Credit-Based Authorization for HIP Mobility
|
|
- Dylan Booth
- 5 years ago
- Views:
Transcription
1 Credit-Based Authorization for HIP Mobility draft-vogt-hip-credit-based-authorization Christian Vogt, HIP Working Group Meeting, IETF 62 Minneapolis, MN, March 9, 2005 Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 1
2 HIP Mobility Management Mobile Detach Attach Update [ Loc ] Update [ Echo Resp ] Update [ Echo Req ] New Loc known but unverified New Loc known and verified draft-ietf-hip-mm Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 2
3 Why Do We Need Reachability Verification? Because of redirection-based flooding attacks Here, the attacker initiates download from CN redirects packets to a victim spoofs acknowledgments Attacker Reachability verification precludes this Victim Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 3
4 Some Observations What makes redirection-based flooding attractive? High potential for amplification (CN generates packets; attacker just spoofed Acks, if at all) Any IP node can be the victim Presumably plenty available CN's (that can be tricked into assisting in the attack) Easy set-up, no viral code distribution (in contrast to many conventional DoS attacks) Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 4
5 Some Observations HIP provides authentication, but Authentication does not imply security against flooding (Attacker can authenticate, because it redirects its own packets) Security against flooding not necessarily requires authentication Authentication alone may not be a discouragement Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 5
6 Other Protection Mechanisms Trusting MN's Administrative relationship may imply trust (Home Agent in MIPv6, CN in MIPv6 with pre-computed binding keys) Ingress filtering Does not protect a network from a flooding attack, but prevents initiation of a flooding attack from a certain network Depends on wide, preferably universal deployment Currently questionable whether this is the case today Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 6
7 How HIP Mobility Management Performs Mobile Detach Attach Last packet 2 RTT First packet draft-ietf-hip-mm Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 7
8 How Can This Be Optimized? Idea: CN uses address while unverified and protects period of vulnerability Option 1: Lifetime restriction Disable unverified address after X seconds Easy to implement, but little secure (Attacker could re-register unverified address, or toggle btw. verified/unverified addresses) Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 8
9 How Can This Be Optimized? Option 2: Heuristics must be rigid enough to recognize attacks early on, but must not cause immature sanctions on upright MN's Upright MN's may look like attackers from remote (E.g., new address may become stale before getting verified) Appropriate heuristics may not be easy to find Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 9
10 How Can This Be Optimized? Option 3: Credit-Based Authorization Recall: amplification makes redirection-based flooding attractive CBA prevents amplification, not misdirection per se Rationale: No amplification redirection-based flooding unattractive because other attack strategies are simpler do not require authentication may even have some amplification Examples are direct flooding, TCP-SYN spoofing Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 10
11 Credit-Based Authorization Mobile Acquires credit by sending pkts. Consumes credit for being sent pkts. to unverified addr. Maintains credit account Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 11
12 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 12
13 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 13
14 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 14
15 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 15
16 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 16
17 Credit-Based Authorization Mobile Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 17
18 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 18
19 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 19
20 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 20
21 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 21
22 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 22
23 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown! Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 23
24 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 24
25 Credit-Based Authorization Mobile Detach Attach Loc unverified Signaling not shown Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 25
26 How About Time-Shifting Attacks? How can an attacker prevented from accumulating credit over a long time at a slow rate, and using this credit all at once Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 26
27 How About Time-Shifting Attacks? Solution: Age existing credit ("negative interests") Credit Aging prevents time-shifting CN learns new Loc New Loc unverified New Loc becomes verified Time Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 27
28 How About Asymmetric Traffic? Issue: Applications with asymmetric traffic patterns MN may not be able to collect sufficient credit Option 1: Aging allows for asymmetry May limit supported applications Option 2: Credit for packet reception and processing Requires feedback mechanism for CN IP-address spot checks (in-band reachability verification) Optional, not presented here Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 28
29 How Much Do We Benefit? draft-ietf-hip-mm Credit-Based Authorization Mobile Mobile Last packet Last packet 2 RTT 1 RTT First packet First packet Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 29
30 Conclusions Credit-Based Authorization prevents amplified, redirection-based flooding attacks allows CN to use unverified locators reduces handover-signaling delays by 1 RTT is transparent to MN Implementation exists for Mobile IPv6 Binding Cache holds per-mn variables Modifications only minor Similar integration possibilities in HIP Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 30
31 Conclusions Interest to the WG? Possibly after base specification published? As part of the MM document? (Might make sense to optimize MM right away rather than through an optional extension ) Christian Vogt, Research Institute of Telematics, University of Karlsruhe, Germany 31
to-end Mobility Support: Combining Security and Efficiency Christian Vogt,
End-to to-end Mobility Support: Combining Security and Efficiency Christian Vogt, chvogt@tm.uka.de NEC Europe, Network Laboratories, Heidelberg September 16, 2004 Christian Vogt, Research Institute of
More informationCredit-Based Authorization
Credit-Based Authorization draft-vogt-mipv6-credit-based-authorization Christian Vogt, chvogt@tm.uka.de Jari Arkko, jari.arkko@nomadiclab.com Roland Bless, bless@tm.uka.de Mark Doll, doll@tm.uka.de Tobias
More informationCredit-Based Authorization for Concurrent IP-Address Tests
Credit-Based Authorization for Concurrent IP-Address Tests Christian Vogt Institute of Telematics, University of Karlsruhe, Germany Email: chvogt@tm.uka.de Abstract Route optimization enables mobile nodes
More informationNetwork Working Group. Category: Standards Track Universitaet Karlsruhe (TH) W. Haddad Ericsson Research May 2007
Network Working Group Request for Comments: 4866 Category: Standards Track J. Arkko Ericsson Research NomadicLab C. Vogt Universitaet Karlsruhe (TH) W. Haddad Ericsson Research May 2007 Status of This
More informationEarly Binding Updates for Mobile IPv6
Early Binding Updates for Mobile IPv6 Christian Vogt, Roland Bless, Mark Doll, Tobias Kuefner Institute of Telematics, University of Karlsruhe, Germany Email: {chvogt bless doll kuefner}@tm.uka.de Abstract
More informationNETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt
Draft summary Reviewers' comments Mailing-list discussion NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt New Terminology 1 MN authentication: Initial authentication of
More informationSecurity Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
More informationMobile IPv6 in 6NET: An Overview. Chris Edwards, Lancaster University, UK
Mobile IPv6 in 6NET: An Overview Chris Edwards, Lancaster University, UK Summary Mobile IPv6 Overview Status of the Protocol Available Implementations Deployment in 6NET Trials and Testing MIPv6++ Related
More informationNetwork Working Group. Category: Informational Ericsson Research NomadicLab February 2007
Network Working Group Request for Comments: 4651 Category: Informational C. Vogt Universitaet Karlsruhe (TH) J. Arkko Ericsson Research NomadicLab February 2007 Status of This Memo A Taxonomy and Analysis
More informationAn Analysis of the Flow-Based Fast Handover Method for Mobile IPv6 Network. Jani Puttonen, Ari Viinikainen, Miska Sulander and Timo Hämäläinen
An Analysis of the Flow-Based Fast Handover Method for Mobile IPv6 Network Jani Puttonen, Ari Viinikainen, Miska Sulander and Timo Hämäläinen Emails: janput@cc.jyu.fi, arjuvi@mit.jyu.fi, sulander@cc.jyu.fi,
More informationTCP Modifications for Congestion Exposure
TCP Modifications for Congestion Exposure ConEx 87. IETF Berlin July 27, 2013 draft-ietf-conex-tcp-modifications-04 Mirja Kühlewind Richard Scheffenegger
More informationRequest for Comments: T. Aura Microsoft Research G. Montenegro Microsoft Corporation E. Nordmark Sun Microsystems December 2005
Network Working Group Request for Comments: 4225 Category: Informational P. Nikander J. Arkko Ericsson Research NomadicLab T. Aura Microsoft Research G. Montenegro Microsoft Corporation E. Nordmark Sun
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationPMIPv6 PROXY MOBILE IPV6 OVERVIEW OF PMIPV6, A PROXY-BASED MOBILITY PROTOCOL FOR IPV6 HOSTS. Proxy Mobile IPv6. Peter R. Egli INDIGOO.COM. indigoo.
PMIPv6 PMIPv6 Proxy Mobile IPv6 PROXY MOBILE IPV6 OVERVIEW OF PMIPV6, A PROXY-BASED MOBILITY PROTOCOL FOR IPV6 HOSTS Peter R. Egli INDIGOO.COM 1/25 Contents 1. Why PMIPv6 when we have MIP? 2. PMIPv6 terminology
More informationT Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.
T-0.50 Computer Networks II Mobility Issues 6.0.008 Overview Mobile IP NEMO Transport layer solutions i SIP mobility Contents Prof. Sasu Tarkoma Mobility What happens when network endpoints start to move?
More informationAn Analysis of Fast Handover Key Distribution Using SEND in Mobile IPv6
An Analysis of Fast Handover Key Distribution Using SEND in Mobile IPv6 Chris Brigham Tom Wang March 19, 2008 Abstract In Mobile IPv6 with Fast Handovers, a key is distributed to a mobile node from its
More informationMobile IPv6 Overview
Sungkyunkwan University Prepared by H. Choo Copyright 2000-2018 Networking Laboratory Lecture Outline Network Layer Mobile IPv6 Proxy Mobile IPv6 Networking Laboratory 2/87 Sungkyunkwan University Network
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationA new protocol for location management in Mobile IPv6
A new protocol for location management in Mobile IPv6 Christian Veigner 1 and Chunming Rong Stavanger University College Box 8002, 4068 Stavanger, Norway christian.veigner@his.no, chunming.rong@his.no
More informationA MIPv6-based multi-homing solution
Marcelo Bagnulo, Alberto García-Martínez, Ignacio Soto, Arturo Azcorra Abstract--Global adoption of IPv6 requires the provision of a scalable support for multi-homed sites. This article proposes a multi-homing
More informationCSE 123A Computer Netwrking
CSE 123A Computer Netwrking Winter 2005 Mobile Networking Alex Snoeren presenting in lieu of Stefan Savage Today s s issues What are implications of hosts that move? Remember routing? It doesn t work anymore
More informationExtended Correspondent Registration Scheme for Reducing Handover Delay in Mobile IPv6
Extended Correspondent Registration Scheme for Reducing Handover Delay in Mobile IPv6 Ved P. Kafle Department of Informatics The Graduate University for Advanced Studies Tokyo, Japan Eiji Kamioka and Shigeki
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master
More informationNetwork Address Translators (NATs) and NAT Traversal
Network Address Translators (NATs) and NAT Traversal Ari Keränen ari.keranen@ericsson.com Ericsson Research Finland, NomadicLab Outline Introduction to NATs NAT Behavior UDP TCP NAT Traversal STUN TURN
More informationLECTURE 8. Mobile IP
1 LECTURE 8 Mobile IP What is Mobile IP? The Internet protocol as it exists does not support mobility Mobile IP tries to address this issue by creating an anchor for a mobile host that takes care of packet
More informationA Ticket Based Binding Update Authentication Method for Trusted Nodes in Mobile IPv6 Domain
A Ticket Based Binding Update Authentication Method for Trusted Nodes in Mobile IPv6 Domain Ilsun You School of Information Science, Korean Bible University, 205 Sanggye-7 Dong, Nowon-ku, Seoul, 139-791,
More informationInternet Engineering Task Force (IETF) Ericsson July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6275 Obsoletes: 3775 Category: Standards Track ISSN: 2070-1721 C. Perkins, Ed. Tellabs, Inc. D. Johnson Rice University J. Arkko Ericsson July
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationNetwork Security. Security of Mobile Internet Communications. Chapter 17. Network Security (WS 2002): 17 Mobile Internet Security 1 Dr.-Ing G.
Network Security Chapter 17 Security of Mobile Internet Communications Network Security (WS 2002): 17 Mobile Internet Security 1 Motivation for Mobile IP Routing in the Internet: Based on IP destination
More informationdraft-ietf-mipshop-cga-cba Status Update
draft-ietf-mipshop-cga-cba Status Update Jari Arkko, Christian Vogt, Wassim Haddad Acknowledgment 1 Several excellent reviews. Thanks! James Kempf Vidya Narayanan Lakshminath Dondeti Zhen Cao Previous
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationSingle Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking
1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate
More informationBasic NAT Example Security Recitation. Network Address Translation. NAT with Port Translation. Basic NAT. NAT with Port Translation
Basic Example 6.829 Security Recitation Rob Beverly November 17, 2006 Company C 10k machines in 128.61.0.0/16 ISP B 128.61.23.2 21.203.19.201 128.61.19.202 21.203.19.202 Network Address
More informationMobile IP version 6 (MIPv6) Route Optimization Security Design
IP version 6 (MIPv6) Route Optimization Security Design Pekka Nikander Jari Arkko Ericsson Research NomadicLab Hirsalantie FIN-02420 JORVAS, Finland Tuomas Aura Microsoft Research Cambridge 7 J J Thomson
More informationCross-over Mobility Anchor Point based Hierarchical Mobility Management Protocol for Mobile IPv6 Network
Cross-over Mobility Anchor Point based Hierarchical Mobility Management Protocol for Mobile IPv6 Network A.K.M. Mahtab Hossain & Kanchana Kanchanasut Internet Education and Research Laboratory Asian Institute
More informationNetwork Security: Security of Internet Mobility. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: Security of Internet Mobility Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline Mobile IPv6 Return routability test Address and identifier ownership Cryptographically
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationNetwork PMIP Support COPYRIGHT. 3GPP2 X.S Version 1.0 Date: December 5, 2008
GPP X.S00-0 Version.0 Date: December, 00 COPYRIGHT GPP and its Organizational Partners claim copyright in this document and individual Organizational Partners may copyright and issue documents or standards
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationSCTP: An innovative transport layer protocol for the web
SCTP: An innovative transport layer protocol for the web (Position paper) P. Natarajan, J. Iyengar, P. Amer, & R. Stewart 1 HTTP over TCP Transmission Control Protocol (TCP) has been the default transport
More informationEnterasys 2B Enterasys Certified Internetworking Engineer(ECIE)
Enterasys 2B0-104 Enterasys Certified Internetworking Engineer(ECIE) http://killexams.com/exam-detail/2b0-104 QUESTION: 62 As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning
More informationgenerated, it must be associated with a new nonce index, e.g., j. CN keeps both the current value of N j and a small set of previous nonce values, N j
Authenticated Binding Update in Mobile IPv6 Networks Qiu Ying Institute for Infocomm Research Singapore qiuying@i2r.a-star.edu.sg Bao Feng Institute for Infocomm Research Singapore baofeng@i2r.a-star.edu.sg
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationCommunications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage
CSE 123b CSE 123b Communications Software Spring 2003 Lecture 10: Mobile Networking Stefan Savage Quick announcement My office hours tomorrow are moved to 12pm May 6, 2003 CSE 123b -- Lecture 10 Mobile
More informationQuick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003
CSE 123b Communications Software Quick announcement My office hours tomorrow are moved to 12pm Spring 2003 Lecture 10: Mobile Networking Stefan Savage May 6, 2003 CSE 123b -- Lecture 10 Mobile IP 2 Last
More informationMulticast operational concerns
Multicast operational concerns John Kristoff jtk@northwestern.edu http://aharp.ittns.northwestern.edu +1 847 467 5878 Northwestern University Evanston, IL 60208 DPU CTI Seminar John Kristoff Northwestern
More informationADX Software Updates and the Application Resource Broker (ARB) Introduction
ADX Software Updates and the Application Resource Broker (ARB) Introduction Objectives Upon completion of this module, you will be able to: Discuss ADX licensing Describe the Application Resource Broker
More informationFlashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities
Flashback.. Internet design goals Security Part One: Attacks and Countermeasures 15-441 With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar 15-411: F08 security 1 1. Interconnection 2. Failure resilience
More informationBest Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies
Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies In order to establish a TCP connection, the TCP three-way handshake must be completed. You can use different accept policies
More informationIntroduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology
2005 / High Speed Networks II Outline Introduction Mobility Support Overview of IPv6 Mobility Support Handover Management Mobility Support What means Mobility Support? allow transparent routing of IPv6
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationTCP modifications for Congestion Exposure
TCP modifications for Congestion Exposure ConEx 81. IETF Quebec July 27, 2011 draft-kuehlewind-conex-accurate-ecn-00 draft-kuehlewind-conex-tcp-modifications-00 Mirja Kühlewind
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Stefan Savage Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to
More informationQuick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to be part of the
More informationThe Shim6 Architecture for IPv6 Multihoming
ACCEPTED FROM OPEN CALL The Shim6 Architecture for IPv6 Multihoming Alberto García-Martínez and Marcelo Bagnulo, Universidad Carlos III de Madrid Iljitsch van Beijnum, IMDEA Networks ABSTRACT The Shim6
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationNetwork Security. Tadayoshi Kohno
CSE 484 (Winter 2011) Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationIPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
More informationIPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping
The feature bundles several Layer 2 IPv6 first-hop security features, including IPv6 neighbor discovery inspection, IPv6 device tracking, IPv6 address glean, and IPv6 binding table recovery, to provide
More informationDenial of Service. Serguei A. Mokhov SOEN321 - Fall 2004
Denial of Service Serguei A. Mokhov SOEN321 - Fall 2004 Contents DOS overview Distributed DOS Defending against DDOS egress filtering References Goal of an Attacker Reduce of an availability of a system
More informationCS670: Network security
Cristina Nita-Rotaru CS670: Network security ARP, TCP 1: Background on network protocols OSI/ISO Model Application Presentation Session Transport Network Data Link Physical Layer Application Presentation
More informationProxy Mobile IPv6 (PMIPv6)
Proxy Mobile IPv6 (PMIPv6) Youn-Hee Han yhhan@kut.ac.kr Korea University of Technology and Education Internet Computing Laboratory http://icl.kut.ac.kr Outline Background PMIPv6 (Proxy Mobile IPv6) Overview
More informationThreat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
Threat Pragmatics 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 Target Many sorts of targets: Network infrastructure Network services Application services User
More informationMobile Internet Protocol v6 MIPv6
Mobile Internet Protocol v6 MIPv6 A brief introduction Holger.Zuleger@hznet.de 13-dec-2005 Holger Zuleger 1/15 > c Defined by MIPv6 RFC3775: Mobility Support in IPv6 (June 2004) RFC3776: Using IPsec to
More informationComparision study of MobileIPv4 and MobileIPv6
Comparision study of MobileIPv4 and MobileIPv6 Dr. Sridevi Assistant Professor, Dept. of Computer Science, Karnatak University,Dharwad Abstract: IPv4 is being replaced by IPv6 due to the increased demand
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2014 www.cs.cmu.edu/~prs/15-441-f14 Yes: Creating a secure channel for communication (Part I) Protecting
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationFast handoff for Mobile IP and Link Layer Triggers
Fast handoff for Mobile IP and Link Layer Triggers Gang Wu and Alper egin DoCoMo USA Labs Slide1 Overview Handover events necessitate both networklayer and lower layers actions Network-layer needs information
More informationOn using Mobile IP Protocols
Journal of Computer Science 2 (2): 211-217, 2006 ISSN 1549-3636 2006 Science Publications On using Mobile IP Protocols Fayza A. Nada Faculty of Computers and Information, Suez Canal University, Ismailia,
More informationNetwork-Assisted MPTCP
IETF 98 th Network-Assisted IETF#98, Chicago, March 2017 M. Boucadair (Orange) C. Jacquenet (Orange) O. Bonaventure (Tessares) W. Henderickx (ALU/Nokia) R. Skog (Ericsson) D. Behaghel (OneAccess) S. Secci
More informationMultihoming for Mobile IPv6
Multihoming for Mobile IPv6 Deguang Le 1 Outline Multihoming Overview Mulihoming and Mobility Mulithoming for Mobile IPv6 Conclusions and Discussion 2 Multihoming Overview What is Multihoming? Multihoming
More informationP A R T T W O MOBILE IPv6
P A R T T W O MOBILE IPv6 Mobile IPv6 T H R E E Consider a scenario where you had to change your place of residence on a semipermanent basis, for instance, due to relocation of your company. One problem
More informationExperimental Evaluation of Proxy Mobile IPv6: an Implementation Perspective
Experimental Evaluation of Proxy Mobile IPv6: an Implementation Perspective Giuliana Iapichino and Christian Bonnet Mobile Communications Department Eurecom Sophia Antipolis, France {Giuliana.Iapichino,
More informationRequest for Comments: Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009
Network Working Group Request for Comments: 5648 Category: Standards Track R. Wakikawa, Ed. Toyota ITC V. Devarapalli Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009 Multiple
More informationNovel web agent framework to support seamless mobility for data networks Y.-J. Lee 1 D.-W. Lee 2 M. Atiquzzaman 3
Published in IET Communications Received on 11th December 2008 Revised on 20th March 2009 ISSN 1751-8628 Novel web agent framework to support seamless mobility for data networks Y.-J. Lee 1 D.-W. Lee 2
More informationDenial of Service (DoS) attacks and countermeasures
Dipartimento di Informatica Università di Roma La Sapienza Denial of Service (DoS) attacks and countermeasures Definitions of DoS and DDoS attacks Denial of Service (DoS) attacks and countermeasures A
More informationInternet Engineering Task Force (IETF) Request for Comments: 6279 Category: Informational ISSN: Q. Wu Huawei June 2011
Internet Engineering Task Force (IETF) Request for Comments: 6279 Category: Informational ISSN: 2070-1721 M. Liebsch, Ed. NEC S. Jeong ETRI Q. Wu Huawei June 2011 Abstract Proxy Mobile IPv6 (PMIPv6) Localized
More informationMobility vs Multihoming
Mobility vs Multihoming Naveen Gundu Helsinki University of Technology Telecommunications Software and Multimedia Laboratory naveen@cc.hut.fi Abstract In current scenario, use of mobile and Internet has
More informationA Hybrid Load Balance Mechanism for Distributed Home Agents in Mobile IPv6
A Hybrid Load Balance Mechanism for Distributed Home Agents in Mobile IPv6 1 Hui Deng 2Xiaolong Huang 3Kai Zhang 3 Zhisheng Niu 1Masahiro Ojima 1R&D Center Hitachi (China) Ltd. Beijing 100004, China 2Dept.
More informationMobile IP and Mobile Transport Protocols
Mobile IP and Mobile Transport Protocols 1 IP routing Preliminaries Works on a hop-by-hop basis using a routing table 32 bits: 129.97.92.42 Address = subnet + host (Mobility No packet for you) Two parts»
More informationHost Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6
Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 by Pekka Nikander, Andrei Gurtov, and Thomas R. Henderson Johannes Bachhuber Jacobs University
More informationExit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz Presented By : Richie Noble Distributed Denial-of-Service (DDoS) Attacks
More informationIPv6- IPv4 Threat Comparison v1.0. Darrin Miller Sean Convery
IPv6- IPv4 Threat Comparison v1.0 Darrin Miller dmiller@cisco.com Sean Convery sean@cisco.com Motivations Discussions around IPv6 security have centered on IPsec Though IPsec is mandatory in IPv6, the
More informationTCP modifications for Congestion Exposure
TCP modifications for Congestion Exposure ConEx 82. IETF Taipei November 17, 2011 draft-kuehlewind-conex-tcp-modifications-01 Mirja Kühlewind Richard Scheffenegger
More informationA Global Mobility Scheme for Seamless Multicasting in Proxy Mobile IPv6 Networks
ICACT Transactions on on the Advanced Communications Technology (TACT) Vol. Vol. 2, 2, Issue Issue 3, 3, May May 2013 2013 233 A Global Mobility Scheme for Seamless Multicasting in Proxy Mobile IPv6 Networks
More informationTCP Extended Option Space in the Payload of a Supplementary Segment
TCP Extended Option Space in the Payload of a Supplementary Segment draft-touch-tcpm-tcp-syn-ext-opt-00 Jul 14, IETF 90 - Toronto Joe Touch, USC/ISI Bob Briscoe, BT (presenter) Ted Faber, USC/ISI 13:37
More informationMohammad Hossein Manshaei 1393
Mohammad Hossein Manshaei manshaei@gmail.com 1393 Mobile IP 2 Mobile Network Layer: Problems and Concerns Entities and Terminology in Mobile IP Mobile Indirect Routing Mobile IP Agent Advertisement Registration
More informationOPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS
OPTIMIZING MOBILITY MANAGEMENT IN FUTURE IPv6 MOBILE NETWORKS Sandro Grech Nokia Networks (Networks Systems Research) Supervisor: Prof. Raimo Kantola 1 SANDRO GRECH - OPTIMIZING MOBILITY MANAGEMENT IN
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationMOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS
MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS Albert Cabellos-Aparicio and Jordi Domingo-Pascual * Technical University of Catalonia, Department of Computer Architecture
More informationThis chapter introduces protocols and mechanisms developed for the network
Mobile network layer 8 This chapter introduces protocols and mechanisms developed for the network layer to support mobility. The most prominent example is Mobile IP, discussed in the first section, which
More informationSeamless Handover Scheme for Proxy Mobile IPv6
IEEE International Conference on Wireless & Mobile Computing, Networking & Communication Seamless Handover Scheme for Proxy Mobile IPv6 Ju-Eun Kang 1, Dong-Won Kum 2, Yang Li 2, and You-Ze Cho 2 1 LGDACOM
More informationCharles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo
IETF Mobile IP Working Group INTERNET-DRAFT David B. Johnson Rice University Charles Perkins Nokia Research Center 2 July 2000 Mobility Support in IPv6 Status of This
More information