Mobile IP: Security Issues - PowerPoint PPT Presentation

1 / 88
About This Presentation
Title:

Mobile IP: Security Issues

Description:

Makes two hosts communicate despite their hardware differences. ... o A response message contains the both, the IP address and the hardware address. ... – PowerPoint PPT presentation

Number of Views:151
Avg rating:3.0/5.0
Slides: 89
Provided by: anto88
Category:

less

Transcript and Presenter's Notes

Title: Mobile IP: Security Issues


1
Mobile IP Security Issues
2
Current State of Mobile Computing
  • Mobile computers are one of the fastest growing
    segments of the PC market
  • Short-range wireless networks (Bluetooth)
    available from IBM, Toshiba, Dell, HP
  • High-speed (11 Mbps) wireless LAN products are
    now easily and cheaply available (IEEE 802.11a,
    IEEE 802.11b)
  • Low speed (currently 128 Kbps) Metropolitan Area
    Wireless Network services are available in some
    cities and spreading (Metricoms Ricochet)

3
Mobile Computers Characteristics
  • May change point of network connection frequently
  • May be in use as point of network connection
    changes
  • Usually have less powerful CPU, less memory and
    disk space
  • Less secure physically
  • Limited battery power

4
Wireless Networks Characteristics
  • Generally lower bandwidth
  • Higher latency and variability
  • Higher error rate
  • More susceptible to interference and eavesdropping

5
Outline of the Lectures
  • Part 0 TCP/IP Primer
  • Part 1 The Need for Mobile IP
  • Part 2 Mobile IP Overview (for IPv4)
  • Part 3 Security Issues
  • A Simple Mobile IP Application (Private Network
    without Internet connection)
  • A More Complicated Application Internet-Wide
    Mobility

6
Part 0 TCP/IP Primer
  • A protocol suite widely used for internetworking
    (in the Internet).
  • Has made possible communication over a global
    Internet.
  • Makes two hosts communicate despite their
    hardware differences.
  • Both hosts and routers need to run TCP/IP
    protocol software.

7
Part 0 TCP/IP
  • Internetworking to provide seamless
    communications.
  • IP Addressing
  • -Each host is assigned a 32 bit unique address.
  • -A packet contains the address of source and
    destination.
  • IP Address Hierarchy
  • -32 bit address divided into two parts
  • -- A prefix and a suffix (two level
    hierarchy).

8
The IP Address Hierarchy.
  • The prefix identifies the physical network.
  • The suffix identifies the individual computer.
  • Such addressing scheme is tremendous help in
    routing.
  • Dotted Decimal Notation
  • -Treats each octet as an unsigned integer.
  • Example 128.55.0.23

9
IP Addressing
  • Routers are also assigned IP addresses.
  • A router may have multiple addresses.

10
IP Addressing
  • Address Resolution Protocol (ARP)
  • (mapping from an abstract address to physical
    location.)
  • o A request message contains the IP address.
  • o A response message contains the both, the IP
    address and the hardware address.
  • O A request message is broadcast, but response
    messages are directed.
  • -Responses are cached (used later).

11
IP Data (Packet) Forwarding
  • TCP/IP supports both connectionless and
    connection-oriented services.
  • Fundamental mode connectionless.
  • -Each packet travels independently.
  • (Reliable connection-oriented service uses the
    underlying connectionless service.)
  • -Packets called IP datagrams.
  • -An IP datagram contains header and data.
  • -Header contains source and dest. IP addresses.
    (data variable 1 to 64K bytes).

12
IP Datagram Forwarding
  • Router keeps routing information in a routing
    table.
  • When it receives a datagram,
  • -extracts dest. Address from the header.
  • -uses the routing table and dest address
  • to determine the outgoing link.
  • O Best effort delivery and does not handle
  • -Datagram loss, corruption of data,
  • datagram duplication, out-of-order del.

13
IP Encapsulation
  • An IP datagram may have to traverse a network
    that does not understand the format.
  • Encapsulation a solution.
  • -A datagram is encapsulated in a frame.
  • (datagram is placed in the data area of frame.)
  • -Dest. Address of the frame is where the
    datagram should go next.
  • -A datagram may be encapsulated many times during
    its transmission.

14
MTU/Fragmentation/Reassembly
  • MTU (Maximum transmission unit)
  • -Each subnet has a maximum limit on the payload
    of a datagram. (No exceptions).
  • Over the Internet, a datagram may have to
    traverse several subnets with their MTUs.
  • What if the datagram size is larger than the
  • Payload allowed in a subnet to be traversed?

15
MTU/Fragmentation/Reassembly
  • Fragmentation is a solution
  • -The router divides the datagram into smaller
  • pieces called fragments.
  • -Each fragment uses IP datagram format.
  • -Fragments are independently transmitted.
  • Reassembly
  • Creation of original datagram
    from the fragments.

16
IPv6 (The next IP)
  • Drawbacks of the IPv4
  • -Limited address space (IP address 32 bits).
  • -New Internet applications audio, video, etc.
  • -Group collaborations group communication.
  • -IPv6 retains many of the IPv4 features.
  • o IPv6 is also connectionless.
  • o Each datagram carries dest. Address.
  • o Each datagram is routed independently

17
IPv6
  • What is new
  • -Uses a larger address.
  • -Uses an entirely new data header format.
  • -IPv6 header is variable size.
  • New Features
  • 1. Address size IPv6 address contains 128 bits.
  • 2. Header format completely different format.

18
IPv6
  • -Extension headers
  • Base header several optional extn. headers.
  • -Support for Audio and Video
  • Allows sender-receiver to establish a
    high-speed path through the underlying N/Ws.
  • -Extensible protocols
  • .Does not specify all protocol features.
  • .New features can be added as needed.

19
IPv6 Addressing
  • Like IPv4, IPv6 assigns a unique address to each
    connection between a router and N/W.
  • Three types of addressing is allowed
  • -Unicast
  • -Multicast
  • -Anycast (delivered to the nearest computer
  • in the domain or N/W).
  • //does not include broadcasting//

20
Part 1 The Need for Mobile IP
  • Problems
  • Terminology
  • What Happens When a Node Changes Link?
  • Cant We Solve This Problem with Host- Specific
    Routes?
  • Why Not Just Change the Nodes IP Address?
  • Cant We Just Solve the Problem at the Link
    Layer?
  • What If We Only Need Nomadicity?

21
Mobile IP solves the following problems
  • What if a node moves from one link to another
    without changing its IP address? (It will be
    unable to receive packets at the new link.)
  • What if a node changes its IP address when it
    moves? (It will have to terminate and restart any
    ongoing communications each time it moves.)
  • Mobile IP solves these problems in secure,
    robust, and medium-independent manner whose
    scaling properties make it applicable throughout
    the entire Internet.

22
The Need for Mobile IP
  • Terminology
  • A home link is the link on which a specific node
    should be located that is the link, which has
    been assigned the same network-prefix as the
    nodes IP address
  • A foreign link is any link other than a nodes
    home link that is, any link whose
    network-prefix differs from that of the nodes IP
    address
  • Host-specific route is a routing-table with
    Prefix-Length of 32 bits, it will provide a match
    for exactly one IP Destination Address namely,
    the address specified in the Target field
  • Mobility is the ability of a node to change its
    point of attachment from one link to another
    while maintaining all existing communications and
    using the same IP address at its new link

23
What Happens When a Node Changes Link?
24
Cant We Solve the Mobility Problem with
Host-Specific Routes?
  • How Might Host-Specific Routes Solve the Problem?
  • If it Solves the Problem, Is This Solution a Good
    One?

25
Is This Solution a Good One?
  • How Many Mobile Nodes We Can Expect?
  • How Many Routes Are Required for Each Mobile
    Node?
  • How Fast Will a Node Change Links?
  • Is This Solution Robust?
  • Is It Secure?

26
ConclusionHost Specific Routes is an Unworkable
Solution to Node Mobility in the Internet
  • Minimally, host-specific routes must be
    propagated to all nodes along the path between a
    mobile nodes home link and its foreign link
  • Some (in the worst case all) of these routes must
    be updated every time the node moves from one
    link to another
  • We expect millions of nodes to be operating

27
Host-Specific routing has severe scaling,
robustness, and security problems
  • Unless host-specific routes are propagated to a
    much larger set of routers than minimal set
    described in the first item above, the Internet
    mobility to route around isolated node and link
    failures is negated by host-specific routing.
  • Serious security implications would require
    authentication and a complicated key management
    protocol.

28
Why Not Just Change the Nodes IP Address?
  • Can Connections Survive a Changing IP Address?
  • No, because all open TCP connections will be
    terminated
  • How Do We Find a Node Whose IP Address Keeps
    Changing?
  • Only if a mobile node itself initiates
    communication, a huge overhead to keep entries in
    DNS updated, address returned by a name server is
    subject to change at any moment
  • Cant we just solve the problem at the Link
    Layer? (Cellular Digital Packet Data - CDPD
    (11Kbps), IEEE 802.11)
  • Provides node mobility only in the context of a
    single type of medium and within a limited
    geographic area

29
What If We Only Need Nomadicity?
  • A nomadic node is one which must terminate all
    existing communications before changing its
    point-of-attachment, but then can initiate new
    connections with a new IP address once it reaches
    its new location.
  • If all communications are initiated by the user
    of a mobile node, and the user does not mind
    shutting down his applications and restarting
    then at a new location, then nomadicity is indeed
    sufficient

30
Why Mobility Is Preferable to Nomadicity?
  • In the future Servers and not just Clients might
    need to become mobile (Clients know their Servers
    only by their IP addresses)
  • Some license application vendors provide
    network-licensing systems which restrict access
    to only those nodes possessing specific ranges of
    IP addresses
  • Some security mechanisms provide access
    privileges to nodes based upon their IP
    addresses. Mobile nodes employing Mobile IP allow
    such mechanisms to work in the presence of node
    mobility
  • Limited availability of IPv4 addresses, need for
    specific address assignment mechanisms

31
Summary
  • A node that changes from one link to another is
    incapable of communicating at the new location
    unless it changes its IP address
  • Host-specific routing is not workable solution in
    the context of the global Internet
  • Changing a nodes IP address is undesirable
  • The difference between mobile and nomadic
    computing (impossible for other node to know at
    what address a nomadic computer can be reached at
    any given moment)

32
Summary (cont.)
  • All link-layer solutions share limitations in
    their geographic applicability and the media over
    which they can run.
  • Even in those instances where a node requires
    only nomadicity, the more subtle advantages
    offered by Mobile IP mobility can make network
    administration much easier.

33
Part 2 Mobile IP Overview (for IPv4)
  • Is Mobile IP an Official Standard?
  • What Is the Scope of the Mobile IP Solution?
  • What Are the Requirements for Mobile IP?
  • What Assumption Does Mobile IP Make?
  • Where Does Mobile IP Reside?
  • Generally How Does Mobile IP Works?
  • Summary

34
Is Mobile IP an Official Standard?
  • Mobile IP was approved by the Internet
    Engineering Steering Group (IESG) in June 1996
    and published as a Proposed Standard in November
    1996.
  • Main reference document Request for Comments
    (RFC) 2002
  • There are other RFCs defining specific aspects of
    Mobile IP, such as tunneling, applicability,
    Management Information Base

35
What Is the Scope of the Mobile IP Solution?
  • Mobile IP is a network-layer solution to node
    mobility in the Internet
  • It accomplishes its task by setting up the
    routing tables in appropriate nodes, such that IP
    packets can be sent to mobile nodes not connected
    to their home link
  • Can be considered to be a routing protocol, which
    has a very specialized purpose of allowing IP
    packets to be routed to mobile nodes which could
    potentially change their location very rapidly.
  • Mobile IP is unique in its ability to accommodate
    heterogeneous mobility in addition to homogeneous
    mobility.
  • Solves the primary problem of routing IP packets
    to mobile nodes, which is a first step in
    providing mobility on the Internet. A complete
    mobility solution would involve enhancements to
    other layers of the protocol stack.

36
What Are the Requirements for Mobile IP?
  • A mobile node must be able to communicate with
    other nodes after changing its link-layer
    point-of-attachment to the Internet
  • Must be able to communicate using its home
    (permanent) IP address, regardless of its current
    link-layer point-of-attachment to the Internet
  • Must be able to communicate with other computers
    that do not implement the Mobile IP mobility
    functions
  • The Mobile IP implementation should be limited
    only to the mobile nodes themselves and the few
    nodes which provide special routing functions on
    their behalf
  • Must not be exposed to any new security threats
    over and above those to which any fixed node on
    the Internet is exposed

37
What Assumption Does Mobile IP Make?
  • Mobile IPs fundamental assumption is that
    unicast packets those destined to a single
    recipient are routed without regard to their IP
    Source Address.
  • We will see how that assumption, though
    theoretically valid, might not be operationally
    valid under certain circumstances (Denial-of
    Service)

38
Where Does Mobile IP Reside?
  • There are 3 functional entities where it is
    implemented
  • Mobile Node a node which can change its
    point-of-attachment to the Internet from one link
    to another while maintaining any ongoing
    communications and using its (permanent) IP home
    address
  • Home Agent router with an interface on the
    mobile nodes home link, which
  • Is informed by the mobile node about its current
    location, represented by its care-of-address
  • In some cases, advertises reachability to the
    network-prefix of the mobile nodes home address,
    thereby attracting IP packets that are destined
    to the mobile nodes home address
  • Intercepts packets destined to the mobile nodes
    home address and tunnels them to the mobile
    nodes current location, i.e. to the
    care-of-address

39
Where Does Mobile IP Reside?
  • Foreign Agent a router on a mobile nodes
    foreign link which
  • Assists the mobile node in informing its home
    agent of its current care-of address
  • In some cases, provides a care-of address and
    de-tunnels packets for the mobile node that have
    been tunneled by its home agent
  • Serves as default router for packets generated by
    the mobile node while connected to this foreign
    link

40
Mobile IP Entities and Relationships
41
IP Tunneling
  • A tunnel is a path followed by a fist packet
    while it is encapsulated within the payload
    portion of a second packet

42
Properties of Care-of Address
  • A care-of address is an IP address associated
    with mobile node that is visiting a foreign link
  • A care-of address is specific to the foreign link
    currently being visited by a mobile node
  • Generally changes every time the mobile node
    moves from one foreign link to another
  • No Mobile IP-specific procedures are needed in
    order to deliver packets to a care-of address
  • Is used as the exit-point of a tunnel from the
    home agent toward the mobile node

43
Two Conceptual Types of Care-of Addresses
  • A foreign agent care-of address is an IP address
    of a foreign agent which has an interface on the
    foreign link being visited by a mobile node. Can
    be shared by many mobile nodes simultaneously
  • A collocated care-of address is an IP address
    temporarily assigned to an interface of the
    mobile node itself. The network-prefix of a
    collocated care-of address must equal the
    network-prefix that has been assigned to the
    foreign link being visited by a mobile node. This
    type of c/o address might be used by mobile node
    in situations where no foreign agents are
    available on a foreign link. A collocated c/o
    address can be used by only one mobile node at a
    time

44
(No Transcript)
45
Generally How Does Mobile IP Works?
  • Home Agents and Foreign Agents advertise their
    presence on any attached links by periodically
    multicasting or broadcasting special Mobile IP
    messages called Agent Advertisements
  • Mobile Nodes listen to these Agent Advertisements
    and examine their contents to determine whether
    they are connected to their home link or a
    foreign link
  • A Mobile Node connected to a foreign link
    acquires a care-of address. A foreign agent
    care-of address can be read from one of the
    fields within the foreign agents Agent
    Advertisement.

46
How Does Mobile IP Works (cont.)?
  • The mobile IP Registers the care-of address
    acquired previously with its home agent, using a
    message-exchange defined by Mobile IP. It asks
    for service from a Foreign Agent, if one is
    present on the link. In order to prevent
    Denial-of-Service attacks, the registration
    messages are required to be authenticated
  • The Home Agent or some other router on the home
    link advertises reachability to the
    network-prefix of the Mobile Nodes home address,
    thus attracting packets that are destined to the
    Mobile Nodes home address. The Home Agent
    intercepts these packets, and tunnels them to the
    care-of address that the mobile node registered
    previously
  • At the care-of address at either the Foreign
    Agent or one of the interfaces of the mobile node
    itself the original packet is extracted from
    the tunnel and then delivered to the Mobile Node
  • In the reverse direction, packets sent by the
    Mobile Node are routed directly to their
    destination, without any need for tunneling. The
    Foreign Agent serves as a default router for all
    packets generated by visiting node

47
Mobile IP Summary
  • Allows node mobility across media of similar or
    dissimilar types
  • Uses the Mobile Nodes permanent home address
    when it changes its point of attachment to the
    Internet
  • Not requires any hardware and software upgrades
    to the existing, installed base of IPv4 hosts and
    routers other than those nodes specifically
    involved in the provision of mobility services
  • Mobile Node must provide strong authentication
    when it informs its Home Agent of its current
    location
  • Uses tunneling to deliver packets that are
    destined to the Mobile Nodes home address
  • 3 main entities Mobile Nodes, Foreign Agents and
    Home Agents
  • 3 basic functions Agent Discovery, Registration,
    Packet Routing

48
Part 3a. Security Issues Simple Mobile IP
Application (Intranet without connection to the
Internet)
  • How is Mobile IP deployed?
  • Insider Attack
  • Mobile Node Denial-of-Service
  • Replay Attacks
  • Theft of Information Passive Eavesdropping
  • Theft of Information Session-Stealing (Takeover)
    Attack
  • Other Active Attacks

49
How is Mobile IP Deployed?
  • All hosts are wholly owned by the enterprise
  • Each router performs both home agent and foreign
    agent functionality

50
Insider Attacks
  • Usually involve a disgruntled employee gaining
    access to sensitive data and then forwarding it
    to a competitor
  • Enforce strict control who can access what data
  • Use strong authentication of users and computers
  • Encrypt all data transfer on an end-to-end basis
    between the ultimate source and ultimate
    destination machines to prevent eavesdropping

51
Mobile Node Denial-of-Service
  • A Bad guy sends a tremendous number of packets to
    a host (e.g., a Web server) that brings the host
    CPU to its knees. In the meantime, no useful
    information can be exchanged with the host while
    it is processing all of nuisance packets
  • A Bad Guy somehow interferes with the packets
    that are flowing between two nodes on the
    network. Generally speaking, the Bad Guy must be
    on the path between the two nodes on order to
    wreak any such havoc

52
Denial-of-Service Attack
  • A Bad Guy generates a bogus Registration Request
    specifying his own IP address as the care-of
    address for a mobile node. All packets sent by
    correspondent nodes would be tunneled by the
    nodes home agent to the Bad Guy

53
How Does Mobile IP Prevents this
Denial-of-Service Attack?
  • Note In case of mobility a Bad Guy could attack
    from anywhere in the network, it does not have to
    be on the way.
  • Solution to require cryptographically strong
    authentication in all registration messages
    exchanged by a mobile node and its home agent.
  • Mobile IP by default supports MD5 Message-Digest
    Algorithm (RFC 1321) that provides secret-key
    authentication and integrity checking

54
Authentication of Registration Messages via Keyed
MD5
  • A mobile node generates a Registration Request,
    consisting of the fixed length portion and the
    Mobile-Home Authentication Extension, it fills in
    all the fields of the request and extension
    except for the Authenticator field. Then it
    computes 16-byte MD5 message digest over the
    shared secret key, the fixed length portion, all
    extensions without Authenticator field, and the
    shared secret key again. The Mobile IP
    authentication extensions provide both
    authentication and integrity checking

55
Replay Attacks
  • A Bad Guy could obtain a copy of a valid
    Registration Request, store it, and then replay
    it at a later time, thereby registering a bogus
    care-of address for the mobile node
  • To prevent that the Identification field is
    generated is a such a way as to allow the home
    agent to determine what the next value should be
  • In this way, the Bad Guy is thwarted because the
    Identification field in his stored Registration
    Request will be recognized as being out of date
    by the home agent (timestamps or nonces are used
    for Identification field)

56
Summary
  • Mobile IP registration has has built-in
    prevention of denial-of-service attacks.
    Specifically, it is impossible for a Bad Guy to
    lie to a mobile nodes home agent about that
    mobile nodes current care-of address, because
    all registration messages provide authentication
    of the messages source, integrity checking and
    replay protection

57
Theft of Information Passive Eavesdropping
  • Assumption unauthorized persons will inevitably
    gain wired or wireless access to the network
    infrastructure
  • Use of Link-Layer Encryption
  • We also assume that key management for the
    encryption is performed without disclosing the
    keys to any unauthorized parties
  • Use of End-to-End Encryption (SSH, SSL)

58
End-to-End Encryption vs. Link Encryption
  • The Encapsulating Security Payload (RFC 1827) can
    provide end-to-end encryption to other
    application programs not supporting it themselves

59
Theft of Information Session-Stealing (Takeover)
Attack
  • A Bad Guy waits for a legitimate node to
    authenticate itself and start an application
    session
  • Then it takes over the session by impersonating
    the identity of the legitimate node
  • Usually he must send a tremendous number of
    nuisance packets to the legitimate node in order
    to prevent it from realizing that its session was
    hijacked

60
Session-Stealing on the Foreign Link
  • The Bad Guy waits for a mobile node to register
    with its home agent
  • The Bad Guy eavesdrops to see if the mobile node
    has any interesting conversation taking place
    (remote login session to another host, connection
    to the electronic mailbox)
  • The Bad Guy floods the mobile node with nuisance
    packets
  • The Bad Guy steals the session by sending the
    packets that appear to have come from the mobile
    node and by intercepting packets destined to the
    mobile node

61
Session-Stealing Prevention
  • Same method as in the case of Passive
    Eavesdropping
  • minimally link-layer encryption between the
    mobile node and the foreign agent
    (session-stealing on the foreign link)
  • With the preference of end-to-end encryption
    between the mobile node and its corresponding
    node (elsewhere)
  • Note a good encryption scheme provides a method
    by which a decrypting node can determine whether
    the recovered plaintext is gibberish or whether
    it is legitimate (integrity checking)

62
Other Active Attacks
  • The Bad Guy connects to the network jack, figures
    out he IP address to use, and tries to break to
    the other hosts on the network
  • He figures out the network-prefix that has been
    assigned to the link on which the network jacks
    connected
  • The Bad Guy guesses a host number to use, which
    combined with the network-prefix gives him an IP
    address to use on the current link
  • The Bad Guy proceeds to try to break into the
    hosts on the network guessing user-name/password
    pairs

63
Protection against such attacks
  • All publicly accessible network jacks must
    connect to foreign agent that demands any nodes
    on the link to be registered (authenticated).
  • Remove all non-mobile nodes from the link and
    require all legitimate mobile nodes to use
    (minimally) link-layer encryption

64
Summary Intranet Model Security
  • We described a simple deployment of Mobile IP on
    individual corporate campus (intranet)
  • All of the routers were upgraded to be both home
    agents and foreign agents, all reasonably
    portable host were upgraded to mobile hosts
  • Home addresses were assigned according to the
    users department
  • Mobile IP authentication Keys were configured
    between the mobile nodes and their respective
    home agents
  • Assumed the existence of physical security flaws
  • Used link encryption over the foreign link to
    minimally protect the internal data, but
    generally preferred end-to-end encryption
  • Considered Denial-of Service attack in which a
    Bad Guy lie to a mobile nodes home agent about
    mobile nodes current care-of address
  • Showed how a combination of the Mobile-Home
    Authentication Extension and Identification field
    are designed to provide Authentication, Integrity
    Checking, and Replay Protection for all
    Registration Requests and Replies

65
Part 3b. Internet-Wide Mobility A more
Complicated Application
  • This Mobil IP application allows a user to move
    anywhere throughout the entire Internet without
    exposing his private network to additional
    security threats
  • We will consider the problem of mobile nodes
    getting packets past the firewall when they are
    outside of the private network boundary (the
    subject of active research in Mobile IP Working
    Group of Internet Engineering Task Force)

66
Model for This Application
67
The Requirements
  • There must be a firewall between the corporate
    network and the global Internet
  • Authorized mobile nodes belonging to employees of
    the corporation must not suffer any loss of
    connectivity to resources inside the firewall,
    even when connected to a foreign link outside the
    firewall
  • The corporate network must not be exposed to any
    new security threats over and above those that
    face any network connected to the Internet
    (through a firewall)
  • A visitor must be able to communicate with the
    global Internet (and presumably his own private
    network) from public areas such as conference
    rooms, training facilities, etc.

68
Threats That Are the Same As Before
  • Threats from insiders (restrict access to info)
  • Denial-of-service attacks (use of strong
    authentication)
  • Passive eavesdropping and active takeover attacks
    (encryption)
  • Physical Intrusion to the restricted portion of
    the campus (control of physical access)

69
Firewalls
  • 3 basic types of firewalls packet-filtering
    routers, application-layer relays, and secure
    tunnelers

70
Packet-Filtering Router as Firewall
71
Example of Access Control List (ACL)
  • Forward all packets belonging to connections
    initiated by internal machines
  • Forward all packets belonging to email
    connections initiated by outside machines
  • Forward all DNS messages
  • Discard all other packets

72
Advantages of Packet-Filtering Routers
  • Fast (simple processing involving examining of IP
    Source and Destination Address fields, and TCP
    and UDP header fields)
  • Independent of applications
  • Inexpensive to upgrade

73
Problems
  • Difficult to configure correctly
  • Obscure syntax of ACLs (usually there is no GUI)
  • Any mistake leaves the private network
    vulnerable to security attacks
  • No reliable way to check ACLs correctness
  • IP addresses of the machines in the private
    network are visible to the public network
  • Little or no disk space to log a suspicious
    activity
  • Do not support users authentication before being
    allowed to communicate outside the firewall

74
Application-Layer Relays
  • The two routers are configured with ACLs which
    allow packets only to and from the relay host

75
Advantages
  • Ability to enforce more sophisticated security
    policies since they understand not only packet
    headers, but also the applications themselves
  • Auditing and logging capabilities
  • Authentication support

76
Disadvantages
  • Slow and visible to end users (might have many
    TCP connections open at the same time)
  • Some applications might not be supported by
    firewall possibly because it does not work
    symmetrically in both directions

77
Secure Tunnelers (picture)
78
Secure Tunnelers
  • If the packet is tunneled to the firewall and has
    valid authentication (and usually encryption), it
    is de-tunneled and routed transparently to the
    destination node within the private network
  • Otherwise, the packet is submitted to
    application-layer relay and is processed
    accordingly

79
Virtual Private Network (VPN)
80
Host1 sends a packet to Host2 (see the previous
picture)
  • Host1 builds an IP packet its own IP address as
    the Source Address and Host2s IP address as the
    Destination Address
  • The packet is ultimately forwarded to the
    firewall on the left
  • The firewall prepends an IP Encapsulating
    Security Payload header to the original IP packet
    and encrypts the original IP header and payload
    (the encryption algorithm provides authentication
    and integrity checking as well)
  • The firewall places the resultant Encapsulating
    Security Payload header plus encrypted original
    packet within the payload portion of a new IP
    packet. The new IP packet has a Source Address of
    the leftmost firewall and a Destination Address
    of the rightmost firewall
  • The new packet is transmitted over the Internet,
    where it is ultimately received by the firewall
    on the right

81
Host1 sends a packet to Host2 (cont.)
  • The firewall consumes the outermost IP packet
    header and examines the IP Encapsulating Security
    Payload header. The Security Parameters Index
    field within that header informs the firewall how
    to process the received cipher-text. The firewall
    proceeds to decrypt and verify the authentication
    and integrity of the packet
  • If the packet is authentic, the firewall removes
    the IP Encapsulating Security Payload header to
    recover the original IP packet
  • The firewall forwards the packet, which is
    ultimately delivered to Host2 via conventional
    routing

82
How do we protect a Mobile Node That Is Outside
the Firewall?
  • Mobile Node as a Special Case of Virtual Private
    Networks (VPN)
  • The firewall is a software module running on
    the mobile node

83
Requirements for Secure Firewall Traversal in
Mobile IP
  • Must protect the mobile node and the private
    network from passive eavesdropping and active
    takeover attack
  • Must work for organizations that have private
    addresses (that are not advertised to the rest of
    the Internet) on their networks
  • Must not require the firewall to implement or
    understand Mobile IP
  • Must resolve the problem of the mobile node
    Registration through the firewall
  • Must work in presence of internal private network
    firewalls

84
Firewall Traversal Using VPN Questions to Answer
  • How does a mobile node establish the
    authenticated and/or encrypted tunnel to the
    firewall?
  • Does the mobile node establish this tunnel before
    or after it registers with its home agent?
  • Is the mobile nodes home agent inside or outside
    the firewall?
  • How do we establish keys between the mobile node
    and its firewall?
  • How do the mobile node and the firewall agree on
    a set of encryption and/or authentication
    algorithms to use?
  • How does the mobile node know whether it is
    inside or outside the firewall?

85
Conclusions
  • Firewall Traversal is a work in progress in the
    Mobile IP community
  • It usually implements the IP Authentication
    Header, IP Encapsulation Security Payload and
    ISAKMP/Oakley for key management
  • The general solution can be formulated as
    establishing an encrypted and authenticated
    tunnel between the mobile node and the firewall

86
Summary
  • We described a more complicated deployment of
    Mobile IP on individual corporate campus that was
    characterized by placing all publicly accessible
    network jacks outside of the corporations
    firewall
  • We also sketched in general a solution for
    firewall traversal using Virtual Private Networks

87
Model for Commercial, Mobile IP service
88
References
  • James D. Solomon, Mobile IP The Internet
    Unplugged, Prentice Hall, 1998.
  • David B. Johnson. Mobile IP in the Current and
    Future Internet, Tutorial for MobiCom 2000.
  • Charles Perkins, Mobile Networking with Mobile
    IP, IEEE Internet Computing, 2(1)58-69,
    January/February 1998.
Write a Comment
User Comments (0)
About PowerShow.com