Introduction: Mobile IP Overview An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. So, in simple words each device connected to a network is addressed through ip address. Suppose, we all have a specific address for our residence; now any kind of letters or parcels are delivered to us at that specific address. But now consider, a person changes its location for certain period of time and in the mean time a letter is arrived at his previous address. Now the question is how the person receives that letter at his or her current location and simultaneously hiding the fact from the sender that he or she is not present at residence. When a device is mobile it changes its location frequently (roaming) i.e. the ip address is also changed. During this roaming period, if a packet is needed to be delivered then how that mobile device will receive that packet successfully without changing its ip address; this is the basic concept of mobile IP. A few points regarding mobile IP: Allows user to keep same IP address, stay connected & maintain ongoing applications while roaming between different IP Networks. Based on IP so any media that can support IP can also support Mobile IP It provides Mobility Transparency over IP to higher level protocols like TCP (TCP/MobileIP). It allows transparent routing of IP datagram to and from Mobile devices over IP network. Why Mobile IP: IP determines next hop for an IP Packet by using the Destination IP within the packet and a Routing Algorithm. Thus IP Address must be changed whenever a Device changes its point of attachment to the IP Network. TCP maintains connections that are indexed by a quadruplet <Source IP, Source Port, Destination IP, Destination Port> Thus IP Address must not be changed to maintain TCP connections. Mobile IP is the Solution.
How Mobile IP Works? Mobile Node à Host/Router that can change its point of attachment to the IP Network. Home Address à Static IP Address for a Mobile Host. Home Network à The Network, possibly virtual, whose Network ID matches with that of a Mobile Host s Home Address. Home Agent à A router on the Mobile Host s Home Networks that is responsible maintaining the current location of a Mobile Host when it is away from the Home Network and for forwarding IP traffic to that Mobile Host Foreign Network à A network that a Mobile Host visits when away from its Home Network. Care-of Address à A temporary IP Address that is assigned to a Mobile Host when it visits a Foreign Network. Foreign Agent à A router on the Mobile Host s Foreign Network that provides routing service to the Mobile Node while registered. Correspondent Node à A peer host with which a Mobile Host is communicating. It may be mobile or stationary. Figure 1: a node is attached to its home network.
Figure 2: Now the node changes its location and connects with foreign network. Working of Mobile IP: The Mobile IP works in three main phases: 1. Agent Discovery: A Mobile Node discovers its Home Agent & Foreign Agent 2. Registration: 3. Tunneling: Agent Discovery: The Mobile Node registers its current location with Foreign Agent & Home Agent A reciprocal tunnel is setup by the Home Agent to the Care-of Address to route packets to the Mobile Node as it roams. Mobility agents advertise their presence by periodically broadcasting Agent Advertisement messages using ICMP Router Discovery Protocol (IRDP). The message consists of IP address of the router. Zero or more advertised Care-of Addresses. Each agent provides their own care of addresses which a node can take.
Some additional information. The Mobile Node listens to these advertisements to determine if it is connected to its home network or foreign network. If the Network Id of the advertised IP Address matches with that of the Home Address, then it is in Home Network otherwise in Foreign Network. Move Detection: The mobile node may move from one network to another without the IP level being aware of it. The Agent Discovery process enables the agent to detect such a move. The agent use one of the following two algorithms for the purpose. Use of Lifetime Field: After receiving the message the node use the Lifetime field as a Timer. If the timer expires before the next advertisement, the node assumes that it has lost contact with the agent. If, in the meantime, the node receives an advertisement from another agent then it registers with the new agent. Otherwise it uses Agent Solicitation to find an Agent Use of Network Prefix: Types of Care-of Address: It the Network Id of a newly received Advertisement doesn t match with the current Care-of address then it assumes that it have moved to another network and registered accordingly. Foreign agent Provided Care-of Address: The Care-of address is an IP address for the Foreign agent Thus the Foreign Agent will receive any packet intended for the Mobile Host and will forward it to that Host. Co-Located Care-of Address: Co-Located Care-of Address is required if there are no Foreign Agent in the Network or all the Foreign Agents are busy. Co-Located Care-of Address can be obtained by DHCP or by an IP address owned by the Mobile Host for Foreign Networks i.e. through some special techniques a mobile node also gets its care of address if agent does not provide that.
Registration: If a mobile node discovers that it is on the Home Network, it operates without any mobility services. If the mobile node discovers that it is on a Foreign Network, it registers with the foreign agent by sending a Registration Request message During registration, Mobile node may request for simultaneous binding i.e. it requests that the Home agent should retain its previous binding. This is very useful during handoff to improve reliability. The Foreign Agent relays the request to the Mobile Node s Home Agent. The Home Agent accept or deny the request and sends a Registration Reply message to the Foreign Agent The Foreign Agent relays the Reply message back to the Mobile Node. If the Registration is successful, the Home Agent inserts or updates its Mobility Binding Table. Figure 3: representation of Mobility Binding Table. A mobile node whose home address is 131.193.171.2 after changing its location the node is registered with care of address 119.123.56.78 and lifetime represents the validity of registration. After 150 seconds node again re register with a care of address. If the Registration is successful, the Foreign Agent inserts or updates its Visitor List Table Tunneling: Figure 4: Visitor List Table In Mobile IP, the Correspondent Node sends IP datagram to the Home Address. The IP datagram is captured by the Home Agent.
Whenever a Mobile Node chooses a Home Agent, the agent inform all other nodes in that network that any datagram destined to that Mobile Node should be delivered to that agent. The Home Agent checks its Mobility Binding Table to find the Care-of Address of the Node if it is visiting a Foreign Network. The Home Agent encapsulates the IP datagram within another IP destined to the Care-of Address. If the Node uses Foreign Agent provided Care-of Address then the destination will be the Foreign Agent. If the Node uses Co-located Care-of Address then the destination will be the Node itself. The receiver (Foreign Agent or the Node) decapsulates the datagram and forward the original IP datagram to the Node. This process of encapsulation and decapsulation of a datagram is frequently referred to as Tunneling". Sequential steps for packet delivery: Step 1: Correspondent Home agent node Figure 5: correspondent node sends packet to home agent Step 2: Home agent Foreign Figure 6: The Home Agent puts IP datagram into another envelop whose agent destination address is care of address and sends to foreign Agent. Step 3: Foreign agent Mobile node
Figure 7: Foreign Agent takes out the upper envelope and deliver the original datagram to the destined node. Types of Attacks in Mobile IP: Denial-of-Service Attack: An Intruder modifies or generates a wrong Registration Request Message specifying his own IP Address to be the Care-of Address of a Mobile Node. Thus all the traffic for the Mobile Node will be forwarded to the Intruder. Replay Attack: An Intruder may obtain a copy of a valid Registration Request from a Mobile Node, store it and then Replay it at latter time frequently. Thus effectively cutting the Mobile Node from the Network. Solution: Denial-of-Service Attack Each Registration Request & Reply message contains an Authentication Extension. Figure 8: Authentication Extension of Request & Reply message The Authenticator allows the Home Agent to deny the service if the Registration Request Message is modified (Checking for Integrity). This is done via generating hash value for every message. Hash value is the small representation of large data. For example, hash value of 12345 may be 6 [1+2+3+4+5=15; 1+5= 6]. If sender concats the hash value with that message, then in receiver side it can be easily checked wheather the data is modified or not because if intruder modifies the data then hash value will differ. Figure 9: message integrity checking.
Solution: Replay Attack The Identification field in Registration Request message is implemented with a Pseudo Random Sequences. Pseudo-random numbers are generated by software functions. They are referred to as "pseudo-random" because the sequence of numbers is deterministic. Given a particular function and a "seed" value, the same sequence of numbers will be generated by the function. The next sequence or the function is unknown to the Intruder. Effectively the Home Agent will throw the request from the Intruder as it contains a wrong sequence number. Thus replay attack can be controlled. References: IETF RFC 3344 IETF RFC 4721