On the Security of the Mobile IP Protocol Family

1
On the Security of the Mobile IP Protocol Family

• Ulrike Meyer and Hannes Tschofenig
• Nokia Siemens Networks
• Georgios Karagiannis
• University of Twente

2
Overview

• The Mobile IP protocol family
• Security Challenges of the MIP protocol family
• Security solutions standardized by the IETF
• Mobile IPv6 and Proxy Mobile IPv6
• Applications of MIP and MIP security solutions
• in 3GPP and WiMAX
• Open Problems
• Conclusion

3
MIP Protocol Family

• Mobile IPv4 (RFC 3344), Mobile IPv6 (RFC 3775)
• Enable MN to keep IP address although moving to
  new subnet
• Proxy Mobile IP (PMIP, draft)
• Enables network node to do mobility signalling on
  behalf of mobile nodes that do not support MIP
• Dual Stack Mobile IP (DSMIP, draft)
• Supports MIPv4 and MIPv6 collocated/home
  addresses within one protocol
• Hierarchical Mobile IP (HMIP, RFC 4140)
• Hierarchy of home agents to optimize routing in
  local mobility
• Fast Handovers for Mobile IP (FMIP, RFC 4068)
• Enables fast handover by preparing before movement

4
Network architecture for MIPv4, MIPv6, and DSMIP
Correspondent Node (CN)
Network of Correspondent Node
Foreign AAA Server
Home AAA Server
Visited Network
Home Network
Home Agent (HA)
Mobile Node (MN)

• Mobility signaling between MN and HA for
• binding updates (BU) binds home IP address to
  care of address (CoA)
• binding acknowledgements (BA) acknowledges
  binding
• Data traffic between CN and MN (via HA)

5
Network architecture for HMIP
Correspondent Node (CN)
Foreign AAA Server
Network of Correspondent Node
Visited Network
Mobility Anchor Point (MAP)
Home AAA Server
Foreign AAA Server
Home Network
Visited Network
Home Agent (HA)
Mobile Node (MN)

• Mobility signaling between MN, MAP and HA for
  BUs/BAs
• Data traffic between CN and MN (via HA and MAP)

6
Network architecture for PMIP
Correspondent Node
Network of Correspondent Node
Foreign AAA Server
Home AAA Server
Visited Network
Home Network
Home Agent (Local Mobility Anchor)
Mobile Node
Proxy MIP Client (Mobile Access Gateway)

• Mobility signaling between PMIP Client and HA
• Proxy MIP Client binds home address of MN to care
  of address with BUs
• Home agent (LMA) acknowledges binding with BAs
• Data traffic between CN and MN

7
Main Security Challenges

• Establishment of security associations (SAs)
  between mobility signaling end points
• Integrity and replay protection of mobility
  signaling

8
Security solutions for MIPv6 standardized in IETF

• IPsec / IKEv2 (Internet Key Exchange v2) RFC 4877
• Part of base MIPv6 RFC 3775
• IPsec for Integrity and replay protection
• IKEv2 with EAP (Extensible Authentication
  Protocol) for authentication used for SA
  establishment between MN and HA,
• home AAA server acts as EAP authentication server
• Authentication protocol RFC 4285
• Message authentication code on BUs/BAs for
  integrity protection
• Sequence numbers / Time stamps for replay
  protection
• MN-HA security association established during
  first binding update
• with the help of a security association between
  MN and HAAA
• draft-devarapalli-mip6-authprotocol-bootstrap-03.t
  xt
• MN-HAAA SA static or established during network
  authentication
• out of scope

9
Security Solutions for PMIPv6

• Base PMIPv6 draft (draft-ietf-netlmm-proxymip6)
• IPsec for integrity and reply protection between
  PMIP client MAG and PMIP home agent LMA
• same IPsec SAs used for all mobile nodes in base
  PMIP draft
• IKEv2 to set up SAs between MAG and LMA
• only one pair of SAs need to be setup
• Requires MAG to be trusted
• send only BUs for MNs that are present

10
Application of MIP in the EPS/E-UTRAN context

• MIP protocols used
• for mobility between E-UTRAN and non 3GPP
  networks
• not for mobility within E-UTRAN or mobility with
  3GPP networks
• Evolved Packet System of 3GPP will support
• MIPv4 in FA (Foreign Agent) mode
• DSMIPv6
• Proxy MIPv6
• MIPv4 security
• As in base RFC but establishement of MN-AAA key
  currently unsolved
• DSMIPv6
• IPsec/IKEv2 was selected over RFC 4285 recently
• Proxy MIPv6
• Will use NDS (Network Domain Security) for IPsec
  SA establishment
• Open problem compromised MAG problem if non 3GPP
  not trusted

11
Application of MIP in WiMAX

• MIP protocols used for mobility within WiMAX
• MIPv4
• MIPv6
• Proxy MIPv4
• Proxy MIPv6 will be supported in future
• MIPv6 currently secured with RFC 4285
• MN-AAA key established during EAP-based network
  authentication
• MN-AAA key derived from Extended Master Session
  Key
• Use of IPsec/IKEv2 planned as option for MIPv6
• Proxy MIPv6 used with RFC 4285
• Separate key per mobile node used
• MAG-LMA key established during EAP-based network
  authentication

12
Main Open Problems / Work in Progress

• IETF
• Firewall traversal problem (RFC 4487)
• Off-the-shelf firewalls interfere with MIP
  signaling traffic
• MN behind firewall BUs protected with ESP
  blocked, ...
• CN behind firewall problems if route
  optimization is used as state is created based on
  HoA, ...
• HN behind firewall blocking ESP traffic,
  blocking of unsolicited incoming traffic
• Location privacy (RFC 4882)
• CoA reveals location information to CN and
  eavesdroppers
• Eavesdropping on BUs allows for
• identifying the MN by its HoA and observing the
  binding
• tracking of MN on subnet granularity
• 3GPP
• Compromised MAG problem if PMIP used for global
  mobility
• Dynamic establishment of MN-AAA key for MIPv4 in
  3GPP

13
Conclusion

• MIP protocol family matured
• Used more and more in mobile systems
• Security issues still often solved in system
  specific way
• WiMAX as very obvious example
• Goal is often to
• optimize the system as a whole
• leverage security procedures already available
• E.g. WiMAX derives MIP SAs from keys established
  during network authentication

14
Thank You!Questions?