A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks

Similar documents
generated, it must be associated with a new nonce index, e.g., j. CN keeps both the current value of N j and a small set of previous nonce values, N j

Mobile IP version 6 (MIPv6) Route Optimization Security Design

Extended Correspondent Registration Scheme for Reducing Handover Delay in Mobile IPv6

Mobile IPv6. Washington University in St. Louis

Defending Against Redirect Attacks in Mobile IP

A new protocol for location management in Mobile IPv6

A Ticket Based Binding Update Authentication Method for Trusted Nodes in Mobile IPv6 Domain

Experimenting with early opportunistic key agreement

Mobile IPv6. Raj Jain. Washington University in St. Louis

MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS

Securing Route Optimisation in NEMO

Network Security: Security of Internet Mobility. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Security Issues In Mobile IP

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Request for Comments: Category: Best Current Practice June 2008

An Analysis of Fast Handover Key Distribution Using SEND in Mobile IPv6

An Analysis of the Flow-Based Fast Handover Method for Mobile IPv6 Network. Jani Puttonen, Ari Viinikainen, Miska Sulander and Timo Hämäläinen

Internet Engineering Task Force (IETF) Ericsson July 2011

Request for Comments: E. Demaria Telecom Italia J. Bournelle Orange Labs R. Lopez University of Murcia September 2009

Using PANA for Mobile IPv6 Bootstrapping

T Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.

An Efficient Correspondent Registration to Reduce Signaling Overheads for Proxy Mobile IPv6

IPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol

Enhancing Security in Mobile IPv6

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Virtual Private Networks

Internet security and privacy

A Design of Distributed Data Traffic Algorithm based on Hierarchical Wireless/Mobile Networks

A Service Management Architecture for NEMO in IPv4 and IPv6 Networks

Route Optimization based on ND-Proxy for Mobile Nodes in IPv6 Mobile Networks

Network Working Group Request for Comments: 5419 Category: Informational Cisco January 2009

Category: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers

Recognizing Handover Situation for Vertical Handovers using Mobile IPv6 Signaling

Slide 1. Slide 2. Slide 3. Technological Advantages of Mobile IPv6. Outline of Presentation. Earth with 2 Billion Mobile devices

Early Binding Updates for Mobile IPv6

Network Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

An Approach to Efficient and Reliable design in Hierarchical Mobile IPv6

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Mobile IPv6 Security while traversing a NAT

IP Security IK2218/EP2120

IPv6 Changes in Mobile IPv6 from Connectathon

Comparision study of MobileIPv4 and MobileIPv6

Analysis and Optimization of Cryptographically Generated Addresses

Denial-of-Service, Address Ownership, and Early Authentication in the IPv6 World

International Journal of Advanced Research in Computer Science and Software Engineering

Securing Locations of Mobile Nodes in Wireless Mesh Network s

Credit-Based Authorization for Concurrent IP-Address Tests

Mobile SCTP for IP Mobility Support in All-IP Networks

CSC 6575: Internet Security Fall 2017

Analysis of the IPSec Key Exchange Standard

LECTURE 8. Mobile IP

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Introduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology

Techological Advantages of Mobile IPv6

Mobile IP and its trends for changing from IPv4 to IPv6

Seamless Handover Scheme for Proxy Mobile IPv6

An Architecture for Network Layer Privacy

Security Handshake Pitfalls

Request for Comments: Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

draft-ietf-mipshop-cga-cba Status Update

Mobile Internet Protocol v6 MIPv6

Cryptography and Network Security. Sixth Edition by William Stallings

Mobility in IPv6 Standards and Upcoming Trends. Thomas C. Schmidt HAW Hamburg & link-lab

Internet Engineering Task Force (IETF) Request for Comments: M. Bonola Rome Tor Vergata University A. Garcia-Martinez UC3M February 2012

Mobile IPv6 Overview

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Topologically-Aware AAA Overlay Network in Mobile IPv6 Environment

CSE 123A Computer Netwrking

Network Encryption 3 4/20/17

Internet Engineering Task Force (IETF) Request for Comments: 8191 Category: Standards Track. X. Lee CNNIC. August 2017

Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

Security Handshake Pitfalls

An Analysis of The Fast Handovers for Mobile IPv6 Protocol

Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

U N I V E R S III I D A D I D C A R L O S I UNIVERSITY CARLOS III OF MADRID. Department of Telematics Engineering. Master of Science Thesis

Mobile IP. Mobile Computing. Mobility versus Portability

IP Security. Have a range of application specific security mechanisms

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Mobile Communications Chapter 9: Network Protocols/Mobile IP

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Network Security: IPsec. Tuomas Aura

Proxy Mobile IPv6 (PMIPv6)

CMPE 257: Wireless and Mobile Networking

Network Working Group. Extreme Networks July Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Module 28 Mobile IP: Discovery, Registration and Tunneling

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Ju-A A Lee and Jae-Hyun Kim

Communications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage

Quick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Request for Comments: 4433 Category: Standards Track Cisco Systems Inc. March 2006

ECC Based IKE Protocol Design for Internet Applications

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-04.txt

Verification of Security Protocols

Host Identity Protocol (HIP):

Transcription:

A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo 1, Jungsook Koo 2, Dong Chun Lee 3 1 Dept. of Computer Science and Eng., Hanyang Univ., Korea jdkoo@cse.hanyang.ac.kr 2 Dept. of Information Security, Kyonggi Univ., Korea 3 Dept.of Computer Science, Howon Univ., Korea ldch@sunny.howon.ac.kr Abstract. We propose a new authentication scheme of binding update protocol, which its Correspondent Node () issues a ticket to Mobile Node () when first executes the Binding Update (BU). This ticket assist that it is able to do efficiently the BU whenever requires the BU for the future. The proposed protocol need not be repeated equal BU course whenever the moves to foreign link or network, and is able to be executed in environment of not operating the Home Agent (HA), and also easies scalability. 1 Introduction MIPv6 [1] is the protocol of IP layer supporting node's mobility in IPv6. In MIPv6, has static Home Address (HoA) reaching without reference to now connected links and extraordinary CoA which is changeable when handovers to foreign link [1]. Also, located in foreign link, assumes that HA as a substitute of exists. When acquires new CoA from moving new link, it must register its CoA to HA. By registering this ess, other nodes are always able to transfer messages using this node's HoA without reference to physical location of node. When isn't located in home link, messages received other nodes are sent to those nodes by using registered ess in HA. But, because this method is always formed through HA, it brings about results which use inefficiently network. Accordingly, to solve this problem in MIPv6, also registers its Care-of Address (CoA) to its. By using this method, the connection between the and its are able to be optimized. This course which register CoA to HA and its, that is, are called binding. MIPv6 standard documentation of IETF is recommending to execute the BU to use Return Routability (RR) scheme [1]. But, if it doesn't securely execute the BU course, this course is able to be vulnerable in Denial-of Service (DoS) attack, redirect attack, and neighbor bombing attack [2].

But, RR scheme doesn't fully satisfy MIPv6 security requirements. In case of standard documentation [1], it is recommending to securely execute the BU courses by using IPSec [3, 4] into RR scheme to overcome these problems [5]. IPSec is able to be efficient between and HA supporting long-term connections. But, it may be inefficient between and its which is able to be formed by short-term connections. Also, IPSec can be a burden in case of communication node having low-power and limited computational quantities because of not little calculation costs executing internal key exchange protocol, Internet Key Exchange (IKE) [6], of IPSec. Therefore, it is required of mechanisms which safely execute the BU at low cost between and its without using IPSec mechanism. To solve this problem, many BU protocols have been proposed. But, the existed BU protocols have some problems. In Return Routability (RR) [1] scheme, the information of creating session key is forwarded through public channel. Only, an attacker is able to intercept both Home Test (HoT) message and Care-of Test (CoT) message sending by two routers. It is not difficult if two attackers conspire. Child-proof Authentication for MIPv6 (CAM) [7] has problems as follows. First, this protocol takes costs for signing messages in and costs for verifying this signature in its. Second, it only supplies authentication of 's HoA. Finally, it just supplies one way authentication. The existed BU protocols may be iterated equal protocol course whenever moves to foreign link. This method has two problems. First, it can reduce the efficiency of entire protocol because of always iterating same protocol course whenever gained new CoA from foreign link. Second, because the BU a limited lifetime, must update a lifetime. We propose the secure and efficient TBU protocol, which the BU using the ticket is able to promote efficiency by reducing iterating courses of entire protocol. 2 The Proposed Protocol We present TBU protocol for secure BU. It is designed for being suitable for almost all environments; in case of which a is not only a fixed node but also a portable node. In addition, when the is the moving node, the proposed protocol doesn't give computational burden such as public key operation, exponential calculation to. In TBU protocol, we assume that the connection between a between it s HA, between it s HA and the HA of, between a and its HA is able to establish secure tunnel using the IPSec. Also, the is able to be not only fixed node but also moving node. The detailed protocol is following.

IPsec ESP tunnel IPsec ESP tunnel BU Request Ticket and Session key Agreement Request HoA,, (, HoA, CoA,T, L BU, N ).K - HoA,, (HoA, CoA, n, n, T, L BU ).K - BA and Ticket transfer, CoA, (HA, HoA, N Tck -,K - ).K -HA BA and Ticket publication, HoA, (, HoA, n, n, T c, L BA, Tck - ).K - K - = MAC(K -,n n n ) T a = T c T Tck - ={HoA n T L Tck K - }.K T c = T T Fig. 1. The basic TBU protocol at first between and its via Mobile Host () The following notation is used in describing our protocol. BU/BA: A binding update/binding acknowledgement. /: Mobile node/its home agent /CH: Correspondent node/ its home agent HoA/CoA A : A home ess of and care-of ess of a node A. /CH / : The ess of /CH/. K A-B : A secret key between A and B. K A : A secret key of A. Cookie A : A cookie generated by A (the parameter for preventing DoS). L BU/BA : A lifetime of BU/BA. T A : A timestamp generated by A. MAC (M, K): Keyed hash of message M with key K for authenticating message M. Tck A-B : A ticket between A and B. n A : A nonce generated by A. a b: A bit concatenation of message a and b The nodes which participated in basic protocol are, Mobile Host (), and. But, the BU protocol at the future only participates in and its. The role of is to create the secret key and the ticket with instead of the. The detailed basic protocol is same to Fig. 2. The connection between and, between and is protected securely via ESP tunnel. We describe some of the features of TBU protocol.

Message 1. This message which sends to is to request BU to and. The creates a nonce n and associates the nonce with its in its binding update list. It is used to prevents messages from replay attack and create secret key. T and L BU is a timestamp and a lifetime generated by, respectively. A lifetime of BU has a fixed time. Accordingly, even though doesn't move to a foreign link or network, the lifetime of BU must be re-updated before the lifetime is over. K - is IPSec secret key between and. HoA,,(, HoA, CoA, n, T, L BU Message 2. Upon receiving message 1, registers CoA of and stores binding information into binding cache. creates nonce n for preventing a message from replay attack and creating secret keys. It sends a message to communicating with to request ticket creation and BU. This message is also sent to 's via the secure protected ESP tunnel. It is a message which request for creating ticket and executing BU between and. The forwards other parameters received from to. HoA,,( HoA, CoA, n, n, T, L BU Message 3. The 's first validates nonce, timestamp, and lifetime received from. It then generates a symmetric key K - between and its, which will be used as the ticket key. Also, it creates Tck - that will be used by the node with HoA. The ticket consists of HoA of node's ess using ticket, nonce n, timestamp T, ticket's lifetime L Tck, a symmetric key K - between and its. It is able to use the purpose of authenticating when moved to foreign link. By publishing ticket, the BU between and its for the future becomes very simply. The protocol's efficiency then is raised by reducing the iteration of entire protocol course. The registers CoA of. Then, the binding information is stored into binding cache of. c T = T, HoA,( T, HoA, n, n, T, L c BA, Tck K Tck = MAC( K = ( HoA n, n T n L Tck n K ) Message 4. The intercepted this message creates the symmetric key K - like. It adds the nonce n received from at first to message. After it concatenated each node's timestamp, it forwards this message to via secure ESP tunnel. received message 4 first checks the nonce n created itself. Then, stores securely the ticket Tck -. As a result, our protocol is first performed simul-

taneously both the key distribution and the BU courses via secure ESP tunnel recommending in IETF. By using ticket, the next BU is able to be executed with only two messages such as a BU and a BA message. It aims to upgrade a performance of BU protocol by minimizing the courses of the entire protocol. T a, CoA, HoA,( n = T T c, T, Tck a, L BA, K When again moves to foreign link or network, it doesn't perform all basic TBU protocol courses. executes BU by using only two messages like BU message containing the ticket and BA message. So, the TBU protocol is able to elevate the efficiency of entire protocol and to reduce abilities witch are attacked from attackers by decreasing message number. The protocol is illustrated as Fig.2. BU message. directly sends this message to to register new CoA which gains in foreign link or network. Because the connection between and its isn't protected by secure ESP tunnel, there may be various attacks. Accordingly, it creates and adds security parameters to message. After created a cookie Cookie 1, It sends it to its. The aim of cookie is to first filter attacks such as DoS or flooding attack etc. It also inserts a ticket Tck - generated by in the message. It then sends the BU message to directly. BA message. Upon receiving BU message, first checks on the validity of a cookie Cookie 1 whether attack is or not. Also, it generates the cookie Cookie 2 and then sends it to. And, it verifies the validity of the ticket by decrypting and checking the validation period and the 's HoA included in the ticket. Then, it verifies the MAC using the ticket key. Also, checks a lifetime of BU message and inserts the lifetime of BA L BA, n generated by in BA message. If everything is ok, stores the nonce and BU information in its binding cache. It then responds to BU message by sending the BA message. 1 BU CoA,, HoA, n, T, L BU, Tck -, Cookie 1, MAC(K -, BU message) BA 2, CoA, HoA, n, T, Cookie 1, Cookie 2, L BA, MAC(K -, BA message) Fig. 2. The basic TBU protocol for the future between and its.

3 The Protocol Analysis In MIPv6, in case of not executing safely the binding update courses, there are various attacks such as DOS attack, redirect attack, and neighbor bombing attack, etc. Therefore, The BU must be satisfied with the security requirements as follows. An authentication of requester: The HA and 's must be able to confirms whether it is the request of possessed HoA or not before they recognize the BU request of. If it isn't confirmed from nodes, attackers can be various redirect attacks by executing the BU in disguise with a justified. An authentication of responder: must be able to affirm whether the response message for BU request is the acknowledgement message of its communicating now with itself or not. If not, is able to mistake that the binding update was successful. In this case, the directly delivered message through routing optimization is dropped. Integrity of binding information: It must support the integrity of CoA information of. If doesn't supply, attackers is able to be various attack by changing CoA of. A location authentication of requester: 's must be able to verify whether really exists in suggesting current location (CoA of ) or not. If not, by using ess of other nodes, attackers can be bombing attack against target node. Now, we will discuss how strong our protocol TBU is against various attacks such as Denial-of Service (DoS) attack and Redirect attack. DoS attack is that a justified users is not able to execute the protocol. It can be divided with resource depletion attack and connection depletion attack. The former is attack of targeting nodes not using fixed resource like mobile node as the attack for consuming calculation resource of server. But, the latter is attack for exhausting the connection of being able to permit in server. DoS attack is not problem of solving certainly in BU protocol because it is able to occur in all communication protocols. Also, to protect completely it is very difficult. Besides, this attack is not attack which is able to settle in satisfyingness of security requirements on contrary to redirect attack and neighbor bombing attack. To alleviate DoS attack, a generally used scheme is divided as follow. First, it comprise protocol so not to be necessary that nodes are able to support the status information for reducing cases that services are rejected from the exhaustion of buffer sustaining connection status datum. Second, nodes authenticate the communicated messages for reducing cases of maintaining unnecessary connection information. Third, to be difficult the attack, those use client puzzle. Second scheme requires adding costs of authenticating messages. So, it is used generally with more and more increased method. TBU protocol uses cookie to prevent this attack. first creates cookie, then on receiving the cookie its checks on the validity of it. If is not right this information, drops a message. Various attackers may try to redirect the mobile node's traffic to some other nodes including itself. If the attacker can procure the private key of the victim or the ticket key of the victim s ticket, the attacker is able to be successful at this attack. We as-

sume that both are infeasible if the attacker is attempting a passive cryptanalysis attack. Table 2. The satisfaction of security requirement of protocols mutual authentication message location integrity authentication RR ECBU CAM CBID/SUCV * Proposed Method We will first argue that our protocol and existing BU protocol satisfy the security requirements of the BU protocol. In Table 2, all protocols with the exception of CAM [7] and RR protocol supplies a mutual authentication. In case of SUCV protocol, it is able to settle mutual authentication by IPSec only. Also, TBU protocol and ECBU protocol provide the mutual authentication by using HA. The integrity of BU message can be authenticated by encrypting the securely established session key and making signature the BU request message. There are not securely confirming methods whether exists in 's CoA or not. But all schemes have a certain amount of devices to solve this problem. 4 Conclusion In this paper we presented solution to elevate efficiency by reducing iterating BU courses via ticket. The ticket-based binding protocol takes diverse advantages. First, the need not maintain the status information of session key between and its because it encrypts the ticket using its private key. Second, both and its is able to perform BU in environments on not operating a HA of such as P2P circumstances. Also, proposed TBU protocol satisfies the safety of protocol and security requirements such as mutual authentication, the integrity of the BU message and a certain amount of location authentication because this ticket is only able to create in or HA of and the session key between and its is contained in it. Acknowledgements This work was supported by Fund of ITRC at Korea Univ., 2006.

References 1. D. Johnshon, C. Perkins, J. Arkko, Mobility Support in IPv6, IETF RFC 3775, 2004. 2. P. Nikander, J. Arkko, T. Aura, G. Montenegro, E. Nordmark, Mobile IP Version 6 Route Optimization Security Design Background, IETF RFC 4225, December 2005. 3. S. Kent, R. Atkinson, IP Authentication Header, IETF RFC 2402, November 1998. 4. S. Kent, R. Atkinson, IP Encapsulating Security Payload (ESP), IETF RFC 2406, November 1998. 5. J. Arkko, V. Devarapalli, F. Dupont, Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents, IETF RFC 3776, June 2004. 6. D. Harkins, D. Carrel, The Internet Key Exchange (IKE), IETF RFC 2409, 1998. 7. G. O'Shea, M. Roe, Child-proof Authentication for MIPv6 (CAM), ACM Computer Communications Review, Vol. 31, pp. 4-8, July 2001. 8. T. Aura, Cryptographically Generated Addresses (CGAs), IETF RFC 3972, 2005. 9. G. Montenegro, C. Castelluccia, Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Address, ISOC Symposium on Network and Distributed System Security (NDSS 2002), February 2002. 10. G. Montenegro, C. Castelluccia, Crypto-Based Identifiers (CBID): Concepts and Application, ACM Transaction on Information and System Security, Vol. 7, pp. 97-127, February 2004. 11. R. Deng, J. Zhou, F. Bao, Defending against Redirect Attack in Mobile IP, Proc. of the 9th ACM Conference on Computer and Communications Security, Washington D.C., November 2002. 12. Y. Qiu, J. Zhou, F. Bao, Protecting All Traffic Channels in Mobile IPv6 Networks, In Proceeding of WC 04, Vol. 1, pp. 160-165, March 2004. 13. S. Thomson, T. Narten, IPv6 Stateless Address Auto-configuration, IETF RFC 2462, December 1998. 14. R. Droms, Dynamic Host Configuration Protocol (DHCP), IETF RFC 2131, March 1997.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback