Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka

advertisement 
Authentication In Mobile
Internet Protocol version 6
Liu Ping
Supervisor: professor Jorma Jormakka
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Present solution
6. Conclusion
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Solution
6. Conclusion
• Motivation
1. Mobile device and Ebusiness
2. Current solutions are fairly completed to be
implemented
• Related work
1. Strong authentication: PKI
2. Weak authentication: CGA, CAM and RR
• Our solution
Based on asymmetric and symmetric
encryption algorithm to distribute an ID and
a session key
• CGA: Cryptographically
Generated Address
• CAM: Child-proof
Authentication for MIPv6
• RR: Return Routability
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Solution
6. Conclusion
• MN: Mobile Node, it is MIPv6
• CN: Correspondent Node is
communicating node with a MN, it is
either stationary node or mobile node
• HA: Home Agent, a router is on a MN’s
home link. It registers all necessary
information for a MN, i.g. CoA, HoA
• CoA: A MN’s Care-of Address, which is
temporary and a foreign link assigns to
the MN on the foreign link
• HoA: A MN’s permanent IPv6 address
on its home link
Bidirectional tunneling
MN
HA
CN
Route Optimization
MN
CN
• Need a binding process: MN sends CoA
to its HA and CNs when it’s out of its
home link
• CN saves the MN’s CoA into its BUCbinding update cache
• CN can deliver a packet to the MN
directly by setting the packet’s source
address to be the MN’s CoA
• Route optimization can reduce
congestions of the MN’s home link and
HA, but introduces new vulnerabilities
BU process
BU message’s header
CN’s BU entry
Source IP
HoA
Destination IP
CoA
HoA option
……(CoA)
……
1. HoA: a MN’s HoA cannot be abused
2. CoA: CN’s BUC must save correct
MN’s CoA
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Solution
6. Conclusion
Security Mechanisms
• Authorization and trust
• Authentication
• Integrity
• Confidentiality
• Anti-replay
• Authorization and trust: A CN verifies
whether a MN has right to create or
update its BUC
• Authentication: MN and CN can verify
their identifies
• Integrity: BU message cannot be
modified by an unauthorized node
• Confidentiality: CoA and HoA cannot be
disclosed to malicious nodes
• Anti-replay: An attacker delivers old,
out-of date packet to CN by pretending
to be a MN
BUC
::20:10:10:10
MN
BU
CN
HoA
CoA
False BU
::30:10:10:10
MN
::40:10:10:10
attacker
Source address: ::30:10:10:10
Destination address: ::CN’s IP
address
Home address option: MN’s
home address
Threats analysis
•Man-In-the-Middle
attack
•Denial of Service
attack
Man-In-the-Middle attack
A
B
Attacker
Denial Of Service Attack
MN
CN
Attacker
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Solution
6. Conclusion
1. A MN’s HoA works
as a searching key
during BU process
2. A MN’s HoA must be
secret enough,
otherwise, attacker
can launch a
passive or an active
attack easily by
sending a false BU
message to a CN
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Solution
6. Conclusion
Solution Overview
• Using an ID shared only with a pair
MN and CN as a searching key
• Apply RSA asymmetric to
distribute an ID and a session key
• Apply Twofish symmetric
algorithm to encrypt/decrypt CoA
during BU process
Authentication in MIPv6
Apply in MIPv6
Preparation
Binding Update
Verifying
Preparation Procedure
MN generates public/private key
Public key
MN-----------------------------------CN
[ID, session key] public
MN<---------------------------------CN
MN saves the ID and session key
Binding update procedure
[CoA] session & ID
MN---------------------------------CN
CN’s BU entry
ID
Session key
CoA
CN decrypts CoA by session
Public key
……
CN verifies CoA and saves
Verify procedure
• An attacker
It is failed because of IPsec
protection (without a SA
shared with CN before). An
attacker cannot do any more
harmful thing.
Verify procedure
• An cheater: has a SA before
ID
ID or session key
is not correct,
Session key CN drops packet.
Compares CoA and
CoA
source address
1. Introduction
2. Mobility support
3. Security mechanisms
and threats analysis
4. Address ownership
problem
5. Present solution
6. Conclusion
Summary
• Solve address ownership
problem
• Prevent possible attacks
• Implementation simple
• Suitable any kinds of computer
and memory
• It is difficult to recognize a
cheater
Future work
1. Combine software and
hardware
2. Ciphertext error
• Transmission process
• Storage medium
• Recover plaintext from errors
Thank you
Related documents
Cost of Attendance Comparison Worksheet
Cost of Attendance Comparison Worksheet
COMMISSION ON AUDIT MEMORANDUM NO. 81-286
COMMISSION ON AUDIT MEMORANDUM NO. 81-286
Policy on Ethics: - Council on Aging & Human Services
Policy on Ethics: - Council on Aging & Human Services
5GACPA 2013.GIFMIS
5GACPA 2013.GIFMIS
“We are accounting, business, and legal professionals, who as educators,... first by offering an education of enduring value. We are... Department Hours:
“We are accounting, business, and legal professionals, who as educators,... first by offering an education of enduring value. We are... Department Hours:
Topic 17 CSGESG Planning inst ppt 14 Jul 08
Topic 17 CSGESG Planning inst ppt 14 Jul 08
Download
advertisement