Securing Binding Updates Securing Binding Updates between Mobile Node and between Mobile Node and Correspondent Node in Mobile Correspondent Node in Mobile IPv6 Environment IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6, USM
28
Embed
Securing Binding Updates between Mobile Node and Correspondent Node in Mobile IPv6 Environment 20 th APAN Network Research Workshop Rahmat Budiarto NAv6,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Securing Binding Updates between Securing Binding Updates between Mobile Node and Correspondent Mobile Node and Correspondent Node in Mobile IPv6 EnvironmentNode in Mobile IPv6 Environment
20th APAN Network Research Workshop
Rahmat BudiartoNAv6, USM
IntroductionIntroduction What is IPv6?What is IPv6?
IPv6 is the next generation IP Address.IPv6 = 2001:0468:0C80:1341:0280:1CFF:FE15:5820 Huge Number of addresses 2128 = 340 Undecillion AddressesBuilt-in Mobility Support (Main Feature)
Why do we need IPv6?Why do we need IPv6?Limited addressing space in IPv4Growing Internet Community
More laptops, Broadband service, Hotspots…
Growing Mobile Technology 3G Network, Nokia and Mobile phone service providers
What is Mobile IPv6?What is Mobile IPv6?
Mobile IPv6Mobile IPv6
Terms Used Mobile Node -a node which travels from one to another network Home Agent - Router in the Home network Correspondent Node - Node which Mn communicating with Home-of Address – Mn’s IP Address in Home Network Care-of Address - Mn’s IP Address in Foreign Network Binding Update - What is binding Update?
BindingBinding UpdateUpdate
•Between Mobile Node and Home AgentBetween Mobile Node and Home Agent (Current Protocol - IPSec)(Current Protocol - IPSec)
•Between Mobile Node and Correspondent Between Mobile Node and Correspondent NodeNode (Current Protocol - Return Routability)(Current Protocol - Return Routability)
Binding update is the act of Mn,Binding update is the act of Mn,
To update its new To update its new Care of AddressCare of Address. . (to HA & Cn)(to HA & Cn)
This paper is about Mobile IPv6 and This paper is about Mobile IPv6 and Binding Update. (only Mn and Cn)Binding Update. (only Mn and Cn)
Related PapersRelated Papers What others has done about Binding What others has done about Binding
Update?Update? Is it a current issue?Is it a current issue? Is it an interesting topic? Is it an interesting topic?
Scope and Background of the Paper
Literature Review / Related Literature Review / Related WorkWork
1.1. Securing return Routability protocol against Securing return Routability protocol against Active Attack Active Attack
Uses Modified RR and Digital SignatureUses Modified RR and Digital Signature Also use Public Key Cryptography for strong securityAlso use Public Key Cryptography for strong security Conclusion : Public Key is very huge, not practical to Conclusion : Public Key is very huge, not practical to
implementimplement
2.2. Mobile IPv6 route Optimization Security Design Mobile IPv6 route Optimization Security Design Has made small enhancement to RRHas made small enhancement to RR Introduce time stamp for kbm (eliminate time shifting Introduce time stamp for kbm (eliminate time shifting
3.3. Early Binding Updates for Mobile IPv6Early Binding Updates for Mobile IPv6 Introduces two Early Binding messagesIntroduces two Early Binding messages Reduces the overall network latency Reduces the overall network latency Conclusion : Provides a good performance Result Conclusion : Provides a good performance Result
4.4. Using IPSec between Mobile and correspondent IPv6 NodesUsing IPSec between Mobile and correspondent IPv6 Nodes New approach introducedNew approach introduced Mostly based on assumption and needs more Security AssociationMostly based on assumption and needs more Security Association Assumption made as manual selection and peer to peer basedAssumption made as manual selection and peer to peer based Conclusion : Ambitious, need more enabled features. (future)Conclusion : Ambitious, need more enabled features. (future)
5.5. Dynamic Diffie-Hellman based key distribution for Mobile Dynamic Diffie-Hellman based key distribution for Mobile IPv6IPv6
Uses Diffie-Hellman key exchange method Uses Diffie-Hellman key exchange method Four message exchange, possible man-in-the middle attackFour message exchange, possible man-in-the middle attack Conclusion : Lacks of Authentication, might need PKI or AAA Conclusion : Lacks of Authentication, might need PKI or AAA
implementationimplementation
Literature Review / Related Work (continue)Literature Review / Related Work (continue)
Methodology
Secret Key Binding TechniqueNew Approach to Secure Binding Update Between Mn and Cn to replace Return Routability
Message from Mn to Cn / Cn to Mn (Home Network) MN={FF:01::01}
This is the first step:
•Diffie-Hellman Key Exchange (2 messages)
•Takes place in Home Network
•After the Pre-binding Secret key Exchange, the communication process continues as normal.
Secret Key Binding (Binding Test)
Binding Test message from Mn to Cn (Encrypted with (S) {Sn , HoA , T , MnC})
Binding Test Reply from Cn to Mn thru HA (Encrypted with (S) {Sn , T , CnC})
Second Method:
• Secret Key encryption step
•4 messages Exchange
•2 Binding Test messages
•2 Binding messages
Secret Key Binding (Binding Update)
Binding Update (Encrypted with (S) {Sn , T , H(MnC+CnC) , BU} )
Binding Acknowledgement (Encrypted with (S) {Sn , T , BA})
The parameters used in Secret key Binding The parameters used in Secret key Binding Technique show how some of the major Technique show how some of the major security threats eliminated (Security)security threats eliminated (Security)
Number of message exchange, time taken Number of message exchange, time taken and time delay show the performance and time delay show the performance efficiency of the protocol (Performance)efficiency of the protocol (Performance)