International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013 Security Issues and Solutions in MIPv4 and MIPV6 Shakeel Ahmad #1
Inhas Ashraf #2
KM Group, ONGC, INDIA
[email protected]
Deptt. of IT,NIT Srinagar, INDIA
[email protected]
Abstract— The use of mobile devices is increasing at a tremendous rate. The concern now a days is on the major issues related to these mobile and handheld devices. Apart from battery and power consumption being the main issue, security is also one of the major concerns in these devices and wireless networks on a whole. In this paper we have discussed the various security threats in MIPv4 and MIPv6 along with the possible solutions to tackle these threats.
2) Correspondent Node(CN): the device with which currently mobile node is connected, generally a server or some other remote computer.
Keywords— Mobility, MIPv4, MIPv6, Security Issues and Solutions, Cryptography, IPSec, Return Routability.
I. INTRODUCTION With the advancement in technology, the trends in the usage of mobile devices like handheld devices, PDA(Personal Digital Assistant)s, smartphones etc. have increased tremendously in last few years. As per Cisco Reports[1] (Fig1), the increase in no. of such mobile devices is going to continue and the rate of increase may even go higher. In order to facilitate the mobility of such devices without getting disconnected from internet, Mobile IP came into existence. Mobile IP allows these mobile devices (Mobile Nodes) to have two IP addresses [2], one permanent Home Address and one temporary care-of –address, so that the upper layer communication processes don’t get disrupted when the mobile node changes its location from home network to some foreign network. But as the Ipv4 address space is on the verge of getting exhausted and 128-bit IPv6 addresses are and will be used in place of 32-bit IP addresses, correspondingly MIPv6 will replace MIPv4.But as the no. of devices grow, there are security threats associated with the data and so all the security features viz Confidentiality, Authentication, Integrity Checking and Non-Repudiation [3], need to be looked upon and should be well defined for the safety and security of mobile traffic.
Fig. 1 Expected no of mobile devices (in Billions)
II. MIPV4 Mobile IP (MIPv4) works on the principle of triangular routing. The various nodes that form the building blocks for Mobile IP are: 1) Mobile Node(MN): the handheld device, PDA or smartphone that is connected to internet and is changing its location with time i.e. the device on move.
Available Online at:www.ijcam.com
Fig.2 Mobile IP components
International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013 3) Home Network: the parent network of the mobile node where from it actually started communications. 4) Home Agent(HA): the router in the Home network which serves as a forwarding agent of packets once the mobile node leaves the home network. 5) Foreign Network: the new network which is being visited by the mobile node. 6) Foreign Agent (FA): the router in the Foreign network, which takes care of the packets being sent by correspondent node via home agent.
Whenever a mobile node leaves its Home Network and enters a foreign network, it needs to get a care-of-address. The Foreign Agent in the foreign network periodically broadcasts agent advertisements, which can be replied to by the mobile node and it (MN) gets a new care-of-address. However if the mobile node doesn’t wish to wait for these periodic agent advertisements, it can itself broadcast the solicitation messages which will be responded back by the foreign agent. Once a mobile node is successfully assigned a care-of address, it sends a binding update to the home agent in the home network informing it about the newly acquired care-of-address. The home agent in turn updates it binding table with this careof-address. Now whenever a packet from correspondent node destined to the mobile node, comes to the home network, the home agent intercepts the packet, it encapsulates the packet with a new IP header ,having the care-of-address of mobile node as the destination IP address and forwards the packet to foreign agent, this process being called as tunnelling. The foreign-agent in turn de-capsulates this packet within packet and sends the original packet to mobile node. On the reverse side, mobile node directly sends the packet to the correspondent node without involving the home agent. III. SECURITY ISSUES IN MOBILE IP Like in any other IP protocol, security features in Mobile IP must ensure that the four concerns viz Confidentiality, Authentication, Data Integrity and Non-Repudiation [3] are properly looked upon. This is called as cryptography and consists of a cryptographic algorithm and a key, for transforming the original data in cryptic form (cipher text).Based upon the key; Cryptographic Algorithms have been broadly classified into Secret-Key and Public-Key Algorithms. While in the former, a single secret key is shared by the entities, the later uses two keys, one public key and one private key. A proper key distribution mechanism is needed in cryptography. 1) Confidentiality: the data that is being exchanged between different entities should be such that only the entities concerned should be able to extract meaningful information from it. All the other
entities who intentionally or unintentionally come in possession of this data should in no way infer anything from it. 2) Authentication: It is the process of verifying a claimed identity of a node as the originator of a message (message authentication) or the identity of a node as the end point of a channel (entity authentication). In mobile IP, authentication is done between MN and HN to restrict some other malicious node from obtaining access to the IP packets destined for MN. FA and MN to ensure proper usage of network resources. FN and HN for secure accounting of the network resource usage. By default MD5 is used as the standard Mobile IP authentication. An extension field containing a cryptographic hash value is appended at the end of the registration message. It includes type field which indicates the nodes involved in authentication process. length filed which indicates the payload length of the extension. security parameter index(SPI) which specifies the security context like Authentication algorithm to be used, its mode and key. Authenticator field which is computed over the entire Mobile IP registration message. 3) Data Integrity : The data integrity service detects whether there has been unauthorized modification of data. There are two ways in which data might be altered: accidentally, through hardware and transmission errors, or because of a deliberate attack. The data integrity service aims only to detect whether data has been modified. It does not aim to restore data to its original state if it has been modified. 4) Non-repudiation :this service of security ensures that once a packet is being sent from sender to receiver, the sender later on cannot deny that it has not send it or the receiver cannot deny that it has not received it. In a foreign network, the mobile node uses its home address as the source address in the IP packets. A border router, probably a firewall may discard these packets assuming it be from an unknown source. This is known as ingress filtering and proper provisions must be provided in the security protocol for Mobile IP. Also the no. of required trusted entities involved in Mobile IP should be minimized.
Available Online at:www.ijcam.com
International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013 The various kinds of threats that Mobile IP may face and how each of these can be tackled are as under: 1) Denial of Service(DoS) Attack: This is one of the oldest and easy attacks that can lead to a security breach in Mobile IP network. A bogus node can send overwhelmingly large no. of nuisance packets to the home agent ,the home agent will get overloaded and hence will lead to decrease in the performance of home agent and can affect in the registration process. This can be prevented using a firewall which allows packets only from trusted sources to pass through it. Another kind of DoS attack is when the attacker sits in between the mobile node and home agent, sends a false registration request to home agent specifying its own IP address as the newly attained care-of-address. With the result a false binding entry will be placed in the binding table of home agent and all the traffic that was destined for mobile node ,will be forwarded to the attacker. To get rid of this kind of attack, proper authentication mechanisms must be in place. Mobile IP by default supports MD5 Message-Digest Algorithm[4] that provides secret-key authentication and integrity checking. 2) Replay Attack: An attacker intercepts a registration request and stores it and then later on replays the same registration request to accomplish a forged care-of-address . The solution to replay attacks is built in the authentication mechanism itself .Mobile node in each of the subsequent requests for registration ,produces a unique value in the identification field .Identification field is made such that the home agent should be able to ascertain what subsequent value is. 3) Theft of Information(Eavesdropping):An attacker eavesdrop on all the traffic that is being exchanged between the different entities. It is against the confidentiality of information. This problem can be solved by using link layer encryption(between MN and HA) or end-to-end encryption(between MN and CN) .SSL(Secure Sockets Layer) and SSH(Secure Remote Shell) can be used.RFC1984 explains more on this. Key management for the encryption is performed without disclosing the keys to any unauthorized parties. 4) Theft of Information: Session-Stealing (Takeover) Attack: A Bad Guy waits for a legitimate node to authenticate itself and start an application session. Then it takes over the session by impersonating the identity of the legitimate node. Usually he must send a tremendous number of nuisance packets to the legitimate node in order to prevent it from realizing that its session was hijacked. This kind of attack is also prevented using minimal link layer encryption
between mobile node and home agent and end-end encryption between the mobile node and correspondent node. Besides these solutions, firewalls provide generalized solutions to security breaches that can occur in any kind of network and thus can tackle some security issues in Mobile IP too. Three basic types of firewalls exist, packet-filtering routers, application-layer relays, and secure tunnelers. In packet filtering routers, access-control lists (ACLs) are configured such that the router allows only some kind of traffic, depending upon the socket and discard all other traffic. In Application-Layer Relays the two routers are configured with ACLs which allow packets only to and from the relay hosts and have the ability to enforce some sophisticated security policies since not only they understand the packet header but also the applications themselves and they provide authentication support. In secure tunnelling ,a firewall of the application layer type is used ,which employs a cryptographic method for users to gain access to a private network across a public network(internet).An example is a VPN(Virtual Private Network) ,which is a single ,secure ,logical network.
IV. MIPV6 IPv6 Mobility is based on core features of IPv6.The base IPv6 was designed to support Mobility[5]. All IPv6 networks, nodes, are IPv6-Mobile Ready. All new messages used in MIPv6 are defined as IPv6 Destination Options. IPv6 Neighbor Discovery and Address Auto-configuration allow hosts to operate in any location without any special support. In a Mobile IP, an MN registers to a foreign node and borrows its address to build an IP tunnel so that the HA can deliver the packets to the MN. But in Mobile IPv6, the MN can get a new IPv6 address, which can be only used by the MN and thus the Foreign agent has no role and no longer exists. Thus in MIPv6 ,only 3 types of nodes exist, Mobile Node(MN), Home Agent(HA) and Correspondent Node(CN).MNs are capable of moving in the network and they use HAs for maintaining their reachability. All other Mobile IPv6 aware nodes are considered as CNs. Like in Mobile IP, two types of addresses are used , Home address(HoA) and Care-of-address(CoA). HoA is used for connection identification and CoA is used for routing, i.e. HoA remains the same during movements and CoA changes every time when the MN’s point of attachment in the network changes. HoA is allocated from the MN’s home network, where also the MN’s HA resides. CoA is configured separately for the MN in every foreign network, i.e. network different than home network. Mobile IPv6 binding messages
Available Online at:www.ijcam.com
International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013 1.
Fig.3 M IPv6 components
2. are used for binding a MN’s HoA and CoA, i.e. the MN’s identity and location together. There exist three binding messages that are used for actual binding management: Binding Update (BU), Binding Acknowledgement (BA) and Binding Request (BR).BU is used by MN to reveal its current CoA to HA and CN, BA is used by HA and CN to acknowledge BU and BR is used by HA and CN to request MN to refresh its current binding. When a MN moves to a foreign network it reveals its location to its HA, i.e. creates a binding with its current CoA and HoA. If a CN sends a packet to the MN (to HoA), the packet is routed to the MN’s home network, where the HA intercepts the packet and tunnels it to the MN. After receiving the tunneled packet, the MN reveals its current location also to the CN. After the CN has established the binding between the HoA and the CoA, the CN sends packets destined to the MN directly to the MN’s CoA and vice versa. IPv6 routing header is used by the CN to send the packet directly to the MN; the destination address is set to CoA and the HoA is located into routing header. When a MN receives the packet, it replaces the destination address with the HoA before passing the packet to the upper layer protocol. When sending a packet directly to the CN, the MN uses a home address destination option to indicate the real sender of the packet, i.e. the HoA, to the CN and uses CoA as source address of the packet. After receiving the packet, the CN replaces the source address with the HoA before passing the packet to the upper protocol layer. Thus the Mobile IPv6 operation and CoA are invisible from the perspective of the upper protocol layers and HoA is used for all communication. Mobile IPv6 is independent of access technology. That means that it can be used with any link layer technology, e.g. WLAN, Ethernet, GPRS and Bluetooth. V. MIPV6 SECURITY THREATS Mobile IPv6 has been developed to provide mobility and security for IPv6 with the same features as MIPv4. MIPv6 introduces different security threats as following [5]:
3.
4.
5.
Threats against binding updates sent to home agents: an attacker sends a bogus binding message to home agent, pretending it to be the mobile node and advising it that it is at a different location by sending its own ip address as the care-of-address, the home agent may accept this information and all the traffic will be forwarded to the attacker. In order to prevent this kind of threat, some relationships concerning about the trust and authentication between MN and HA must exist. Since MN uses the services of HA, so they must have some relationship and trust in advance, because the MN must have somehow agreed to use the service. That is why they can exchange some secret beforehand, which can be then used in authentication of the binding messages. Threats against route optimization with corresponding nodes. A CN can be any node in the network, so the MN and the CN will most probably have no relationship in advance. Several methods can be used to authenticate the binding messages between the MN and the CN. One alternative is to use some public key authentication method. Another alternative is to use Return Routability and cryptographically generated addresses. Threats where MIPv6 correspondent node functionality is used to launch reflection attacks against other parties. This kind of threat is caused by the incorrect use of the home address destination option: if a malicious node sends a packet to a CN with an incorrect address A set to home address destination option ,the CN sends the upper protocol layer response to the packet to the address A. The real owner of the address A then sees that the CN sends malicious packets to it thus trying to cause e.g. a denial-of-service attack. This can be prevented by requiring the CN to verify that it has a valid binding between the address A and the source address of the received packet. Threats where the tunnels between the mobile device and the home agent are attacked to make it appear that the mobile node is sending traffic when it is not. It is caused by the incorrect use of the tunnel between HA and MN: if a malicious node sends a tunneled packet with inner source address set to a MN’s address B to a HA of the MN and the HA then forwards the packet, it seems that the MN using the address B has sent the packet. This can be used at least for DoS attacks and it can be prevented by requiring the HA to verify that it has a valid binding between the inner and outer source addresses of the received tunneled packet before it forwards the packet. Threats where IPv6 Routing Header which is employed in MIPv6 is used to circumvent IP-address based rules in firewalls or to reflect traffic from other nodes. The generality of the Routing Header allows
Available Online at:www.ijcam.com
International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013
6.
the kind of usage that opens vulnerabilities, even if the usage that MIPv6 needs is safe. It is prevented by defining a new routing header type, which can be used only with Mobile IPv6 and only for indicating a Home Address. This prevents the incorrect use of generic routing header to twist the firewall rules and reach some restricted address in a network behind the firewall. The security mechanisms of MIPv6 may also be attacked them, e.g. in order to force the participants to execute expensive cryptographic operations or allocate memory for the purpose of keeping state. There is always a risk that security algorithms can be used to launch denial-of-service attacks by bombing a victim with false packets that seem to contain correct information, thus forcing the victim to execute expensive cryptographic algorithms unnecessarily. In the Mobile IPv6 a victim CN may in such case stop processing of all cryptographic algorithms of the Mobile IPv6 and proceed with normal IPv6 operation. The only consequence is that the route optimization of the Mobile IPv6 can’t be used anymore, but still the communication with MNs is possible.
VI. SOLUTION TO VARIOUS THREATS IN MIPV6 In Mobile IPv6, security of the binding messages is very important. Binding messages are shared between; MN and HA; and between MN and CN. So authentication mechanisms must exist between the entities [8,17]. Some of the proposed authentication mechanisms are: 1. IPSec: IPSec is used to authenticate and encrypt packets at network (IP) layer. IPSec Encryption Security Payload(ESP) is used for authentication between MN and HA. But the concern of IPSec is the key distribution mechanism, Internet Key Exchange (IKE)[15].IKE uses either pre-shared secret key or a public key. Since MN before leaving its home network ,must share some information with its home agent ,it is during this period they can agree to use some secret key ,thus IPSec can be effectively used later on for authentication between MN and its HA. IPSec helps to prevent from following attacks Spoofing Session hijacking Electronic eavesdropping Man- in -middle For authentication between MN and CN, other authentication mechanisms are used because no information is shared beforehand between CN and MN regarding the security. 2. Return Routability[4,16,17]: The protection of Binding Updates sent to correspondent nodes does not require the configuration of security associations
or the existence of an authentication infrastructure between the mobile nodes and correspondent nodes. Instead, a method called the return routability procedure is used to assure that the right mobile node is sending the message. In this method special initialization messages e.g. HoTI(Home Test Init) , CoTI(Care-of-Test Init) are send to CN by MN, in turn the CN using its secret key ,some nonce value and the information contained in these messages computes another two messages(cookies) which are then exchanged to MN through CoT(Care-of Test) and HoT(Home Test) messages and MN hashes together these cookies to create session key which is used to authenticate the BU and when CN receives this BU ,it can verify its authentication with its own cookie variables and thus creates a binding in its binding table. However this method does not protect against attackers who are on the path between the home network and CN because they can easily capture the messages and can create a session key ,which favors them. Furthermore, it is inefficient as it requires the exchange of six messages and takes about 1.5 round-trip times between the MN and the CN to complete one correspondent registration. The main advantage of the return routability procedure is that it limits the potential attackers to those having an access to one specific path in the Internet, and avoids forged Binding Updates from anywhere else in the Internet. 3. Cryptographically Generated Addresses[8]: Cryptographically Generated Addresses (CGA) method is based on the idea that a part of the IPv6 address is derived somehow from the public key of the node. The advantage of this method is, that no certificate is needed to convince another node in the network that the address is used by the owner of the public key that is e.g. included in the packet. This means that no public key infrastructure or such is either needed or used, and the key owner publishes the public key when using it. VII.
CONCLUSION
The Internet Engineering Task Force (IETF) developed support for mobility in IP networks in the form of two protocols, MIPv4 and MIPv6 so that the internet connectivity to the mobile devices is seamless when these mobile devices go form one access network to another. But with the growth of the mobile industry, the corresponding number of applications and services that these mobile devices provide grew tremendously and the need of the hour is that all the mobile traffic should be very much secure and thus the two protocols of mobility must ensure that all security concerns that may arise due to mobility should be tackled in a proper way. In this
Available Online at:www.ijcam.com
International Journal of Computer Architecture and Mobility (ISSN 2319-9229) Volume 1-Issue 4,February 2013 paper we discussed the different security challenges that these mobile devices face once they leave their home network and enter the foreign network. Although we discussed the different challenges they could encounter if the IP protocol in use is MIPv4 and their corresponding solutions and the threats and solutions when MIPv6 is used, but still lot of research is still needed to properly analyze and secure the mobility related security issues, because some loopholes are still there.
REFERENCES [1]
[2] [3] [4] [5] [6] [7] [8] [9]
[10] [11] [12] [13] [14] [15]
[16]
[17]
Cisco. (2009). Cisco visual networking index: Forecast and methodology, 2009–2014. White paper. [Online]. Available: http://www.cisco.com. RFC-2002, Perkins, C ,"IP Mobility Support", October 1996. RFC-1825, Atkinson R, ―Security Architecture for the Internet Protocol‖, August 1995 RFC-1321,Rivest R, ―The MD5 Message-Digest Algorithm‖,April 1992 Johnson, D., Perkins, C. Mobility Support in IPv6. Internet Engineering Task Force, draftietf-mobileip-ipv6-16, March 2002. Seyedeh Masoumeh Ahmadi, Analysis towards Mobile IPV4 and Mobile IPV6 in Computer Networks Janani Chandrasekaran, Mobile IP: Issues, Challenges and Solutions Abdel Rahman Alkhawaja & Hatem Sheibani , Security issues with Mobile IP Tampere University of Technology 8306500 Security protocols Security in Mobile IPv6 18.4.2002,Timo Koskiahde. Mobile IP: Security Issues, Applied Crypto and e-Security Lab http://www.cs.bu.edu/groups/aces/ Boston University 2000 Sameer Chandragiri, Mobile IP – Security Issues and Solutions Zhang Chao, Security Issues In Mobile IP. James D. Solomon, Mobile IP: The Internet Unplugged, Prentice Hall, 1998. David B. Johnson. Mobile IP in the Current and Future Internet, Tutorial for MobiCom 2000. R Radhakrishnan, Majid Jamil, Shabana Mehfuz, Moinuddin, "A robust return routability procedure for mobile IPv6", International Journal of Computer Science and Network Security (IJCSNS), volume-8, No-5, May 2008, pages 243-240. Youngsong Mun, Kyunghye Lee, Seonggeun Ryu and Teail Shin, ―Using Return Routability for Authentication of Fast Handovers in Mobile IPv6‖, Computational Science and Its Applications (ICCSA 2007), published in Lecture Notes in Computer Science4706, Volume 2, Published by Springer, ISBN:3-540-74475-4 9783-540-74475-7, 2007, Page: 1052-1061. Qiu Ying; Bao Feng , ―Authenticated binding update in Mobile IPv6 networks‖, IEEE- Conference on Computer Science and Information Technology (ICCSIT), Chengdu, Singapore, ISBN: 978-1-4244-5537-9, July 2010, Pages: 307 – 311.
Available Online at:www.ijcam.com
