Enterprise use Markku Rantala Helsinki University of Technology Department of Electrical and Communications Engineering Markku.Rantala@spiritco.com Abstract A modern enterprise IT
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationRoute Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks
Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks Jaehoon Jeong, Kyeongjin Lee, Jungsoo Park, Hyoungjun Kim Protocol Engineering Center, ETRI, 161 Gajeong-dong Yuseong-gu, Daejeon,
More information312 D.B. Johnson /Scalable support for transparent mobile host internetworking work, it is then delivered to the correct individual host on that netwo
Wireless Networks 1 (1995) 311^321 311 Scalable support for transparent mobile host internetworking 3 David B. Johnson Computer Science Department, Carnegie Mellon University, Pittsburgh, PA, USA Abstract.
More informationA Design of Distributed Data Traffic Algorithm based on Hierarchical Wireless/Mobile Networks
, pp.147-151 http://dx.doi.org/10.14257/astl.2015.117.35 A Design of Distributed Data Traffic Algorithm based on Hierarchical Wireless/Mobile Networks Ronnie Caytiles, Seungyong Shin, Minji Yang and Byungjoo
More informationMobile IP. Mobile IP 1
Mobile IP Mobile IP 1 Motivation for Mobile IP Routing based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet change of physical subnet implies change of IP address
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationMobile IPv6 Overview
Sungkyunkwan University Prepared by H. Choo Copyright 2000-2018 Networking Laboratory Lecture Outline Network Layer Mobile IPv6 Proxy Mobile IPv6 Networking Laboratory 2/87 Sungkyunkwan University Network
More informationAn Efficient Correspondent Registration to Reduce Signaling Overheads for Proxy Mobile IPv6
IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.9, September 2007 187 An Efficient Correspondent Registration to Reduce Signaling Overheads for Proxy Mobile IPv6 Pyung-Soo
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationIP Mobility vs. Session Mobility
IP Mobility vs. Session Mobility Securing wireless communication is a formidable task, something that many companies are rapidly learning the hard way. IP level solutions become extremely cumbersome when
More informationAn Analysis of the Flow-Based Fast Handover Method for Mobile IPv6 Network. Jani Puttonen, Ari Viinikainen, Miska Sulander and Timo Hämäläinen
An Analysis of the Flow-Based Fast Handover Method for Mobile IPv6 Network Jani Puttonen, Ari Viinikainen, Miska Sulander and Timo Hämäläinen Emails: janput@cc.jyu.fi, arjuvi@mit.jyu.fi, sulander@cc.jyu.fi,
More informationMobile Communications Chapter 8: Network Protocols/Mobile IP
Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Data transfer, Encapsulation Security, IPv6, Problems Micro mobility support DHCP Ad-hoc networks, Routing protocols Prof. Jó Ueyama
More informationVPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009
VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A
More informationCSE 4215/5431: Mobile Communications Winter Suprakash Datta
CSE 4215/5431: Mobile Communications Winter 2013 Suprakash Datta datta@cse.yorku.ca Office: CSEB 3043 Phone: 416-736-2100 ext 77875 Course page: http://www.cse.yorku.ca/course/4215 Some slides are adapted
More informationIPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationNEMO-based Mobility Management in LISP Network
2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP) NEMO-based Mobility Management in LISP Network Yizhen Wu, Ke Chen, Kaiping Xue, Dan Ni The Department of EEIS,
More informationMobility in IPv6 Standards and Upcoming Trends. Thomas C. Schmidt HAW Hamburg & link-lab
Mobility in IPv6 Standards and Upcoming Trends Thomas C. Schmidt t.schmidt@ieee.org HAW Hamburg & link-lab Agenda Motivation Mobility Paradigm & Target Applications Key Issues & Approaches Limits of MIPv4
More informationRemote DLNA Communication System Based on NTMobile
Remote Communication System Based on obile Kohei SHIMIZU, Hidekazu SUZUKI and Akira WATANABE Graduate School of Science and Technology Meijo University Aichi, Japan 468-8502 Katsuhiro NAITO Graduate School
More informationInternet Engineering Task Force (IETF) Request for Comments: 6612 Category: Informational May 2012 ISSN:
Internet Engineering Task Force (IETF) G. Giaretta, Ed. Request for Comments: 6612 Qualcomm Category: Informational May 2012 ISSN: 2070-1721 Interactions between Proxy Mobile IPv6 (PMIPv6) and Mobile IPv6
More informationA Mobile Host Protocol Supporting Route Optimization and Authentication
IEEE Journal on Selected Areas in Communications, special issue on Mobile and Wireless Computing Networks, 13(5):839 849, June 1995. c IEEE. A Mobile Host Protocol Supporting Route Optimization and Authentication
More informationInternet Engineering Task Force (IETF) Request for Comments: 8191 Category: Standards Track. X. Lee CNNIC. August 2017
Internet Engineering Task Force (IETF) Request for Comments: 8191 Category: Standards Track ISSN: 2070-1721 Z. Yan CNNIC J. Lee Sangmyung University X. Lee CNNIC August 2017 Abstract Home Network Prefix
More informationPlanning for Information Network
Planning for Information Network Lecture 7: Introduction to IPv6 Assistant Teacher Samraa Adnan Al-Asadi 1 IPv6 Features The ability to scale networks for future demands requires a limitless supply of
More informationIPsec NAT Transparency
sec NAT Transparency First Published: November 25, 2002 Last Updated: March 1, 2011 The sec NAT Transparency feature introduces support for Security (sec) traffic to travel through Network Address Translation
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationIPv6 migration challenges and Security
IPv6 migration challenges and Security ITU Regional Workshop for the CIS countries Recommendations on transition from IPv4 to IPv6 in the CIS region, 16-18 April 2014 Tashkent, Republic of Uzbekistan Desire.karyabwite@itu.int
More informationOPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS
OPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS Sandro Grech Nokia Networks (Networks Systems Research) Supervisor: Prof. Raimo Kantola 1 SANDRO GRECH - OPTIMIZING MOBILITY MANAGEMENT IN
More informationNetwork Working Group. Category: Informational February 1997
Network Working Group K. Hamzeh Request for Comments: 2107 Ascend Communications Category: Informational February 1997 Status of this Memo Ascend Tunnel Management Protocol - ATMP This memo provides information
More informationROUTE OPTIMIZATION EXTENSITON FOR THE MOBILE INTERNET PROTOCOL IN LINUX
ROUTE OPTIMIZATION EXTENSITON FOR THE MOBILE INTERNET PROTOCOL IN LINUX ABSTRACT The base Mobile Internet Protocol (Mobile IP) provides a means for portable computers to roam freely, changing its point
More information