Mobile IPv6 - MMLab
advertisement
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack Content • IP Mobility • Mobile IPv6 • Basic Operation • Mobile IPv6 Security • Optimization of Mobile IPv6 • Hierarchical Mobile IPv6 (HMIPv6) • Fast Handover of Mobile IPv6 (FMIPv6) • Conclusion IP Mobility (1/2) • Routing • • • Nodes communicate using IP: All IP Network IP packets are routed by their address When a mobile node moves, it needs to change IP address to match its current network • Identification • • • Connections/sessions between nodes are mostly identified by endpoint IP’s When the node moves, and is assigned a new IP, all existing connections/sessions must be terminated and reestablished! Need of IP Mobility Protocol! IP Mobility (2/2) Correspondent Node <IP-A> <-> <IP-B> <IP-A> <IP-B> Mobile Node <IP-C> <IP-B> <-> <IP-C> Mobile Node Mobile IPv6 (1/3) • Overview • • • • Home network, HA, CoA as the same as Mobile IPv4 Address auto-configuration • MN can obtain a CoA in foreign network without any help of foreign agent (FA) Packet interception at the HA • By Neighbor Discovery (cf. Proxy ARP in Mobile IPv4) Binding update option • Between MN and HA/MN and CN • Route optimization between MN and CN • New extension headers • • Type-2 Routing header: for route optimization Destination Options header: for MN originated packets Mobile IPv6 (2/3) • Bi-directional tunneling mode • • Does not require for the CN to support Mobile IPv6 Use of Reverse tunneling • Route Optimization (RO) mode • • • • • Requires to register the MN’s current binding at the CN Uses a new type of IPv6 routing header • Destination Address = current CoA • Type-2 routing header = home address Shortest communications path Eliminates congestion at the MN’s HA and home link Impact of any possible failure of the HA or networks on the path to or from it is reduced Mobile IPv6 (3/3) • Dynamic Home Agent Address Discovery • • • Allows a MN to dynamically discover the IP address of a home agent on its home link ICMP Home Agent Address Discovery Request Message • Destination address: Home Agent anycast address for its own home subnet prefix Reply message • HA address list in home link • HA maintains the home agent lists Mobile IPv6 Terminology • Terminology • • • • Home Address (HoA) • the permanent IP for identifying the Mobile Node. The Mobile Node should always be reachable at this IP. Care-of Address (CoA) • the temporary, network-spesific IP for routing messages to the Mobile Nodes current location Home Agent (HA) • the entity acting on behalf of the Mobile Node in it’s home network Correspondent Node (CN) • any other host connected to Mobile Node (not necessarily mobile itself) Mobile IPv4 vs. Mobile IPv6 Mobile IPv4 Mobile IPv6 Mobile node, home agent, home link, foreign link (same) Mobile node’s home address Globally routable home address and link-local home address Foreign agent A “plain” IPv6 router on the foreign link (foreign agent no longer exists) Collocated care-of address Care-of address obtained via Agent Discovery, DHCP, or manually Care-of address obtained via Stateless Address Autoconfiguration, DHCP, or manually Agent Discovery Router Discovery Authenticated registration with home agent Authenticated notification of home agent and other correspondent nodes Routing to mobile nodes via tunneling Routing to mobile nodes via tunneling and source routing Route optimization via separate protocol specification Integrated support for route optimization Binding Update • Binding Update • • An MN informs the HA and CNs of its CoA when the MN is located in a foreign network The HA/CN send “Binding Acknowledgement” option to the MN • Requirements • • Source address in IP header = MN’s CoA • To avoid ingress filtering IPv6 authentication header (AH) • For secure binding update Packet Delivery • Packet delivery from CN to MN • • • The CN check whether there is the MN’s binding information at its binding cache. If there is a matched entry • The CN sends packets to the cached MN’s CoA using IPv6 routing header option • No IPv6 encapsulation Otherwise • Normal packet routing to the MN’s home address • The HA intercepts and tunnels packets. • The MN receiving packets from tunneled by the HA sends a binding update message to the CN Requirements • Correspondent Nodes • • Processing of binding update message Update its binding cache whenever it receives a new binding update message with a new CoA • Mobile Nodes • • • • When a new CoA is needed Sending of binding update message Maintain a Binding Update List Packet encapsulation/decapsulation: No FA • Home Agents • • Packet encapsulation/decapsulation Proxy neighbor advertisements Binding Messages • Binding Update • • Used by a mobile node to notify other nodes of a new careadress. Can also be used to delete old bindings. • Binding Acknowledgement • Used to acknowledge receipt of a Binding Update • Binding Refresh Request • Used by the correspondent node to inform the mobile node that the binding is (or is going) stale • Binding Error • Used by the corresponedent node to signal an error. Mobile IPv6 Basic Operation Correspondent Node <Home Address> <correspondent address> <-> <home address> Mobile Node <Correspondent Address> Home Agent Route optimization Bidirectional tunnelling <Care-Of Address> Mobile Node Binding Updates to HA • MN needs to update the HA on it’s current location (CoA): Binding Update message • The HA keeps this binding for future use Binding Update <home address> <new care-of address> Home Agent map: <home address>:<new care-of address> Home Agent map: <home address>:<care-of address> Binding Update <home address> <care-of address> Home Agent BACK Mobile Node Binding Update ACK (BACK) Mobile Node Binding Updates to CN Correspondent Node map: <home address>:<care-of address> Correspondent Node IPv6 src=<correspondent address> dst=<home address> Home Agent map: <home address>:<care-of address> Home Agent BACK BU <home address> <care-of address> IPv6 src=<correspondent address> dst=<care-of address> Routing Option (type 2) Home Address = <home address> IPv6 tunnel: src=<home agent> dst=<care-of address> <original packet encapsulated> IPv6 src=<care-of address> dst=<correspondent address> Destination Option: Home Address = <home address> Mobile Node Mobile IPv6 Security BU to HA: Security Issues (1/2) • Man-in-the-middle attack Binding Home Agent Mobile Node False BU BACK Malicious Node By means of false BU’s, the traffic can be redirected through a malicio us node BU to HA: Security Issues (2/2) • Hijacking • • By means of false BU’s By replaying old BU’s • Confidentiality breach • By eavesdropping: the MN is often connected to a WLAN • Denial-of-Service (DoS) • • • By means of false BU’s • An attacker might claim that the MN is at another location. By replaying old BU’s • Packets for the MN would be sent to its old location. False BU’s can be used for DoS attacks against victim nodes! • All packets destined to the MN’s home adress would be redirected to the victim node Mobile IPv6 Security • Protection of BU both to HA and CN • By the use of IPSec extension headers • Home address in BU message: Security association based on the MN’s home address • Security key distribution • – Manual or automatic key management with IKE By the use of the Binding Authorization Data Option • Protection of BU message to CN • – No security association – No authentication infrastructure between MN and CN Return Routability – Binding management key and kbm: assure the right MN is sending message – keyed-hash algorithm using kbm IPsec SA • IPsec Security Assocation (SA) • • • • • An SA is a cryptographically protected connection There MUST be a SA between the MN and HA Provides integrity and autentication of BU and BACK An SA is defined by: <SPI, destination adress, flag> One SA per home-address • ESP: Encapsulating Security Payload • AH: Authentication Header ESP and AH • Encapsulating Security Payload (ESP) • • • • Integrity & autenticity Correct packet ordering • By means of sequence numbers in BU messages Anti-replay protection • Only if dynamic keying is used Confidentiality • ”Replay” and ”reordering packets” • Attacks possible if static keys are used • Authentication Header (AH) is an alternative to ESP Packet Format (1/2) Binding Update Mobile Node Home Agent Binding ACK IPv6 header Dest. op. header source = care-of adress destination = home agent Home adress option home adress ESP header Mobility header Binding update Alt. care-of adress option • The ”mobility header” is used in Mobile IPv6 when managing binding • The ”source adress” avoids ingress filtering • The ”home adress option” is used to identify the SA • The ”alt. care-of adress option” is used to protect the care-of adress Packet Format (2/2) Binding Update Mobile Node Home Agent Binding ACK IPv6 header Routing Header (2) source = home agent destination = care-of adress Home adress ESP header Mobility header Binding ACK •The ”home adress” in the ”type 2 routing header” helps the mobile node to identify the SA. •Note that the ”Binding ACK” is encrypted BU to Home Agents: Summary • IPsec SA: Mobile Node <-> Home Agent • • • Integrity & authentication Protection against replay and reordering attacks (dynamic keying) Confidentiality (optional) • Problems • • • Static SA between Mobile Node and Home Agent If the 16 bit Mobile IPv6 seq.number is cycled through or the HA reboots and looses state, replay and reordering attacks are possible. IPsec doesn’t fully prevent an MN to do a DoS attack • However, he will be identified by means of his SA with the Home Agent. Security Issues: BU to CN • Binding Updating the Correspondent Node • • • Same issues as with updating the Home Agent • Spoofing • Man-in-the-middle • Confidentiality • Replay In addition • Need to verify successful routing before switching to route optimization mode Problem • Not feasible to have security association including all potential mobile and correspondent nodes • No security association between MN and CNs Return Routability (1/4) • Return Routability • Authorizes binding procedure by the use of a cryptographic token exchange • Terminologies • • • Cookie • random number used by a mobile nodes • To prevent spoofing by a bogus CN in the RR procedure Care-of init cookie • a cookie sent to the CN in the Care-of Test Init message, to be returned in the Care-of Test message Home init cookie • a cookie sent to the CN in the Home Test Init message, to be returned in the Home Test message Return Routability (2/4) • Terminologies • • • Keygen Token • number supplied by a CN in the RR procedure to enable the MN to compute the necessary binding management key for authorizing a BU • Care-of keygen token: Care-of Test message • Home keygen token: Home Test message Nonce • random numbers used internally by the CN in the creation of keygen tokens related to the RR procedure Binding management key (kbm) • Key used for authorizing a binding cache management message (e.g., BU and BACK messages) • RR provides a way to create a binding management key Return Routability (3/4) • Home Test Init (HoTI) • • • • • MN sends a Home Test Init message to the CN to acquire the home keygen token Source Address = home address Destination Address = CN Parameters • Home init cookie This message is reverse tunneled through the HA • Care-of Test Init (CoTI) • • • MN sends a Care-of Test Init message to the CN to acquire the care-of keygen token Source Address = CoA This message is sent directly to the CN Return Routability (4/4) • Home Test (HoT) • • • • Sent in response to a Home Test Init message Source Address = CN Destination Address = home address Parameters • Home init cookie • Home keygen token • – First(64, HMAC_SHA1 (Kcn, (home address|nonce|0) ) ) Home nonce index • Care-of Test (CoT) • kbm = SHA1(home keygen token|care-of keygen token) • BU: HMAC_SHA1(kbm, (care-of address|CN address |BU) ) Return Routability Test (1/3) Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1> 2 - <nonce2> ... Correspondent Node <care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64] <care-of init cookie> <Correspondent Address> Home Agent Care-of Test Init: src=<care-of address> dst=<correspondent address> <care-of init cookie> Care-of Test: src=<correspondent address> dst=<care-of address> <care-of init cookie> <care-of keygen token> care-of nonce index: 1 <Care-Of Address> Cookies: <care-of init cookie> <care-of keygen token> care-of nonce index: 1 Mobile Node Return Routability Test (2/3) Correspondent Node Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1> 2 - <nonce2> ... <home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64] <home init cookie> <Correspondent Address> Home Test: src=<correspondent address> dst=<home address> <home init cookie> <home keygen token> home nonce index: 1 Home Agent Home Test Init: src=<home address> dst=<correspondent address> <home init cookie> <Care-Of Address> Cookies: <care-of init cookie> <care-of keygen token> care-of nonce index: 1 <home init cookie> <home keygen token> Mobile Node home nonce index: 1 Return Routability Test (3/3) Correspondent Node Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1> 2 - <nonce2> ... <home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64] <care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64] <Correspondent Address> Home Agent Kbm = SHA1 (<home-keygen-token> | <care-of keygen token>) MAC = HMAC_SHA1Kbm(<care-of-address>|<correspondent address>|BU) [1:96] Binding Update src=<care-of address> dst=<correspondent address> option: Home Address = <home address> <sequence number> <home nonce index = 1> <care-of nonce index = 1> <MAC> <Care-Of Address> Cookies: <care-of init cookie> <care-of keygen token> care-of nonce index: 1 <home init cookie> <home keygen token> Mobile Node home nonce index: 1 Mobile IPv6 Optimization Drawbacks of Mobile IPv6 • Mobile IPv6 • • • Reacts after L2 movement Introduces a period of service disruption after L2 movement until signaling is completed Performance depends on Mobile IP registration time and MH-HA distance • Optimization Schemes • • Fast Handover for Mobile IPv6 • Anticipates Mobile IP messaging (before L2 movement) Hierarchical Mobile IPv6 • Reduces MN to HA round trip delay • Reduces the number of messages (ratio transmission efficiency) Standardization (1/2) • Recent trend in IETF… • New working groups • MIP4: Mobility for IPv4 • MIP6: Mobility for IPv6 • MIPSHOP: MIPv6 Signaling and Handoff Optimization • IP Mobility Optimizations (Mob Opts) in IRTF • Analysis of Mobile IP Route Optimization considering such parameters as traffic pattern, link conditions, topology etc • Alternative mechanisms for discovering a Mobility Anchor Point (MAP) in Hierarchical Mobile IP (HMIP) • Evaluation of existing and new mechanisms for discovering, and selecting a target base station and/or router for handover Standardization (2/2) • IETF Mobile IP WG • Mobile IPv4 • Low latency handoff • – draft-ietf-mobileip-lowlatency-handoffs-v4-09.txt, June 2004. Regional registration – draft-ietf-mobileip-reg-tunnel-06.txt, March 2002. • Mobile IPv6 • Fast Handover • – draft-ietf-mipshop-fast-mipv6-03.txt , October 2003. Hierarchical Mobile IPv6 – draft-ietf-mipshop-hmipv6-02.txt , June 2004. Hierarchical Mobile IPv6 HMIPv6 • Motivation • • • Reduce the number of Bus when MNs move within a MAP domain Transparency of the MN’s mobility to CNs Location Privacy • HMIPv6 • • • • Mobility anchor point (MAP): Local HA MN acquires two addresses • On-link CoA: LCoA • Regional CoA: RCoA Reduce Mobile IPv6 signaling load Improve Handoff delay HMIPv6 Operation (Home address, RCoA) HA CN Internet Home BU MAP (RCoA, LCoA) MAP domain Local BU old AR MN new AR MAP HMIPv6 Operation (Home address, RCoA) HA CN Internet MAP (RCoA, LCoA’) MAP domain old AR Local BU new AR MN MAP HMIPv6 Operation (Home address, RCoA’) HA CN Internet Home BU MAP (RCoA’, LCoA’) MAP MAP domain old AR new AR Local BU MN Fast Handover for Mobile IPv6 FMIPv6 • Fast Handover for Mobile IPv6 • • Minimize packet loss and latency due to handoffs • Critical for real-time services MN acquires a new CoA and registers with previous AR before get link to new AR • As soon as MN leaves the current link, old AR starts forwarding traffic to new AR • Operation • • • • Detect movement in anticipation (L2 Trigger) • Update old AR (before L2 movement) Traffic is then forwarded from Old AR to New AR (non-optimal) The MN must then also update HA and CNs (for optimal routing) Bicasting can improve performance New Message Format • Neighbor Discovery Message • • Router Solicitation for Proxy Advertisement (RtSolPr) Proxy Router Advertisement (PrRtAdv) • Inter-Access Router Message • • Handover Initiate (HI) Handover Acknowledge (HACK) • New Mobility Header Message • • • Fast Binding Update (FBU) Fast Binding Acknowledgement (FACK) Fast Neighbor Advertisement (FNA) Message Flow - Predictive MN L2 trigger PAR NAR RtSolPr PrRtAdv HI FBU HACK FBACK FBACK Disconnect Connect forward packets FNA deliver packets Message Flow - Reactive MN L2 trigger PAR NAR RtSolPr PrRtAdv Disconnect Connect FNA[FBU] FBU FBACK forward packets deliver packets Timing Diagram (1/2) Binding Update received by mobility agent/CN New link information Link switching IP connectivity delay (tL) latency (tI) tBU tNew Time Packet reception latency (tP) Handover start epoch Neighbor Discovery is completed MN transmission capable; sends Binding Update [MIPv6] Packets begin arriving at the new IP address Timing Diagram (2/2) New link information L2 trigger (RtSolPr/PrRtAdv, HI/HACK) tL2 Link switching delay (tL) IP connectivity and packet reception latency (tI =tP) tBU Binding Update received by mobility agent/CN Time tNew Handover Neighbor Discovery is completed start epoch MN transmission capable; sends Packets begin arriving : Forwarding Binding Update directly at the new IP address from PAR to NAR (F-BU/F-BACK) [FMIPv6: Predictive] Research Issue • HMIPv6 • • MAP Selection Scalability and Fault-tolerant Service • FMIPv6 • • Implementation over IEEE 802.11/16/20 Buffer management • HMIPv6 + FMIPv6 • Integration of HMIPv6 with FMIPv6
