Route Optimization Securtiy Design Protocol 12 12 by tabindah


UBICC, the Ubiquitous Computing and Communication Journal [ISSN 1992-8424], is an international scientific and educational organization dedicated to advancing the arts, sciences, and applications of information technology. With a world-wide membership, UBICC is a leading resource for computing professionals and students working in the various fields of Information Technology, and for interpreting the impact of information technology on society.

More Info
									                                  Mobile IPv6 (MIPv6)
                        Route Optimization Security Design Protocol
 Muhammad Taqi Raza H. M. 1, Syed Rehan Afzal 2, Hamid Mukhtar 3, Seung-wha Yoo 4, Dong-Kyu Kim 5,
                                           Ki-Hyung Kim 6
             Department of Information and Communication Engineering, Ajou University
                                          Republic of Korea
                    {taqi1, rehan2, hamid3, swyoo4, dkkim5, kkim866}

                 Unlike Mobile IPv4, where mobile node communicates with its peer through a
                 longer path, via Home Agent, in Mobile IPv6 a mobile node directly
                 communicates with its peers even though it moves to the new location and
                 changes its IP address, this mechanism is called Route Optimization. In Route
                 Optimization, the mobile node sends the binding message to its peer node, the
                 message contains the new address of the mobile node, called as Care of Address,
                 which confirms that the mobile node is infect moved to the new location from its
                 Home Network. After receiving the binding message, the peer node sends all
                 packets which are destined to the Mobile’s Home Address to the Care of Address.
                 But there are many security risks involved, when a malicious node might be able
                 to establish a connection with the mobile node by sending the false binding
                 messages. By doing so malicious node can divert the traffic, can launch the DOS
                 Attacks and can also Replay the authenticated messages, etc. So considering
                 theses security issues, we have proposed a secure protocol which prevents the
                 attacker to establish false connections and assures the secrecy and integrity of the
                 mobile node and its peers.

                   Keywords: Route Optimization (RO), Mobile Node (MN), Correspondent Node
                   (CN), Home Agent (HA)
                                                          made secure and discussed that how our technique
1 Introduction                                            works against major security threats. Section 5
                                                          compares our approach with the existing techniques
      The Mobile IP is designed on the idea that that     proposed by the other authors. Section 6 concludes
mobility support is provided on the top of existing IP    the paper.
infrastructure, so that modifications are not required
to the routers, the applications or the stationary end    2 Mobile IP Version-6 Mobility
hosts [1]. Keeping this in view, different approaches                 In IPV6 any node can be a mobile or
were proposed from different authors for securing the     stationary node, as we cannot differentiate between
communication between the mobile node and its             mobile and stationary node just looking on the IPV6
home agent and between the mobile node and its            address [3]. Like stationary nodes, a mobile node is
correspondent nodes. In this paper our concern is to      attached to a particular network, known as its home
make the communication secure between the mobile          network. Its IP address on that network, known as its
node and the correspondent. So it is assumed that the     home address, is static. When the mobile node moves
MN and the HA communicates securely over a secure         to another network, its old address is no more valid so
channel. In this regard, we proposed a protocol which     it is assigned a new address, known as care-of-
works against the major security threats. Our goal is     address. The mobile node also informs the home
to make the communication between MN and CN as            agent (which keeps track of all mobile nodes) about
secure as IPV4 today [2].                                 its new care-of-address and home agent registers its
The paper is organized as follows. In Section 2, we       care of address against its home address. When any
first introduce the Mobile IPv6 mobility protocol and     internet node, known as correspondent node, wants to
route optimization protocol. Section 3 describes the      communicate with the mobile node, it sends message
basic security pitfalls in the route optimization         to the home address of the mobile node; where home
protocol. In Section 4, we proposed a new protocol        agent intercept the message and tunnels it to the care-
and showed that how optimization protocol can be          of-address of that mobile node. This solution is secure

       Ubiquitous Computing and Communication Journal
due to tunneling but it leads to longer paths and                     b.   Attacks against Secrecy and
degrades the performance. This tunneling is                                Integrity: By spoofing Binding
sometimes called triangular routing [4].                                   Updates, an attacker could redirect
                                                                           all     packets    between      two
    2.1 Route Optimization Protocol                                        communicating nodes to itself [2].
                                                                           By sending a false BU to
            To enhance the performance, Route                              correspondent node, the attacker
Optimization protocol is used. Route optimization is a                     could get control over the data
technique which enables a mobile node and a                                intended between MN and CN. It
correspondent node to communicate directly,                                means that attacker can hijack the
bypassing the home agent completely [4]. The                               connections opened between mobile
concept of route optimization is that, when the mobile                     and correspondent node. The
node receives the first tunneled message, the mobile                       attacker could also launch man-in-
node informs correspondent node about its new                              the-middle attack by sending
location, i.e. care-of-address, by sending a binding                       spoofed BU to both MN and CN.
update message. The correspondent node stores the                          By doing so all traffic between two
binding between the home address and care-of                               nodes will pass through the attacker.
address into its Binding Cache [5].                                        Hence, the attacker would be able
But this simple technique introduces the security                          to see and modify the packets sent
threats like False Binding Updates, Bombing Attack,                        between MN and CN.
DOS Attack, Reflection and Amplification Attack, etc.
                                                                      c.   Basic Denial-of-Service Attacks: By
3   Security and Threats                                                   launching this attack, the attacker
                                                                           prevents the legitimate node to
    Route optimization protocol makes mobile IPV6                          access the resources of the node
more vulnerable. The attacker can either corrupt                           (victim of attack). This attack might
binding message, by spoofing it, that are destined to                      stop or disrupt communication
the correspondent node or it can change the                                between the nodes [2]. This attack
destination address so that packets to be delivered to                     can be launched on any Internet
the desired address of the attacker. So secrecy and                        node.
integrity of communication is no more valid and can
lead to denial-of-service (DoS) attacks. In this section              d.   Replaying Binding Updates: An
we describe different attacks which are possible in                        attacker may replay the binding
MIPV6. These attacks are described as follow:                              message which is previously
      I. Attacks against Address 'Owners' ("Address                        authenticated by the correspondent.
          Stealing"): In address stealing an attacker                      Hence attacker can direct packets to
          illegitimately claims to be a given node at a                    the mobile node's previous location.
          given address [2] and tries to "steal" traffic
          destined to that address. It is the most           II. Basic Flooding: In this attack, the attacker
          dangerous attack, where traffic reaches to the         redirects heavy data stream, which is
          malicious node instead of reaching to the              intended for MN from CN, to the target
          actual destination. There are different variant        address. This attack is serious in nature
          of this attack;                                        because by doing so target receiving cache is
               a. Basic Address Stealing: If Binding             over flood, which also lead to DoS attacks.
                    Updates were not authenticated at
                    all [2], an attacker can send spoofed    III. Reflection and Amplification: In this attack,
                    binding updates from anywhere in              attacker emphasis is to force node to send
                    the Internet. Any IPv6 address can            more number of packets to the target than
                    be or become mobile and there is no           the attacker sent to the node. Reflection is
                    way of distinguishing a mobile and            particularly dangerous as packets are being
                    stationary host by just looking at its        reflected multiple times. If packets are sent
                    address [6], so potentially any node,         into a looping path, this can halt the target
                    including stationary node, is                 node as well as the sender.

        Ubiquitous Computing and Communication Journal
4    Securing Route Optimization
     We can secure the route optimization by using
PKI with IPSec [6]. But the protocol must work
between any mobile node and any other Internet node
that have no previous relationship, and so we cannot
assume the existence of a global PKI or other global
security infrastructure [6]. Many approaches were
suggested by different authors to make route
optimization secure, which prevents all of the major
threats, which were described above. But those
approaches’ cost in terms of packets, delay and
processing is excessive. Here the goal has been to
propose a complete protocol whose security is close
to that of a static IPv4 based Internet, and whose cost
in terms of packets, delay and processing is not
excessive.                                                           Figure 1 (b): Return-Routability test for the
In our approach we use the idea of public and private                               HA
key, but without PK Infrastructure. The idea is simple,   On receiving first tunneled packet by HA, RO is
CN generates the pair of public and private key, any      initiated in which MN sends BU message to the CN;
other Internet node doesn’t need to verify the public     As BU is not authenticated yet so CN rejects the
key of the CN. Same for HA, which generates the           packet. As shown in Fig. 1 (b), CN sends public key
public and private key pair for all of its connected      in plaintext to the mobile’s home address. The HA
nodes (including MN), and handover each different         intercepts the message and forwards it to the MN via
pair to the particular node, and HA makes the entry       a secure tunnel. The MN then Encrypts its BU with
into its database that which pair of key is assigned to   the public key of CN.
which node. HA acts like a Certification authority                      Request = [EncCN_pub ( BU)]
(CA), for the connected nodes.                            This mechanism is called return-routability test for
To elaborate our idea, we assume that the MN moves        the home address because the mobile node must
to the new location and registers its new care-of-        return to the correspondent (a function of) a value
address with the HA. Any message from CN, which           sent by the correspondent to the home address [6]-[7].
was communicating with MN, is tunneled to the             This way, the correspondent verifies that the mobile is
mobile’s care-of-address by HA (As Shown in Fig.          associated with its home agent and it can receive
1(a)). On receiving the tunneled message, the route       messages at its home address.
optimization protocol is activated; in which MN           This protocol avoids from the Basic Address Stealing,
directly       communicates        to      the     CN.    because the attacker cannot illegitimately claims to be
                                                          a given node at a given address due to the return-
                                                          routability test for the home address, where CN
                                                          verifies that the MN’s original attachment with the
                                                          Home Network. Attacks against Secrecy and Integrity
                                                          is also not possible in a sense that BU is encrypted
                                                          with the public key of CN, thus only CN is able to
                                                          decrypt that message.
                                                          Reflection and Amplification is also not possible due
                                                          to the fact that CN only sends one packet, i.e. public
                                                          key to the HA on receiving one packet, i.e. BU.
                                                          This variant of protocol is sufficient to authenticate
                                                          the sender of the binding update, but the sender can
                                                          send false BU, and can launch the attacks such as
                                                          Basic Denial-of-Service Attacks, Replaying Binding
                                                          Updates and Basic Flooding etc. So some variations
                                                          are required in the above protocol.
Figure 1(a): Mobile IPv6 route optimization

        Ubiquitous Computing and Communication Journal
                                                          can initiate the communication and sends the false
                                                          BU. When CN will send Nonce to verify the target
                                                          position, and then attacker steals the packet and sends
                                                          the same Nonce to the correspondent. The CN will
                                                          verify and start sending traffic to the unwanted node.
                                                          This attack becomes more severe when the attacker
                                                          initiates CN to send the video stream to the target.
                                                          Some readers may say that CN will soon stop
                                                          transmitting the video stream because it does not
                                                          receive acknowledgments from the target node.
                                                          Unfortunately, this does not work much because the
                                                          attacker can spoof the acknowledgments. In this case,
                                                          the attacker initiates the communication and received
                                                          the first packets of the data stream; so it knows the
                                                          initial TCP sequence numbers and can spoof TCP
                                                          acknowledgments. The attacker only needs to send
                                                          one acknowledgment per TCP window, which will
Figure 2(a): Return-Routability test for the CoA          cause CN to send a large data stream to the target. As
                                                          recipient of unwanted TCP packets usually sends a
                                                          TCP Reset signal to the source of the packets, which
                                                          puts in immediate stop to the data stream. So readers
                                                          may say that target can stop the communication by
                                                          sending TCP Reset signal. Unfortunately, this does
                                                          not work as well in our case. The packets sent by CN
                                                          to the target have a routing header that says the
                                                          packets are intended for HA [6]. When the IP layer in
                                                          the target stack processes the routing header, it
                                                          encounters a strange address i.e. home address of the
                                                          target, and drops the packet without ever processing
                                                          the following TCP header. Thus, no TCP Reset will
                                                          ever be sent.
                                                          This problem can be tackled by securing the
                                                          communication between MN and CN while BU is
                                                          being authenticated.
                                                                    Request = [EncCN_pub ( BU + MN_Pub Key)]
Figure 2(b): Secure Authentication                                           EncMN_Pub (Nonce)
                                                                             EncCN_Pub (Nonce)
Now we modify the idea and we say that CN sends a         MN sends its BU message and its public key, both
Nonce to the MN.                                          encrypted by the public key of the CN. CN generates
As shown in Fig. 2 (a), When the CN receives the          the Nonce and sends it by encrypting with the public
packet; it decrypts the packet by its private key and     key of MN, where MN decrypts the message and gets
gets the BU out of the packet. CN then generates a        the Nonce and verifies that desired CN had replied. It
Nonce and sends this Nonce directly to MN, to verify      then sends the same Nonce, encrypted by the public
that whether the MN’s address is same as mentioned        key of CN, to CN. Where CN decrypts the message
in BU. MN will reply to CN by sending the same            and gets back the same Nonce, which it sent to MN.
Nonce. This proves to the CN that the mobile is able      Now CN can now that MN is actually moved to the
to receive messages sent to the new care-of address.      new location and its new location is also verified.
This mechanism is called return-routability (RR) test     Now attacker cannot launch Basic Denial-of-Service
for the care-of address [7]. Now attacker cannot          Attacks and Basic Flooding Attacks because the
launch Replaying Binding Updates Attack, because          communication between MN and CN is secured while
the attacker cannot re-authenticate the BU message,       BU is being authenticated, so attacker cannot send
as    correspondent      will    not    receive     any   spoofed BU, because the destination address in BU is
acknowledgement (Nonce) from MN’s old address, so         authenticated securely. In this way our protocol works
CN will not authenticate the address. Basic Denial-of-    against major threats in the MIPV6.
Service Attacks are still possible because the attacker

        Ubiquitous Computing and Communication Journal
5   Comparison of Two Techniques

     We compared our protocol with the one,
proposed in [6]. Both techniques work against the
attacks, mentioned in Section 3. We compare the
approaches in terms of cost of packets and the delays.
As shown in Fig. 3, MN sends two Init messages to
CN, so that to avoid from the Amplification and
Reflection Attacks; and CN sends two keys K0 and
K1 so that to do return-routability test for the home
and the correspondent address.

                                                            Figure 4(a): Packets’ flow for Fig.3 (a)

    Figure 3: Secure Authentication [6] (balanced
                   message flow)

The Figure 4 compares two techniques in terms of
packets sent by each. Fig. 4(a) shows the number of
packets sent in [6], according to Fig. 3, where 4(b)
shows the number of packets sent in our protocol,
according to Fig. 2(b). Its is shown clearly that total 7
packets are required for authenticating BU in 4(a),
where total of 6 packets are required in 4(b). Hence,
our protocol is better over [6], in terms of packets
                                                            Figure 4(b): Packets’ flow for Fig.2 (b)
communicated for BU authentication.
                                                            When a mobile node is being authenticated from a
                                                            large number of correspondents, then we can see the
                                                            major difference between two protocols. As shown in
                                                            graph 1, when the MN authenticates itself with the
                                                            large number of correspondents, it sends as more
                                                            packets in [6], as the total number of CNs with which
                                                            authentication occurs, than in our protocol. When the
                                                            authentication occurs between the MN and 10 CNs,
                                                            then the MN sends 70 packets in protocol [6],
                                                            whereas it send 60 packets in our protocol (as shown
                                                            in graph 1). So our protocol’s performance become
                                                            significant against the protocol described in [6], when
                                                            MN authenticates itself with greater number of CNs.

        Ubiquitous Computing and Communication Journal
                                       Graph 1: Comparison of Two Techniques

    Authentication time in our protocol is less than to    cryptography without public key infrastructure. At the
    the one proposed in [6]. According to the              end we compared our technique with the famous
    authentication process shown in the Figure 4, for      technique proposed in [6]. Our results show clearly
    authentication, messages travel twice through          that our protocol is better in performance, with less
    home agent in the protocol describe in [6],            delays and the less number of packets sent for
    whereas in our approach the packets pass only          authentication, which proves the efficacy of our
    once through home agent. As we know that home          protocol. We hope that this work will help to secure
    agent tunnels the messages to the new care-of-         other Internet mobility protocols as well.
    address of the MN. So it takes some time to add
    tunneling header and encrypting the message.
    This overhead is appeared twice in [6], but once
    in our protocol. Hence our protocol also reduces
    the delays.

6   Conclusion

     We have described how to make Mobile IPv6
route optimization protocol more secure. While
proposing this protocol, we kept in mind that the
Mobile IPv6 route optimization security design was
never intended to be fully secure. Instead, as we
stated earlier, the goal was to be roughly as secure as
Non Mobile IPv4. We started from describing major
threats faced by Mobile IPV6, and then formulated
our approach against these threats. The ideas
presented in this paper, is based on asymmetric

        Ubiquitous Computing and Communication Journal

[1]    D. Johnson, C. Perkins, J. Arkko, “Mobility
       Support in IPv6”, Internet Draft draft-ietf-
       mobileip-ipv6-22.txt, work in progress, May
       26, 2003

[2]    Pekka Nikander, Jari Arkko, Tuomas Aura,
       Gabriel     Montenegro,    “Mobile      IP
       version 6 (MIPV6) Route Optimization
       Security Design”, in Vehicular Technology
       Conference, 2003. VTC 2003-Fall. 2003
       IEEE 58th, 6-9 Oct. 2003, work in progress,
       pg. 2004- 2008, Vol.3

[3]    S. Zeadally and N. Deepakmavatoor,
       “Mobile IPv6 Support for Highly Mobile
       Hosts”, in Proceedings of IASTED
       International     Conference         on
       Communications Systems and Networks
       (CSN'03), Benalmadena, Spain, September

[4]    P. Nikander, J. Arkko, T. Aura, G.
       Montenegro, E. Nordmark, “Mobile IP
       Version 6 Route Optimization Security
       Design Background”, Network Working
       Group Request for Comments: 4225,
       December 2005

[5]    W. Al-Salihy, Azman Samsudin, and R.
       Sureswaran, “New Approach to Secure
       Mobile IPv6 Signals”, in IASTED, 22 April

[6]    Tuomas Aura. “Mobile IPv6 Security”, in
       10th International Workshop, vol. 2845 of
       LNCS, pg. 215-228, Cambridge, UK, April
       2002. Springer 2003.

[7]    Ved P. Kafle, Eiji Kamioka, Shigeki
       Yamada,       “Extended     Correspondent
       Registration Scheme for Reducing Handover
       Delay in Mobile IPv6”, in 7th International
       Conference on Mobile Data Management
       (MDM'06), May 2006.

       Ubiquitous Computing and Communication Journal

To top