Rethinking Security in Network Mobility

1

• Re-thinking Security in Network Mobility
• Jukka Ylitalo
• Ericsson Research NomadicLab
• NDSS '05 Workshop - February 2

2
Outline

• Nodes in the Architecture
• Problem description
• Identifier locator split in HIP
• Identifier multiplexed locator translation
• Signaling delegation between identifiers
• Conclusions

3
Nodes in the Architecture
Correspondent Node (CN)
Internet
Rendezvous Server (RS)
Access Router (AR)
Mobile Router (MR)
Mobile network
MR
Nested mobile network
Mobile Node (MN)
4
Problem Statement

• How to inform peers about MN's new location in a
  secure and efficient way?
• How to sustain optimal routing?

CN

• Address Binding Update (BU)
• Challenge-response Test

AR
AR
MR
?
MN
5
Related Problems

• Signaling explosion in highly populated networks.
• Suboptimal routing.
• Authorizing MR to signal on behalf of the MN.
• Address assignment inside mobile network.

6
Identifier - Locator Split in HIP

• A new public-key based Host Identifier (HI) name
  space
• Sockets bound to HIs, not to IP addresses.
• HIs translated to IP addresses by kernel

Process
Transport
ltHI,portgt
Host Identity
Host ID
Dynamic binding
IP Layer
IP Address
Link Layer
7
Advantage of Cryptographic HIs

• Public-key based end-point identifiers (HIs) vs.
  untrustworthy IP addresses.
• Possible to authorize and delegate signaling
  rights between HIs in a secure way.
• Possible to use authorization certificates, e.g.,
  SPKI certificates.

8
HI multiplexed Locator Translation

• MN registers its HI and local unicast address to
  MR.
• MN learns MR's HI during the registration.
• MR implements HI multiplexed locator translation.

Internet
MR
Registration
MN
Local unicast address space
9
Authorizing MR to send BUs

• MR hides the network mobility from MNs.
• MNs authorize MR to send Binding Update messages
  on behalf of them to CNs.

RS
CN
CN
BU signaling from MR
AR
AR
MR-CoA1
MR-CoA2
MR
MR
MN-CoA1
MN-CoA1
Authorization
MN
MN
10
Delegating Rights to Signaling Proxy

• MR may delegate the signaling rights to a trusted
  signaling proxy.

Internet
Signaling proxy
Delegation
AR
MR
Authorization
MN
11
Optimizing MR-to-CNs Signaling

• The signaling proxy sends BUs on behalf of the
  MNs to CNs.

CN
CN
RS
Signaling proxy
BU signaling from Sig. Proxy
Single BU from MR
Internet
AR
AR
CoA2
CoA1
MR
MR
MN
MN
12
Reach-ability Test

• The peer nodes must verify that the MN is in the
  MRs location where the signaling proxy claims
  the MN to be.

CN
CN
RS
Signaling proxy
Challenge-Response
Internet
AR
AR
CoA2
CoA1
MR
MR
MN
MN
13
Optimizing CNs-to-MR Signaling

• The signaling proxy may hide the regional
  mobility, acting as an on-the-path Mobility
  Anchor Point (MAP).

CN
CN
RS
Internet
Signaling proxy MAP
MAP Domain
Single BU from MR
AR
AR
MR
MR
MN
MN
14
Many Roles of a Mobile Router

• Access router (AR)
• HI multiplexed locator translation device
• Mobility Anchor Point (MAP)
• Mobility signaling proxy

15
Conclusions

• The solution is based on the HIP and signaling
  rights delegation between public-key based HIs.
• Optimized over-the-air mobility signaling inside
  a mobile network, and between the mobile network
  and the Internet.
• Optimized routing between MNs and peer nodes.

16

• Thank You!
• Questions, comments?