1 / 31

Authentication In Mobile Internet Protocol version 6 Liu Ping

Authentication In Mobile Internet Protocol version 6 Liu Ping. Supervisor: professor Jorma Jormakka. 1. Introduction 2. Mobility support 3. Security mechanisms and threats analysis 4. Address ownership problem 5. Present solution 6. Conclusion.

reed
Download Presentation

Authentication In Mobile Internet Protocol version 6 Liu Ping

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication In Mobile Internet Protocol version 6Liu Ping Supervisor: professor Jorma Jormakka

  2. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Present solution6. Conclusion

  3. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Solution6. Conclusion

  4. Motivation • Mobile device and Ebusiness • Current solutions are fairly completedto be implemented • Related work • Strong authentication: PKI • Weak authentication: CGA, CAM and RR • Our solution Based on asymmetric and symmetric encryption algorithm to distribute an ID and a session key

  5. CGA:Cryptographically Generated Address • CAM:Child-proof Authentication for MIPv6 • RR:Return Routability

  6. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Solution6. Conclusion

  7. MN:Mobile Node, it is MIPv6 • CN:Correspondent Node is communicating node with a MN, it is either stationary node or mobile node • HA:Home Agent, a router is on a MN’s home link. It registers all necessary information for a MN, i.g. CoA, HoA • CoA:A MN’s Care-of Address, which is temporary and a foreign link assigns to the MN on the foreign link • HoA:A MN’s permanent IPv6 address on its home link

  8. Bidirectional tunneling MN HA CN

  9. Route Optimization CN MN

  10. Need a binding process: MN sends CoA to its HA and CNs when it’s out of its home link • CN saves the MN’s CoA into its BUC-binding update cache • CN can deliver a packet to the MN directly by setting the packet’s source address to be the MN’s CoA • Route optimization can reduce congestions of the MN’s home link and HA, but introduces new vulnerabilities

  11. BU message’s header CN’s BU entry BU process • HoA: a MN’s HoA cannot be abused • CoA: CN’s BUC must save correct MN’s CoA

  12. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Solution6. Conclusion

  13. Security Mechanisms • Authorization and trust • Authentication • Integrity • Confidentiality • Anti-replay

  14. Authorization and trust:A CN verifies whether a MN has right to create or update its BUC • Authentication:MN and CN can verify their identifies • Integrity:BU message cannot be modified by an unauthorized node • Confidentiality:CoA and HoA cannot be disclosed to malicious nodes • Anti-replay:An attacker delivers old, out-of date packet to CN by pretending to be a MN

  15. BUC ::20:10:10:10 BU MN CN False BU ::30:10:10:10 MN attacker Source address: ::30:10:10:10 Destination address: ::CN’s IP address Home address option: MN’s home address ::40:10:10:10

  16. Threats analysis • Man-In-the-Middle attack • Denial of Service attack

  17. Man-In-the-Middle attack A B Attacker

  18. Denial Of Service Attack MN CN Attacker

  19. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Solution6. Conclusion

  20. A MN’s HoA works as a searching key during BU process • A MN’s HoA must be secret enough, otherwise, attacker can launch a passive or an active attack easily by sending a false BU message to a CN

  21. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Solution6. Conclusion

  22. Solution Overview • Using an ID shared only with a pair MN and CN as a searching key • Apply RSA asymmetric to distribute an ID and a session key • Apply Twofish symmetric algorithm to encrypt/decrypt CoA during BU process

  23. Authentication in MIPv6

  24. Preparation Procedure MN generates public/private key Public key MN-----------------------------------CN MN<---------------------------------CN [ID, session key] public MN saves the ID and session key

  25. Binding update procedure MN---------------------------------CN [CoA] session & ID CN’s BU entry CN decrypts CoA by session CN verifies CoA and saves

  26. Verifyprocedure • An attacker It is failed because of IPsec protection (without a SA shared with CN before). An attacker cannot do any more harmful thing.

  27. Verifyprocedure • An cheater: has a SA before ID ID or session key is not correct, Session key CNdrops packet. Compares CoA and CoA source address

  28. 1. Introduction2. Mobility support3. Security mechanisms and threats analysis4. Address ownership problem5. Present solution6. Conclusion

  29. Summary • Solve address ownership problem • Prevent possible attacks • Implementation simple • Suitable any kinds of computer and memory • It is difficult to recognize a cheater

  30. Future work 1. Combine software and hardware 2. Ciphertext error • Transmission process • Storage medium • Recover plaintext from errors

  31. Thank you

More Related