Mobile IP: Security Threats

BY: G. CHANDRASEKHAR & GAURAV SHEKHAR PG-DESD, CDAC, HYDERABAD.

Mobile IP Entities

Mobile Node (MN)

The entity that may change its point of attachment from network to network in the Internet

Detects it has moved and registers with best FA

Assigned a permanent IP called its home address to which other hosts send packets regardless of MNs location

Since this IP doesnt change it can be used by long-lived applications as MNs location changes

Home Agent (HA)

This is router with additional functionality Located on home network of MN Does mobility binding of MNs IP with its COA Forwards packets to appropriate network when MN is away

Does this through encapsulation

Mobile IP Entities

Foreign Agent (FA)

Another router with enhanced functionality If MN is away from HA the it uses an FA to send/receive data to/from HA Advertises itself periodically Forwards MNs registration request Decapsulates messages for delivery to MN Address which identifies MNs current location Sent by FA to HA when MN attaches Usually the IP address of the FA End host to which MN is corresponding (eg. a web server)

Care-of-address (COA)

Correspondent Node (CN)

Mobile IP Support Services

Agent Discovery

HAs and FAs broadcast their presence on each network to which they are attached

Beacon messages via ICMP Router Discovery Protocol (IRDP)

MNs listen for advertisement and then initiate registration When MN is away, it registers its COA with its HA

Registration

Typically through the FA with strongest signal

Registration control messages are sent via UDP to well known port

Encapsulation just like standard IP only with

COA

Decapsulation again, just like standard IP

Mobile IP Operation

A MN listens for agent advertisement and then initiates registration If responding agent is the HA, then mobile IP is not necessary After receiving the registration request from a MN, the HA acknowledges and registration is complete Registration happens as often as MN changes networks HA intercepts all packets destined for MN This is simple unless sending application is on or near the same network as the MN HA masquerades as MN There is a specific lifetime for service before a MN must reregister There is also a de-registration process with HA if an MN returns home

Registration Process

How is Mobile IP Deployed?

All hosts are wholly owned by the enterprise

Each router performs both home agent and foreign agent functionality:

Mobile IP Summary

Allows node mobility across media of similar or dissimilar types Uses the Mobile Nodes permanent home address when it changes its point of attachment to the Internet Not requires any hardware and software upgrades to the existing, installed base of IPv4 hosts and routers other than those nodes specifically involved in the provision of mobility services Mobile Node must provide strong authentication when it informs its Home Agent of its current location Uses tunneling to deliver packets that are destined to the Mobile Nodes home address 3 main entities: Mobile Nodes, Foreign Agents and Home Agents 3 basic functions: Agent Discovery, Registration, Packet Routing

Security Issues:

Insider Attack Mobile Node Denial-of-Service Replay Attacks Theft of Information: Passive Eavesdropping Theft of Information: Session-Stealing (Takeover) Attack Tunnel spoofing

Insider Attacks

Usually involve a disgruntled employee gaining access to sensitive data and then forwarding it to a competitor

Enforce strict control who can access what data Use strong authentication of users and computers Encrypt all data transfer on an end-to-end basis between the ultimate source and ultimate destination machines to prevent eavesdropping

Mobile Node Denial-of-Service

An Attacker sends a tremendous number of packets to a host (e.g., a Web server) that brings the host CPU to its knees. In the meantime, no useful information can be exchanged with the host while it is processing all of nuisance packets An Attacker somehow interferes with the packets that are flowing between two nodes on the network. Generally speaking, the Attacker must be on the path between the two nodes on order to wreak any such havoc

Denial-of-Service Attack

An Attacker generates a bogus Registration Request specifying his own IP address as the care-of address for a mobile node. All packets sent by correspondent nodes would be tunneled by the nodes home agent to the Attacker:

How Does Mobile IP Prevents this Denialof-Service Attack?

Note: In case of mobility an Attacker could attack from anywhere in the network, it does not have to be on the way. Solution: to require cryptographically strong authentication in all registration messages exchanged by a mobile node and its home agent. Mobile IP by default supports MD5 Message-Digest Algorithm (RFC 1321) that provides secret-key authentication and integrity checking

Replay Attacks

An Attacker could obtain a copy of a valid Registration Request, store it, and then replay it at a later time, thereby registering a bogus care-of address for the mobile node To prevent that the Identification field is generated is a such a way as to allow the home agent to determine what the next value should be In this way, the Attacker is thwarted because the Identification field in his stored Registration Request will be recognized as being out of date by the home agent (timestamps or random numbers are used for Identification field)

Theft of Information: Passive Eavesdropping

A passive eavesdropping attack happens when an attacker start to listen to the traffic that is transferred between mobile device and its home agent. Use of Link-Layer Encryption Use of End-to-End Encryption (SSH, SSL)

Session-Stealing on the Foreign Link

The Attacker waits for a mobile node to register with its home agent The Attacker eavesdrops to see if the mobile node has any interesting conversation taking place (remote login session to another host, connection to the electronic mailbox) The Attacker floods the mobile node with nuisance packets The Attacker steals the session by sending the packets that appear to have come from the mobile node and by intercepting packets destined to the mobile node

Session-Stealing Prevention

Same method as in the case of Passive Eavesdropping:

minimally link-layer encryption between the mobile node and the foreign agent (session-stealing on the foreign link) With the preference of end-to-end encryption between the mobile node and its corresponding node (elsewhere) Note: a good encryption scheme provides a method by which a decrypting node can determine whether the recovered plaintext is gibberish or whether it is legitimate (integrity checking)

Tunnel spoofing

The tunnel to the home network or foreign network may be used to hide malicious packets and get them to pass through the firewall. Mobile IP uses identification fields and timestamp to protect registration from any such attacks.

Other Active Attacks

The Attacker connects to the network jack, figures out he IP address to use, and tries to break to the other hosts on the network He figures out the network-prefix that has been assigned to the link on which the network jacks connected The Attacker guesses a host number to use, which combined with the network-prefix gives him an IP address to use on the current link The Attacker proceeds to try to break into the hosts on the network guessing user-name/password pairs

Protection against such attacks

All publicly accessible network jacks must connect to foreign agent that demands any nodes on the link to be registered (authenticated). Remove all non-mobile nodes from the link and require all legitimate mobile nodes to use (minimally) link-layer encryption

THANK YOU!!!