chapter 5 secure communications in mobile ip network...
TRANSCRIPT
CHAPTER 5
Secure Communications in Mobile IP Network
Environment
Introduction
In Section 5.1 , the focuses on the background and overview of Mobile IP. The subsections discusses the Architecture and Operation of M’IP.
Section 5.2 then examines performance enhancement and routing optimization of Mobile IP followed by the operational & MobilityManagement Overheads in subsequent subsections.
Section 5.3 examines the quality performance in Mobile IP with the help of RSVP (Resource Reservation Protocol) and some proposed solutions.
In section 5.4 the particular focus o f this section concentrated on the authentication and security in Mobile IP. The intent, however, is to use authentication as a small lens that allows us to focus on broader trends in approaches to security for wireless networks. Section 5.5 briefly discusses the logical components o f Mobile IP, security risks, etc. , followed by the section 5.6 focuses on security considerations in Mobile Host communications.
Section 5.7 then examines the mixed approach to the authentication under Mobile IP, followed by section 5.8 which describes the Public key authentication (approach) to Mobile - IP.
Since this is the last chapter o f the research also so in the last section 5.9 we list some observation and predictions.
The origins of the Internet sit firmly in the wired world. When the original protocols and specifications that evolved into today’s global Internet were debated and established in the late 1970s and early 1980s through forums such as the Internet Engineering Task Force (IETF), the prevailing paradigm dictated that the network would primarily link computers, and that wires would connect these computers to the network. The early Internet designers did not anticipate that wireless data communications would emerge as a major mode of access to the Internet. Nor did they anticipate that not only full-fledged computers, but all manner o f mobile electronic devices - from personal digital assistants (PDAs), to intelligent cell phones, to portable game machines, to digital cameras - would become platforms for Internet access.
As the importance of these trends in mobility and wireless Internet access emerged, Internet designers developed the Mobile Internet Protocol (Mobile IP) to accommodate, to some degree, the requirements of wireless communications within the Internet world. The baseline Mobile IP protocol, however, did not address many areas o f concern that have since become the subject of follow-on research.
My intent is to conduct a survey and to establish a baseline understanding o f key issues and trends in wireless Internet access as it relates to TCP/IP, rather than to describe the most recent research being conducted in this field (much of this, of course, has not yet appeared in formal publications, and can be found primarily through such sources as the Web).
5.1.1 W hat is Mobile IP
The assumption that it would be computers wired to networks that would constitute the Internet dictated key design decisions at the Internet Protocol (IP - network level) o f the Internet protocol hierarchy. For example, network nodes (computers) are assigned individual IP addresses that remain static, or, if dynamically assigned through protocols such as DHCP, assume that the computer will always be attached to the same local area network. Should a
computer be moved from one network to another, the situation is treated much as would be the introduction of a completely new network node. That is to say, a new IP address is allocated to the machine at its new network iocation (and the old address probably recycled).
As should be obvious, this approach will not work in managing mobility. An Internet-capable mobile device, such as a laptop computer or PDA, can roam among many local area networks, some o f which may belong to the roamer’s own company or organization, and some of which may be operated by independent service providers. A requirement to establish a new Internet address for each network encountered during roaming would destroy the benefit of mobile computing and Internet access - the ability to communicate hassle-free from anywhere where access capabilities are available. There is an obvious analogy with mobile telephone services. From both the standpoint o f the user of a mobile phone, and from the standpoint o f friends or business associates trying to contact this individual, it is essential that the phone have the same number no matter where the user may be traveling. It is not acceptable that the user’s phone number change as he or she moves from area code to area code; the network must hide this level o f complexity from customers.
The Mobile Internet Protocol (Mobile IP) was developed to provide support for roaming Internet access devices, without requiring that the existing architecture of the Internet be disturbed - a delicate balancing act. Major design goals for the Mobile IP protocol included:
• Mobility management is handled at the Network Layer (Layer 3 - the IP Layer in the Internet protocol stack)
• The Transport Layer (Layer 4 - where TCP and UDP sit in the Internet protocol stack) are unaffected
• Existing applications do not need to change
• The existing infrastructure o f Internet routers which do no t support mobility does not need to change
• Non-mobile hosts (computers attached to the Internet) do not need tochange
• Continuous operation occurs across multiple networks
As we will see in the course of this analysis, while Mobile IP achieved some of these goals, others - such as security and avoiding impact on the Transport Layer - proved elusive, and have emerged as the target of protocolenhancements.
5.1.2 Mobile IP - A rchitecture and O peration
Under the Mobile IP protocol, mobile hosts (MH) retain a constant IP address on their home networks called the Home Address. In this sense, mobile hosts are no different from conventional, fixed-location hosts, in that they have one unique, fixed Internet address which doesn’t change no matter where the user may be roaming with his or her mobile device. The “home network” for an MH may be a virtual network operated for example by a service provider, but the prefix of the mobile host’s IP address will match that of the home network in the same fashion that any Internet node belonging to a local area network will share the network prefix element o f the IP address with other nodes on the same network.
On the home network - whether a conventional LAN or a virtual network - of the mobile host there must also be found a Home Agent (HA). The Home Agent, which is typically just another computer running special Mobile IP software, has several critical roles:
• The Home Agent must know when the Mobile Host is actually present on the home network, and when it is roaming.
• When the Mobile Host is roaming, the Home Agent must keep a record of its current location in the Internet address space, with an address usually called the Care o f Address (COA).
• If packets arrive at the home network addressed to the Mobile Host from a Corresponding Host (any Internet node which seeks to communicate with the MH) when it is roaming, the Home Agent must intercept these packets and forward them to the current Care o fAddress of the MH.
The Home Agent thus must always be operational on the home network (capable of receiving and redirecting packets bound for the Mobile Host), and must always be informed (of the M H’s current location).
Networks which seek to support communications by Mobile Hosts must include a machine called a Foreign Agent (FA). In effect, the Foreign Agent complements the Home Agent in providing services that allow MHs to continue communications over the Internet while they are away from theirhome networks.
Among the essential services of the Foreign Agent are:
• To advertise its availability to Mobile Hosts in the vicinity.
• To accept registrations from MHs in its proximity, and to provide Care of Addresses (COAs) to registering MHs.
• To accept packets which are routed from the Home Agent to a Mobile Host for whom it has a registration, to process these packets (see below), and then to forward the packets on to the MH via a wireless link of some kind (Mobile IP supports a diversity of wireless communications protocols at the Physical and Data Link Levels).
• To inform the Home Agent in the home network o f a Mobile Host that has registered with it that the MH is under its care, and what the Careof Address is.
A schematic diagram showing the key components o f the Mobile IP environment appears in Figure 5.1.
Figure 5.1: Schematic depicting the operation of Mobile IP in its conventional mode. [Diagram adopted
from Senevirame and Sarikaya]
A key aspect of Mobile IP is the specification of how packets are forwarded to a Mobile Host when it happens to be absent from its home network. As the Care of Address for a Mobile Host is transitory, it is not communicated to the broader Internet infrastructure (which helps achieve the design goal that Internet hosts and routers need not be changed to accommodate Mobile IP). Only the Home Address of the MH is broadly known, so, if a Corresponding Host should send a message to an MH, the packets will initially arrive on the home network o f the MH. Here, the Home Agent, which knows that the MH is roaming, intercepts the incoming packets. In a process called IP tunneling, the Home Agent encapsulates these IP packets in packets that have the Care of Address of the Mobile Host as their destination address, and forwards them on to the COA. When the packets arrive at the Foreign Agent, which is the actual recipient of packets forwarded to the Care o f Address, the FA strips off the encapsulating layer, identifies the particular Mobile Host that the packet is bound for (a Foreign
Agent may, of course, simultaneously support more than one MH), and forwards the packet on via the open wireless link.
When the Mobile Host seeks to send information to a fixed node somewhere on the Internet, the situation is more straightforward. The MH, using standard IP techniques, places the address of the fixed node in the destination field of the IP packets it generates, and uses its home address in the source address field. These packets are forwarded initially to the Foreign Agent over the wireless link, and then on to the destination node by conventional Internet routing techniques.
A primary architectural feature of Mobile IP is “triangular routing.” Triangular routing takes effect whenever the MH is away from its home network. A Corresponding Host (CH) which wants to send packets to the MH first sends them to the MH’s home network, where they are interceptedby the Home Agent.
The HA then forwards the packets, using IP tunneling, to the Foreign Agent where the MH currently resides. Thus, the packets must traverse two routes over the Internet to reach MH. This adds transit time and complexity to the communication, as well as increasing overall congestion on the Internet. The impact is particularly regrettable if the CH and MH are in close proximity, while the home network is located in a distant portion o f the Internet. This situation gives rise to performance issues that are being addressed with route optimization techniques described in following sections.
5.2 PERFORMANCE ENHANCEMENT AND ROUTING OPTIMIZATION
In a 1998 paper published in Computer Communications, Aruna Seneviratne and Behcet Sarikaya classify the factors that impact the performance o f Mobile IP implementations into two major categories, Operational Overheads and Mobility Management Overheads. The following kinds o f factors fall into these two categories:
5.2.1 Operational O verheads
Tunneling Overhead: The cost of encapsulating and de-encapsulating IP packets as they are forwarded from the Home Agent to the Foreign Agent.
Fragmentation Overhead: Fragmentation Overhead comes into effect when the Home Agent must forward IP packets that are equal in size to the maximum transmission unit (MTU) o f the network infrastructure between the Home Agent and Foreign Agent. As IP tunneling requires the addition of a second IP header to IP packets, making the resulting packets larger than the MTU, the packets must be fragmented and then re-assembled on the Mobile Host side of the transmission.
Routing Overhead: Routing Overhead represents the increased latency that results from triangular routing, as described above.
5.2.2 Mobility Management Overheads
Movement Detection Overhead: When a Mobile Host roams from the area covered by one Foreign Agent to an adjoining area, the MH is responsible under Mobile IP for detecting this condition and initiating hand-over to the new FA. The MH takes this step in the instance where it has not detected three consecutive “agent advertisements” from its current agent. As RFC 2002 recommends an interval of 1 second between agent advertisements, on average, each handover will result in a period of 2.5 seconds where the MH’s network connection is not operational.
Re-registration Overhead: When a Mobile Host moves to the coverage area of a new FA, it must obtain a new Care o f Address, and then arrange to have this COA registered with its Home Agent, updating the old registration.
Research by F.C. Chuong and colleagues at the University of Singapore indicates that of the three operational sources of overhead cost, Routing Overhead is predominant. A 1998 paper by R. Caceres and V. Padmanabhan analyzes the mobility management overheads incurred by Mobile IP, and
proposes n hierarchical approach to improving the situation. The following two sections provide further detail on these matters.
5.2.3 Controlling Routing Overhead Under Mobile IP
The Problem: Under Mobile IP, packets are routed over what are frequently long and indirect routes to reach the current location o f the Mobile Host. In addition to the other sources of overhead cost associated with Mobile* IP, most of which involve the extra processing in the agents and MH necessary to support mobility, triangular routing places a burden on network resources.
According to R. Dayem, “Triangle routing is not too bad if it involves just one or two packets. It it involves many packets, then it results in a waste of network bandwidth.” Other problems caused by triangular routing include, with applications that throttle data transmission based on average round-trip delays, the fact that the delay times of outward-bound and incoming packets may be very different with triangular routing can cause problems, and (2) for security reasons, some firewalls check the source address fields of incoming packets, and the fact that the home address of an MH may differ from the Care of Address may cause problems.
Proposed Solutions: Packet routing for Communicating Hosts which seek to send substantial amounts of information to a Mobile Host can be significantly improved over the baseline Mobile IP standard through communication among the Communicating Host, Home Agent, and Foreign Agent. Initially, when the HA receives packets bound for an MH which it knows is away from the home network, in addition to forwarding the packets to the Care of Address the HA sends a “binding update” back to the source node. The effect of the binding update is to provide the Communicating tfost with the current address o f the target MH, allowing the Communicating Host to build a table that maps the home addresses of Mobile Hosts to their current Care of Addresses.
This table is called a “binding cache.” The Communicating Host can then direct subsequent packets to the actual Care of Address o f the MH withwhich it wishes to communicate.
The b inding update s cheme, must, o f course answer an o bvious q uestion: What happens if the Mobile Host moves? First, if a Foreign Agent receives IP packets for a Mobile Host with which it is no longer in communication, it sends a “binding warning” message back to the node which sent the packets. The binding warning informs the Communicating Host that the Care o f Address it is using for the MH is out of date and must be updated. In addition, the mobility hand-off procedure can be modified such that the Mobile Host can inform its previous Foreign Agent o f its new Care o f Address. In this scenario, the old Mobile Host maintains a table of forwarding addresses for Mobile Hosts which have moved on, and forward packets on to their new addresses. When a Communicating Host receives a binding warning message, it can of course communicate again with the Home Agent of the Mobile Host it wants to contact, in order to receive a current CO A.
Under the Mobile IP-related portion o f IPv6, two new destination options — a binding update and a binding acknowledgement - are introduced. IPv6 also includes a “neighbor discovery protocol” that has applications in mobilitymanagement.
5.2.4 Mobility M anagem ent Overhead: A Hierarchical Approach
The Problem: As defined in the baseline Mobile IP protocol, handoff handling mechanisms g enerate s ubstantial o verhead. F irst, e very t ime t hat the Mobile Host switches from one network coverage area to another, the Home Agent must be notified. Furthermore, when the route optimization enhancements to Mobile IP described in Section 5.1 are implemented, every new location of the Mobile Host must also be communicated to the set o f Corresponding Hosts
According to R. Caceres and V. Padmanabhan, “As currently defined, therefore, Mobile IP does not extend well to large numbers of portable devices moving frequently between small cells.”
In the view of the authors, however, numerous portable devices moving frequently between small cells (some o f which may be located within a
single building) is precisely the future direction o f the Internet, and consequently must be addressed. Conventional Mobile IP raises three primary problems: “One, handoffs can incur long delays since these hosts and agents may be separated by many hops in a wide-area internetwork. Two, data in transit to the MH may be lost while the handoff completes and the new routes to the MH converge. Three, frequent handoffs by large numbers of mobile devices could add significant load to the internetwork.”.
Proposed Solution: Caceres and Padmanabhan argue that, in order to increase the scalability o f mobility management in the Internet environment, distinctions need to be drawn among, and different approaches taken to handling, mobility at three levels of the Internet hierarchy:
1. Local mobility (Mobile Hosts moving between base stations attached tothe same Internet subnet)
2. Mobility within an administrative domain (Here, more than one subnet is involved, b ut a 11 b ase s tations f all w ithin t he same I ntemet a dministrative domain - a university or corporate campus would be an archetypicalexample)
jr
3. Global mobility (The case where Mobile Hosts are moving between administrative domains in the broader Internet) Under the proposed approach, only Level 3, Global Mobility, requires that the Home Agent and Corresponding Hosts be informed that the MH has moved from one cell to another. The first two cases are handled locally.
The hierarchical scheme described by the Caceres and Padmanabhan dictates that the base stations which support wireless communications, and serve as modified versions o f the Foreign Host, be network-layer routers rather than link-layer bridges. Layer 3 routers offer several capabilities that aresignificant in this context:
(1) They can filter IP traffic based on multicast groups, and
(2) They can distinguish among IP packets based on the contents of the Type of Service field in the IPv4 IP packet header, or on the contentsof the Flow ID in IPv6.
Another implication o f the three-level hierarchy is a modification of the set of Foreign Agents that come into play. At the subnet level, there continues to be a Subnet Foreign Agent, which corresponds closely to the conventional Foreign Agent of Mobile IP. Within the administrative domain, however, there is in addition a Domain Foreign Agent. The Domain Foreign Agent maintains tables of routing entries that are modified every time a Mobile Host within the administrative domain moves from one subnet to another. Thus, communicating hosts outside the boundaries of the domain do not need to maintain awareness of the movements of the Mobile Host they are communicating with within the domain, in that the Domain Foreign Agent assumes this responsibility.
The general logical structure o f this hierarchical approach is illustrated in Figure 5.2.
Figure 5.2: Logical structure o f the hierarchical approach to mobility management.
The protocol proposed by Caceres and Padmanabhan to handle handoffs when base stations lie on the same local subnet stresses simplicity and speed. As in Mobile IP in general, it is the Mobile Host that initiates a handoff. It does so by listening to beacons that each base station broadcasts. When the MH moves into an overlap zone between two base stations (and thus approaches a cell boundary), it can sense the beacons from both base stations, and, based on signal strength, can make in informed decision as to when to switch.
The exchange of messages in the case o f a local handoff proceeds asfollows:
• Thu MH transmits a “Greet” message to the new base station it has selected. The Greet message contains the address o f the MH itself, together with that of the old base station.
• The newly selected base station places an entry for the MH in its routing table, so that it can forward incoming packets on to the MH. The base station responds to the MH with a “Greet Ack” message, which both confirms receipt of the Greet message and indicates the willingness o f the base station to serve as a host for the MH.
• Upon receiving the “Greet Ack” message, the MH sends packets that it has recently sent to the old base station to the new base station from its “Retransmission Buffer.” (The logic is that these packets have not been Acked by the old base station, and may have been lost).
• The new base station, using the subnet’s wired link, sends a “Notify” message to the old base station, to inform the old base station that the MH has switched over to the new base station. Included in the message is the address of the new base station.
The old base station responds by forwarding any packets recently sent to the MH on to the new base station (the logic here is the inverse of step (3) - these are unacknowledged packets held in the Retransmission Buffer). The old base station also returns a “Notify Ack” message to the new base station. The old base station eliminates the entry in its routing table for the MH.
• The new base station sends out a “Redirect” message on the wired link in broadcast mode. The purpose is to inform any “interested nodes” on the local subnet of the change in the forwarding address for the MH. Interested nodes include the router connecting the subnet to the broader Internet (which is playing the role o f the Domain Foreign Agent described above), and any local hosts that are communicating with the MH. Redirect employs the standard ARP (Address Resolution Protocol) functionality.
#Figure 5.3 illustrates the sequence o f messages required to accomplish ahandoff within the local subnet.
Figure 5.3: Sequence o f message exchange in support o f a under the hierarchical mobility management
Note: Solid lines represent node-to-node communications; dotted lines represent broadcasts within the local subdomain.
Under this hierarchical management scheme for local handoffs, the Mobile Host initiates the handoff, but the host machines (the base stations on the local subnet) handle most of the steps involved in setting up and executing the h andoff. The reason is that the b ase stations can employ the fast and reliable wired infrastructure. The retransmission o f buffered packets is optional, but does improve handoff performance. In the case where the packets in the Retransmission Buffer o f the Mobile Host or old base station are not forwarded, the packet loss can be dealt with at the level of the end-
to-end protocol, where TCP, for example, will retransmit when it does notreceive the expected Ack.
Base stations use a combination of Gratuitous ARP and Proxy ARP in order to provide the illusion to other nodes that the MH actually resides on the wired link (a simplifying assumption under this proposal). Any node on the local subnet that wants to communicate with the MH issues a standard ARP request to acquire the link-level address o f the MH. The base station which is serving the MH responds as a proxy for the MH, using its own link-level address. The node which sent the ARP request thus stores the address o f the base station in its ARP cache and forwards future packets intended for the MH to that address. The base station then forwards all packets receiYed for the MH over its wireless link to the MH.
Caceres and Padmanabhan have implemented the proposed handoff management mechanism on Unix-based base stations and portable computers and evaluated performance on a WaveLAN network. Handoffs typically complete in less than 10 milliseconds after they are initiated by a Mobile Host, and have been shown to be fast enough to avoid disruptions that are noticeable to a user in streaming audio data. The experimental work settled on a 100-millisecond beaconing period and a 4-packet buffer per channel as effective parameters for packet audio.
The authors identify three primary areas for related future investigation.
These are:
• Multicasting in Base Stations: Because base stations in the scheme proposed by Caceres and Padmanabhan are network-layer routers, they can filter and forward packets based on IP multicast groups. These multicast groups can be used for example to differentiate among subscribers to different encoding levels o f a video stream, such that the resolution offered is in proportion to the speed of the wireless link available to a given MH.
• Retransmission After Handoff: Under the current version o f the proposal, all packets remaining in the Retransmission Buffers o f the
old base station and the Mobile Host are retransmitted. This is inefficient, however: it would be desirable if the protocol could distinguish which packets had in. fact been dropped and onlyretransmit those.
• Distinction Among Traffic Types: During and around handoffs, bandwidth is at an absolute premium. It would be helpful if the protocol allowed base stations to draw distinctions among packet types based, say, on the Type o f Service field in the IP packet header. Then, delay-sensitive packets such as those in audio streams could be accorded higher priority than packets in a file transfer.
In general, this paper grapples in an informative way with the problem that lies at the crux of Mobile IP: while the Internet was not originally designed to support mobility, mobile devices will proliferate wildly over the next decade, and the Internet must grow to accommodate them without requiringthat “everything change at once.”
5.3 QUALITY OF SERVICE AND M OBILE IP
Quality of Service entails providing guarantees as to the bandwidth and latency that will be available to an application operating over a network. From its origins as a packet-switching infrastructure that supported primarily message communications and file transfer, the Internet has not emphasized Quality of Service. With the advent of applications running over the Internet, such as voice communications, teleconferencing, and moving video, which do have real-time constraints on data delivery, Quality o f Service (QoS) has emerged as topic o f concern in Internet-related research and network engineering.
The Problem: An important protocol for the provision o f Quality of Service guarantees in the Internet environment is RSVP (Resource Reservation Protocol), which was initially introduced in draft form in 1997. RSVP uses a signaling scheme to reserve network resources along the path from source host to destination such that “subsequent data packets are guaranteed to have a certain bandwidth available and meet certain delay bounds.” [^V.20] In the
establishment of an RSVP connection, the source host which seeks to establish a communication session with QoS guarantees first sends a signaling packet called a Path Message.
As it moves through the network to the destination node, the Path Message records the route taken in terms of the routers visited and the links traversed. On receipt of the Path Message, the destination host calculates what network resources will be needed to assure the requested Quality of Service. The destination node then replies to the Path Message with a message of its own, which traverses the same sequence o f routers in reverse and reserves bandwidth and processing capacity at each of them.
When RSVP is used in conjunction with the Mobile IP protocol, or with Mobile IP with its route optimization enhancements (MIP-RO), severalserious problems arise:
1. If, consistent with Mobile IP, the Home Agent encapsulates its IP packets in order to tunnel them to the Foreign Agent on behalf o f the Mobile Host, the intermediate routers will not recognize a Path Message packet when it passes through, and thus will not record the data elements necessary to support the calculation o f QoS guarantees.
2. At least when the communication begins, packets moving from a Corresponding Host to a Mobile Host which is roaming will travel the triangular route described earlier. This increases the latency of the connection, making it difficult to meet QoS deadlines. RSVP does issue periodic path messages, so if MIP-RO is in use, over time the connection between the Corresponding Host and the Mobile Host will be established as a direct rather than triangular connection, but it may already be too late to achieve QoS goals.
Another potential problem is introduced by the final wireless hop between the base station on the Foreign Agent’s network and the Mobile Host. Typically, this link is much slower than the wired Internet infrastructure, raising additional challenges for QoS. However, an entire wireless channel
m;iy be ;iv;iikiblc (u support the communication between the base station and Ihe Mobile l!os(, in which ease bandwidth may be adequate even if latency is somewhat high (video streams, for instance, may be more tolerant of timedelays than intervening jitter).
Proposed Solutions: In a 1998 paper, R. Jain, T. Raleigh, C. Graff, and M. Bereschinsky, propose the adoption o f “location registers” from switched voice networks as a mechanism to improve QoS support in the Internet environment. According to the authors’ argument, “The benefits of MIP-LR (Mobile Internet Protocol - Location Registers) are that potentially long routes, called ‘triangle routes,’ from the sender to the mobile host are avoided, encapsulation o f packets sent to a mobile host is not required, the load on the home network as well as the home and foreign agents is reduced, and there is substantially improved interoperability with protocols such as RSVP for providing QoS guarantees.” Application o f MIP-LR would be limited to within administrative domains or organizational networks, in that sending hosts must uniformly implement MIP-LR and must have access to information about which hosts are potentially mobile.
The “location registers” of MIP-LR essentially comprise a database o f information on the current network location of Mobile Hosts. Location registers thus correspond to the “service node” databases used to support cellular communications services. In GSM, for example, a two-tier architecture is employed with Home Location Registers (HLR) and Visitor Location Registers (VLR).
In MIP-LR a similar two-tier hierarchical approach is taken. Each subnet in an administrative domain which wishes to implement MIP-LR designates a host machine to serve as the Home Location Register and a host to serve as the Visitor Location Register (both HLR and VLR can reside on the same machine). Each Mobile Host is linked to a single HLR, specifically the one resident on its home network. While a Mobile Host is “at home, it is not registered in either its HLR or any VLR. It sends and receives IP packets according to unmodified IP.When a Mobile Host moves to a foreign network, however, it registers with the VLR on that network and receives a Care-of-Address (COA). The VLR
on the foreign network then forwards the CO A to the MH’s HLR. The VLR responds with a confirmation message that contains specification of a lifetime interval for the registration (the database entry at the HLR, in other words, will be eliminated when the lifetime has expired). Care-of-Addresses can be issued to visiting Mobile Hosts based on either of two schemes:
(1) the VLR manages a pool of IP addresses that it can assign to visiting Mobile Hosts, or
(2) the Mobile Host secures its temporary IP address from a DHCP server on the foreign network.
When a Corresponding Host wants to communicate with a Mobile Host, it first issues a query to the HLR of the Mobile Host to determine its Care-of- Address. The HLR returns this information, together with information on the remaining lifetime of the registration. The Corresponding Host proceeds to send IP packets directly to the COA o f the Mobile Host, eliminating the troublesome triangular routing. Note that the Corresponding Host can cache the COA for the Mobile Host, and continue to use it until expiration, without having to re-query the HLR.
A schematic illustrating the exchange o f messages and data packets among the Corresponding Host, the Mobile Host, and the Location Registers under MIPLR appears in Figure 5.4.
Mobility M aridutm iw ul am i I 'a rk u l D i^ /n iv in MIH.l H
MCOIIC tlOJrt flV.K) VLU
□ aVLR C o r r e s p o n d i n gHtoct (CH)
I I*WI i t «fl fir >̂1 | :t> r t i o n W r iw o tk a |n d i c p i B t i f r a j
| Query
f Response: «MH.COA. Lifefcnt
I I II I II Ddte pBcketlwithout IP tunnelirj| "tM^.CClA. GH.IPJ- |
S n d n g Caohe N H . IP -> MH.C LMMIma A,
MU m o v e s to r>ivy Foreign Metwdrks and r t j i s t e r
f Data pao ket v»1ttlout IP tunnel Ing| «W H .D Id |a A , CH.IP*
......... rI Binding vrarnino: I | <iMH.IP.CH.IP> |
l o r w a rd p a * J L t s inflight J
f Optional £
Binding update: «C H .IP , HLR.IP, M H .N aw C Q A, Life
Bndijvo Caohe:WH.!!?-••» MH.NawCOA, U fa tlm e
I Oota packet w tk o ii IP iunn din g I | < MH.Nqv^COA, CH.IPS» |
II▼
Figure 5 .4 : Exchange of messages and data packets under Mobile IP-LR.
Jain, Raleigh, Graff, and Bereschinsky propose two mechanisms by which a Corresponding Host can discover the address of the Mobile Host it seeks to communicate with. Under the “Query Trap” approach, the Correspondent Host simply directs its query to the permanent IP address of the Mobile Host. If the MH is away from its home network, the HLR server is smart enough to intercept the query, and then respond with the current COA o f the Mobile Host. Under “Database Lookup,” Translation Servers (TS) are maintained within the administrative domain. A TS provides information on the mapping from a host’s IP address to the HLR address for that host. All nodes within the administrative domain know the address o f the TS, and can query the database as needed.
Another key question fo r MIP-LR is how location information is updated when the Mobile Host moves. In this area as well, the research team proposes two alternative approaches:
Lazy Caching: In “lazy caching,” when the Mobile Host has established a link to a new subnet, the new VLR informs the old VLR o f the change. The old VLR then traps and forwards any additional packets that may arrive at the old COA, and sends a binding warning message about the address change to the HLR. The HLR responds by dispatching a binding update message to Corresponding Hosts, informing them of the new COA for the Mobile Host.
Eager Caching: Under “eager caching,” the Mobile Host plays a more active role in the update process. The Mobile Host keeps a table of all active Corresponding Hosts. When it moves from one subnet to another, the Mobile Host sends a binding update message directly to these Corresponding H osts. A s i n L azy C aching, t he new V LR i nforms the old VLR of the change, and the old VLR in turn informs the HLR.
As a general eommcnt about the proposed MIP-LR protocol, note that some elements of this proposal are in conflict with the notions of security for Mobile IP developed in the previous section. For example, here IP packets are sent to the Mobile Host without tunneling, increasing the likelihood that attackers can determine the current location of the Mobile Host. In addition, the notion of a long sequence of Security Agent nodes does not sit well with the goal described here for QoS, which is to identify a short path from Corresponding Host to Mobile Host and lock in network resources along that path. In general, we can conclude that security will be harder to achieve in the mobile environment when applications have real-time characteristics, and easier to achieve when the application is simply forwarding a message or transferring a file.
5.4 Authentication and Security in Mobile IPThe designers of the second- and third-generation digital cellular telephone networks discussed in the first five sections of this study set out to support mobile communications - that is, after all, the whole point of cellular telephony. The Internet, on the other hand, originated as a network that would connect computers at fixed locations. On several other dimensions, the environments also differ dramatically. For example, second-generation cellular networks were designed to transmit primarily voice traffic, and to support communication circuits between parties in a conversation (third- generation cellular networks will pay much more attention to data communications, in addition to voice). The designers o f the Internet, on the other hand, sought to create a network for the transmission of data among computers (“voice over IP” came much later), and used packet switching, rather than the establishment of circuits, as the primary transmission paradigm.
In the 1980s, the world where computers sat in machine rooms, or on users’ desks, in fixed locations with fixed network addresses, began to break down. In the future, computers - including not only laptop computers, but also devices like personal digital assistants (PDAs), “Web pads,” and intelligent cellular phones - will move about with their users, who will want to connect
to the Internet from wherever they happen to be at the moment. The paradigm of how network addresses were adjusted in the world of the wireline Internet - through the intervention of a systems administrator, the assignment o f a new IP address, and reconfiguration o f both the machine that had moved and the network infrastructure - was no longer acceptable. Something had to give, in order to provide support to mobile computing within the Internet environment. The protocol that evolved through the IETF (Internet Engineering Task Force) process was the Mobile Internet Protocol, or Mobile IP for short. The goal of Mobile IP is to support Internet access for computing devices that move from place to place, without requiring the entire Internet infrastructure to change at once to accommodate mobility.
5.5 MOBILE IP - AN OVERVIEWIn the current generation of Internet architecture, Internet Protocol Version 4 or IPv4, Mobile IP is an option. Networks that seek to support mobile computing may add Mobile IP, while those which only provide service to wireline computers need not change. In the future, IP Version 6 will support mobility as part of the generic Internet protocols, in recognition of how important wireless Internet access is becoming.
5.5.1 The Logical Components of Mobile IPAs noted above, the origins of IPv4 and the digital cellular networks we have examined thus far in this study are radically different. However, at the logical level, elements of the Mobile IP architecture correspond closely to what are by now familiar concepts from digital cellular networks. For example, under Mobile IP, each mobile computing device has a home network, much as each cellular handset in the GSM environment has a home network. On this home network, in the world of Mobile IP, is a software system called the “Home Agent” running on a network node. A primary function of the Home Agent (HA) is to maintain information, including cryptographic keys, belonging to the mobile computers - called “Mobile Hosts” (MH) - which have that network as their home network. The Home Agent also tracks the current location o f the Mobile Hosts for which it is
responsible, and therefore corresponds at a conceptual level to the Home Location Register/Authentication Center combination in GSM.
Furthermore, each Mobile Host under Mobile IP has a permanent logical address - its Internet Protocol (or IP) address on its home network - much as each GSM handset has a unique identifier embedded on its SIM smart-card.
Under the Mobile IP protocol, when a Mobile Host roams outside the domain of control o f its home network (of course, it can interact over wireless links with its home network, but this is not the challenging case), it can establish an Internet connection through another Internet sub-network that provides mobility support. Such a host sub-network will have wireless ports (radio transmitter/receiver units) which can exchange signals with the Mobile Host.
There must also be present on the host network a system called a “Foreign Agent” (FA). It is the Foreign Agent that interacts with the Mobile Host while it is connected to the host network, that provides services to it, and that communicates on its behalf with the Home Agent.
In brief, when a Mobile Host seeks to establish communication from a host network while it is roaming, it will first initiate communication with the Foreign Agent on that network. It will then transmit a message with both its own IP address and its new “Care-of-Address” (the IP address of the Foreign Agent), which the Foreign Agent forwards on to the Home Agent. Having received and verified this information, the Home Agent performs what is called a “ Binding U pdate,” by creating a table entry that records the new Care-of-Address in connection with this particular Mobile Host.
The other principal in Mobile IP’s scheme of things is the Corresponding Host (CH). The Corresponding Host could be any other computer on the Internet which seeks to communicate with the Mobile Host. Under Mobile IP, the Corresponding Host need not know that the Mobile Host is roaming away from its home network (this is a key simplifying assumption of Mobile IP), and simply s ends the packets in its communication to the MH in the usual fashion to the home network. Here, the Home A gent, which knows both that the Mobile Host is roaming and its current Care-of-Address, intercepts the packets bound for the Mobile Host, and forwards them on to the Foreign Agent at the current Care-of-Address, in a process called
“triangular routing.” The Foreign Agent then forwards the packets on to the Mobile Host over the wireless link they have established.
The genera] architecture of Mobile IP is illustrated in Figure 5.5. Note
Figure 5.5: Schematic diagram illustrating the key components o f the Mobile IP architecture.
that networks which include the Home Agent and the Foreign Agent must of necessity implement Mobile IP and be capable of mobility support. It is a key aspect of Mobile IP, however, that the Corresponding Host and the various elements of the Internet background represented by the cloud in the network diagram need know nothing about the protocol.
5.5.2 Mobile IP - Security RisksAs an extension to the conventional Internet Protocol version 4 (IPv4), Mobile IP, in order to provide mobility support to roaming hosts, introduces several security risks. In fact most analysts agree that the most significant challenges facing Mobile IP lie in the security domain. As in the case o f the
digital cellular networks, the wireless link between the Mobile Host and the Foreign Agent is particularly exposed to eavesdropping, and potentially to proactive impersonation attacks. Unlike the cellular networks, however, the communication in the wireline Internet is not running over the proprietary network o f o ne or several w ireless c ommunications s ervice providers, but over the open Internet itself. Thus, the security risks in the wireline portion of the network are arguably greater than in the digital cellular scenario.
John Zao and Matt Condell of BBN identify two particular areas of security exposure in Mobile IP: The possibility for an adverse node to spoof the identity of a mobile node and redirect the packets destined for the mobilenode to other network locations;
The risks for potentially hostile nodes (coming from different network administrative domains) to launch passive/active attacks against one another when they use common network resources and services offered by amobility supporting subnet.
The user authentication protocols discussed in this section all address these two security challenges, but take different approaches.
5.5.3 BACKGROUND ELEMENTS FOR THE SECURITY AND AUTHENTICATION ENVIRONMENT OF MOBILE IPThe Mobile IP protocol specifies the use of Message Authentication Codes (MACs) - called “authenticators” in the parlance o f the Mobile IP specification - to authenticate and provide data integrity for control messages exchanged between the Home Agent and the Mobile Node. While it is not mandated in the Mobile IP specification, the MAC approach can also be applied to messages exchanged with other entities, such as the Foreign Agent. A MAC algorithm takes the message to be transmitted and a secret key as inputs, and produces a bit string of fixed length as an output. I f the transmitter and receiver share the same secret key, the receiver can
generate its own M AC from the message it has received. The receiver then compares the generated string with the MAC received with the message. Ifthe two match, this confirms
(1) that no one changed the message contents in transit, and
(2) that the source o f the message must have been the expected party (in that the source o f the message had to know the secret key in order to generate an appropriate MAC).
The Mobile IP protocol specifies MD5, in prefix plus suffix mode (meaning that the MAC code is appended both before and after the message contents) as the default MAC generation algorithm. Other algorithms can be deployed on mutual agreement o f the corresponding parties.
5.5.4 IPSec Security AssociationsA key background concept in security and authentication for Mobile IP is that of the security association (SA). A security association is a pre-defined, one-way relationship between a sender and receiver that defines what approaches to Internet security will be taken in a communication from sender to receiver, and what parameters apply. In the case of bi-directional communications, two such security associations may exist, with each defining one direction of the overall communication. SAs serve to define what set of IPSec (Internet Protocol Security) services are invoked at the IP, or network layer (Layer 3) in the Internet Protocol stack. Within an IP packet, three parameters taken together uniquely identify a security association: these are the IP Destination Address; the Security Protocol Identifier, which indicates whether the security association applies to an Authentication Header (AH) or to an Encapsulating Security Payload (ESP); and a bit-string called the Security Parameters Index (SPI), which is uniquely associated with a given security association. Within the router, or other appropriate element of the networking infrastructure on a network, there resides a file called the Security Policy Database (SPD) which defines rules based on the contents of these fields in IP packets. Depending on the settings in the SPI field, and the location o f the destination host, for instance, different styles and levels o f security can be imposed on outward-bound
packets. This allows the principals - Mobile Host, Home Agent, Foreign Agent, and, in some cases, Corresponding Host - in a Mobile IP communication session to choose an appropriate security regime.
5.5.5 Provision of Registration Keys Under Mobile IPAs an infrastructure such as Mobile IP grows more ubiquitous, it becomes impossible to assume that a roaming Mobile Host (MH) will have had any previous association with the Foreign Agents (FA) on the networks that itvisits.
A major issue that results is how to provide the Mobile Host and Foreign Agent with a shared registration key in a secure fashion at the inception o f a communication session. The overall direction of travel in the evolution of Mobile IP is to accomplish this step via a universally accessible public-key infrastructure (PKI), but as this infrastructure is not yet broadly available, several intermediate steps have been pursued as an interim solution. Charles Perkins, for example, proposes that five currently practical techniques be applied. These are to be considered in priority order by the Mobile Host and Foreign Agent, with the first that can be mutually implemented selected. The five alternatives are:
1. If the FA and MH already share a security association, or can establish one through ISAKMP or SKIP, the FA proceeds to choose the registration key.
2. If the FA and the Home Agent (HA) of the MH share a security association, the HA can generate the registration key and communicate it tothe FA.
3. If the FA has its own public key, it can request that the HA of the MH generate a registration key and communicate it to the FA encrypted with thispublic key.
4. If the MH holds a public key, it can include this in its registration request, with the FA then generating a registration key and communicating it to the MH encrypted with this public key.
5. The FA and MH can employ a Diffie-Helman key exchange protocol in order to establish a shared registration key.
The Diffie-Helman alternative assumes a low priority because its computational complexity can impose a burden on the mobile host and thus introduce delay. In most of the five scenarios that Perkins proposes, the Mobile Host and the Home Agent share a security association a priori. If the Home Agent and the Foreign Agent thus share enough information that the HA can convey a secret key to the FA, the HA can function as a kind of quasi Key Distribution Center (KDC).
If the HA and the FA , for instance, share a secret k ey t hrough a security association between them, the following technique, employing the MD5 algorithm, can be used to transmit a registration, or session, key from HA toFA.
The HA sends the following string to the FA:
String 1 = MD5( secret || regrep || secret) =Kr
Where secret is the private key shared between the HA and FA, Kr is the registration key that is being communicated, and regrep is the reply to the registration request message sent by the FA to the HA. Having received this message (Stringl), the FA can now compute
String2 = MD5(secret || regrep || secret)
The FA can then extract the registration key by simply performing an XORoperation, as follows.
Kr = Stringl String2
In the absence of an established security association between the Home Agent and the Foreign Agent, a similar approach is possible if the FA canmake available a public key.
In the case where the Foreign Agent and the Mobile Node share a security association (this will be less frequent than the MN sharing one with the HA), the FA and MN can negotiate a registration key directly, without the need to employ the HA as a Key Distribution Center. The same can be accomplished if the MN can make available a public key to the FA.
5.5.6 THE BASIC MOBILE IP REGISTRATION PROTOCOLUnder Mobile IP, when a Mobile Host (MH) finds itself in a new network domain, it must establish contact with the Foreign Agent (FA) for that network and initiate a registration protocol sequence in order to inform its Home Agent (HA) o f its current whereabouts. This registration protocol constitutes an important component o f authentication in the Mobile IP world. If the Mobile Host is functioning within the geographic sphere of control of its home network, of course, the Foreign Agent would not come into play, and communication and authentication would take place directly between the Mobile Host and the Home Agent. In this description, we will consider the more general case, where the Mobile Host i s roaming and a Foreign Agent is involved in the transaction.
The Mobile IP registration protocol provides two mechanisms to counter replay attacks: both time stamps and nonces are supported, and principles in a communication session can choose between the two variants of the protocol depending on which of these they wish to use. In the description in the following sub-sections, we will outline the Mobile IP registration protocol with time stamps.
5.5.7 Date Elements and Algorithms in the Mobile IPRegistration ProtocolThe key data elements and algorithms in the registration protocol defined by the Mobile IP specification are as follows:
1. MHHM (Home Address of the Mobile Node): The Internet Protocol (IP) address of the Mobile Host on its home network (note that this will be different than the Care-of-Address on the network of the Foreign Agent).
2. MHCOA (Care-of-Address of the Mobile Node): The IP address o f the Mobile Host on the network it is visiting. In most cases, this will correspondto the IP address o f the Foreign Agent.
3. HAID (Address of Home Agent): The IP address o f the Home Agent onthe home network o f the Mobile Host.
4. FAID (Address o f Foreign Agent): The IP address o f the Foreign Agent on the network that the Mobile Host is visiting.
5. TMH, THA (Time Stamps): TMH and THA are time-stamps issued by the Mobile Host and the Home Agent, respectively.
6. Enc(K, M): The encryption of message M under key K.
7. MAC(K, M): The generation of a MAC (Message Authentication Code)from message M under key K.
8. KSMH-HA (Shared Secret Key): KSMH-HA is a secret key shared between the Mobile Host and the Home Agent. It is not shared with the Foreign Agent or other elements of the network infrastructure
9. Request: A bit pattern indicating that the following message is a requestmessage.
10. Reply: A bit pattern indicating that the following message is a replymessage.
11. Result: A value that indicates the result of a request submitted to the Home Agent (accepted, rejected, explanation for rejection, etc.).
Note that the Shared Secret Key is an element of private-key cryptography which has been retained in the first generation of mobility support for the Internet. It will probably be unnecessary in the future, i f a full public-keyinfrastructure becomes available.
5.5.8 O peration of (lie Mobile IP Registration.ProtocolThe major steps in the execution of the Mobile IP registration protocolproceed as follows:
1. The Mobile Host (MH) will possess a time stamp received previously from the Home Agent (HA) on its home network. This aids in synchronizingits own time stamps with those of the HA.
2. The MH transmits a request message to the Foreign Agent (FA). The request message consists of the following elements: Request Designator, ID of Foreign Agent (its IP address), ID o f the Home Agent, home address of the Mobile Host, Care-of-Address of the Mobile Host, and time stamp issued by the MH. This string is followed by a MAC code that the Mobile Host generates by applying the MD5 algorithm to the elements in the request message in conjunction with the secret key KSMH-HA that it shares with the Home Agent.
3. The Foreign Agent forwards both the request message and the corresponding MAC to the Home Agent. Note that the data elements in the request message - which do not include the secret key - have been transmitted in the clear, so the Foreign Agent can read the address o f theHA.
4. On receipt of the transmission from the FA, the Home Agent computes its own MAC on the request message of the MH. If this matches the MAC received in the transmission, the MH is authenticated and the contents o f the request message are known to be unchanged.
5. The HA now generates a reply message which consists of the following data elements: Reply Designator, Result Code, ID of the Foreign Agent (the IP address of the FA), ID of the Home Agent, home address of the Mobile Host, and time-stamp TS. The time-stamp will be equal to that issued by the MH, if this value was within the window of timeliness acceptable to the HA.
Otherwise, the time-stamp will be one set by the Home Agent, to allow resynchronization to take place. The HA also computes a MAC on these data elements, using the secret key it shares with MH, and sends this with the message. (Note that with the prefix plus suffix variant of the MD5
algorithm, two copies of the MAC are actually sent, but in the following diagram this is ignored for simplicity’s sake). The HA transmits the replymessage and the MAC to the FA.
6. The Foreign Agent accepts the transmission described in Step 5 from the HA, and passes it on to the MH over the wireless link.
7. The MH computes its own MAC on the reply message and compares this with the MAC it has received in conjunction with the reply message from the FA. If the two MAC values match, the HA is authenticated to the MH and the contents of the reply message are validated.
At this point, the MH, FA, and HA can use one of Perkins recommended approaches to establish a registration key, or session key, that will be used to encrypt data in this communication session. See Figure 5.6 for an illustration of the exchange of messages in the Mobile IP Registration Protocol.
[Ml = Rf’ijiwm, FAy,, IIAjj,, M I ^ , MHW li M ACIK S k u u . MU)]
(10 - HA». FA*,» % rwirTtt | *ac<k
Figure 5.6: Schematic diagram documenting the exchange o f messages in the
Mobile IP registration protocol. {Derived from Sufatrio and Lam]
Note that the establishment of a registration key must not involve revealing the shared secret key to Foreign Agent, as this would constitute a serious security loophole. Also note that, while the registration key can be established through the application o f public keys, if a public-key infrastructure is in place and functioning, it can also be established by alternative means that do not require a PKI.
5.6 SECURITY CONSIDERATIONS IN MOBILE HOST -COMMUNICATIONSMost discussion of the Mobile IP protocol focuses on communications between a Corresponding Host and a Mobile Host, with the implicit assumption at work that the Corresponding Host is at a fixed location in the Internet. Of course, as wireless Internet access evolves, the scenario where two Mobile Hosts, both roaming freely, seek to communicate becomes increasingly important. In a 1998 paper presented at the 1998 Globecom Conference, Alessandra Giovanardi and Gianluca Mazzini propose protocols to optimize communications performance in the Mobile Host - Mobile Host scenario.
The problem in communications between two Mobile Hosts (MH) under the Mobile IP protocol is that the “triangular routing” problem grows acute. In the case where a fixed Corresponding Host seeks to communicate with a roaming Mobile Host, it first sends its packets to the home network o f the Mobile Host, where they are intercepted by the Home Agent. The HA then forwards the packets on to the current location of the Mobile Host (this indirection is what is called triangular routing). Packets transmitted in the other direction, though they must first be sent over the wireless link from the Mobile Host to the Foreign Agent, can move directly on to the Corresponding Host, which is at its fixed IP address. With two Mobile Hosts, however, packets moving in both directions are sent first to the home networks of the respective MH, so that the triangular routing becomes bidirectional.
In order to address this triangular routing problem, Giovanardi and Mazzini propose the use of an External Agent (EA) which develops knowledge o f the current location of the two Mobile Hosts and their respective Foreign Agents
(FA). A secure tunnel can then be established that links the two FAs, thus eliminating the bi-directional triangular routing.
Under this proposed MH-to-MH communications scheme, Giovanardi and Massini point out that security mechanisms are needed that protect against both fraudulent Mobile Hosts and against entities which impersonate the networking infrastructure that arranges the secure tunnels between Foreign Agents. The authors propose a security regime that includes five elements, or levels, as follows:
1. Integration of IP and MAC Address: In conducting the authentication of Mobile Hosts via the Home Agent, rather than use IP addresses alone, an address is composed which integrates the IP address and the MAC (Media Access Control) address of the Mobile Host. As the MAC address is a unique bit string embedded in hardware or firmware, it is more difficult to modify or spoof than the software-based IP address. The Home Agent thus maintains a cache containing pairs of IP/MAC addresses that are used in the authentication of its Mobile Hosts.
2. Hashing of M AC Addresses: As further insurance against the interception of address information, the Foreign Agent applies a one-way hash function to the MAC address of the Mobile Host, and sends this value, rather than the MAC address itself, to the Home Agent in association with the IP a ddress of t he M obile H ost. T he Home Agent c an then u se t he IP address it receives to reference its table o f IP/MAC address pairs, extract the target MAC address, and apply the hashing algorithm to the MAC. If the resulting value matches the hash value received from the Foreign Agent, the Mobile Host can be authenticated.
3. Possession of Shared Secret Key: The notion here is that all agent systems in a specified community share a secret key. In tjie transmission of control messages among agents, a hash function is applied to the combination of the message, or part o f the message, and, the secret key. The
rccipicnt agent may then generate its own hash value and confirm that the message originated from a node that possesses the secret key.
4. Use of Time-Stamps: In order to counter replay attacks, time-stamps are included with control messages, whether or not the messages are encrypted.
The recipient system evaluates the time-stamp in a message and accepts the message if the stamp falls within a specific window. TM& protocol requires some degree of time synchronization among agents, which is achieved viathe use of RFC 1305 NTP.
4. Use of Message Digests: Under this sub-protocol, the shared secret key can be used to encrypt control messages in their entirety, and a message digest then generated that is appended to the message. This helps assure both confidentiality and integrity of messages exchanged among the agentsystems.
It should be noted that the proposals o f Giovanardi and Massini in this paper address primarily security and authentication as it applies to interactions among the Home Agents, Foreign Agents, and External Agents in a Mobile IP interaction. It is still necessary to take steps to protect the wireless communication link between the Mobile Host and the Foreign Agent.
5.7 AUTHENTICATION UNDER MOBILE IP : A MIXEDAPPRAOCH
Authentication under the basic registration protocol in Mobile IP, described earlier in this section, remains essentially a private-key based approach. It has been criticized on the basis that it is not scaleable to environments in which many administrative organizations seek to interact, and to have their Mobile Hosts avail themselves of services through networks managed by other organizations.
In their 1999 paper, Sufatrio and Kwok Yan Lam propose a hybrid private- key, public-key approach to authentication under Mobile IP designed to address the scalability problem without radically altering message exchange in the basic Mobile IP registration protocol. This is achieved by having the Home Agent serve as both a public-key authentication agent, and as a Key
Distribution Center (KDC) for session keys. Sufatrio and Lam argue that this is a reasonable alternative to a full-blown public-key infrastructure (PKI), in that the Mobile Host and Home Agent typically belong to the sameorganization.
5.8 MOBILE IP W ITH A FULL PUBLIC-KEY INFRASTRUCTURE
As wireless Internet access grows more frequent, and as more organizations operate networks that accommodate Mobile Hosts or seek to provide information services over the Mobile IP infrastructure, the case for public- key infrastructure (PKI) becomes more compelling. The creation of such a PKI infrastructure for mobile computing is a major undertaking that is far from having been achieved. Research, however, conducted by John Zao and colleagues at BBN Technologies and collaborating organizations in the design and prototype implementation o f the MoIPS (Mobile IP Security) system provides a model architecture for such an infrastructure, and a gives a flavor of how Mobile IP security may operate in the future.
5.8.1 Overview of the MoIPS (Mobile IP Security) System
As designed by Zao, et al, the MoIPS system has as its objectives thedelivery of three security services:
(1) the authentication of Mobile IP control messages during locationupdates,
(2) the exercise o f access control over Mobile Hosts that seek to useresources in Foreign Networks, and
(3) the provision o f secure tunneling for re-directed IP packets.
• Authentication D uring Location Updates: MoIPS supports both the basic Mobile IP protocol and what is called Route-Optimized Mobile IP. Under Route-Optimized Mobile IP, Corresponding Hosts which offer mobility support can be informed o f the current location o f the Mobile Host they seek to communicate with, thus eliminating the indirection of triangular routing through the home network. The security risk that
results is the remote traffic redirection attack, in which .an imposter instructs the Corresponding Host to forward packets to a network location other than the one where the Mobile H ost; currently resides, Under MoIPS, each Mobile IP registration and binding update (change of location message communicated to the Communicating *Host) includes a 64-bit identification tag to counter replays and' 0ne or multiple authentication extensions that provide data integrity and origin authentication through the use o f a hash-generated*-MAC. MoIPS also provides cryptographic key pairs for use between the Mobile Host and Foreign Agent, between the Foreign Agent and Home Agent, and between the Mobile Host and Corresponding Agent.
Access Control for Mobile Hosts: Under the MoIPS architecture, both end nodes (such as the Mobile Host and Corresponding Host) and the mobility support agents (Home Agent and Foreign Agent) hold X.509 certificates that contain public key parameters as well as information about the identities and network affiliations o f the entities. The certificates are issued via hierarchies of certification authorities (CA) in the manner prescribed by the X.509 standard. A Foreign Agent can use the certificate of a Mobile Host to authenticate the MH, and the success of the authentication process is implied when the Foreign Agent forwards a registration request from the Mobile Host to the Home Agent. Authorization to use network resources, however, involves an examination of the status of the Mobile Host that goes beyond authentication (for example, a test o f whether the owner of the Mobile Host is paying her bills). It is only the Home Agent that is in a position to conduct this status check. A successful status check, and consequently authorization to use the network resources requested, is implied if the Home Agent returns a positive registration reply to the Foreign Agent.
Secure Tunneling of IP Packets: In the Mobile IP^QrJd* data packets moving among the Mobile Node, Foreign Agent, Home Agent, and Corresponding Host (which, as we have seen, may itself be a Mobile Host) travel over the broader, unprotected Internet, and, for at least a portion of their transit, over a wireless link. Stepg ijiustbe takeritp protect these packets against eavesdropping attacks and pkeket alterati^l. The MoIPS System architecture specifies that the Home Agent ahd
Foreign Agent are responsible for insuring that all communications with a Mobile Host employ secure tunnels for data integrity, origin authentication, and, when appropriate, data confidentiality. MoIPS specifies the use the Encapsulating Security Protocol (ESP) tunneling mode of IPSec (the Internet Security Protocols) as the method to achieve these security goals. The communicating parties negotiate the encryption and authentication mechanisms to be used within the ESP framework, but all packets will be encapsulated within an IPSec header and an external IP header that identifies the end-points of the secure tunnel. To achieve this, MoIPS includes a system module that supports IPSec and ISAKMP (Internet Security Association and Key Management Protocol).
In comparison to the authentication protocols for digital cellular networks, MoIPS makes very clear its origins in the world of Internet protocols, versus the more proprietary protocols of cellular communication networks. Also clear is the dependence on public-key cryptography and elements o f a public-key infrastructure (PKI), including digital certificates and a set of inter-related certification authorities.
5.8.2 Primary Characteristics of the MoIPS Security Architecture
MoIPS provides the best example we have encountered of a public-key approach to security and authentication in the Mobile IP environment. It is thus worth identifying several of the key components o f this security architecture. The following are the characterstics :
1. At the level of Internet protocols, as we have seen, MoIPS applies the ESP (Encapsulating Security Protocol) variant of IPSec and ISAKMP (Internet Security Association and Key Management Protocol) in conjunction with Mobile IP. The route-optimization extensions to Mobile IP atfe supported.
2. For public-key digital certificates, MoIPS employs the X.509 Version 3 specification, with Version 2 certificate revocation lists (CRLs). For a certificate repository, the designers o f
MoIPS use the standard Internet domain name system (DNS). According to the authors, this approach has several merits:
(1) the use of the widely used and well understood DNS system helps address the server discovery problem;
(2) public-key certificates eliminate the need for real-time transmissions of keys, as would be necessary with an infrastructure of distributed key distribution centers (KDCs), as might be achieved with Kerberos; and
(3) the baseline need for a highly scalable approach: “we must have a technology that can establish shared secrets among a large set of nodes spread across multiple internet domains.”
3. The certification authority hierarchy under MoIPS assumes a multiple-tree structure. Each tree in the structure has a top-level certification authority (TLCA), zero or more middle-level certification authorities (MLCAs), and one layer o f lower-level CAs. Lover-level CAs are responsible for a block of contiguous IP addresses and issue MoIPS certificates to Mobile IP entities whose IP addresses fall within that range (all the nodes o n a given network, for example, would likely be served by the same CA). Cross-verification is permitted between TLCAs and MLCAs.
4. Participation in MoIPS requires the possession of a certificate. Each entity that seeks to participate in communication sessions within the MoIPS environment - whether a Mobile Host, Foreign Agent, Home Agent, or mobility-aware Corresponding Host - must secure an X.509 V.3 certificate with a specific profile defined for MoIPS. Certificates for Corresponding Hosts are only a requirement when MoIPS is to support secure route optimized Mobile IP.
5. Within MoIPS certificates, the IP address o f th^ entity is used as the certificate subject name field for Mobile Hosts, Foreign Agents, Home Agents, and Corresponding flosts. While thjs
means that certificates must be re-issued when there is a change of IP address by an entity, it does permit a computer system to function, for example, as both a Home Agent and a Foreign Agent on different network interfaces. By contrast, in the case of a c ertificate authority ( CA), the c anonical domain n ame i s used as the subject name on the certificate, eliminating the need for reverse domain-name look-ups in this case.
6. MoIPS uses the SHA-1 hashing algorithm to generate digital signatures on its X .509 certificates. MoIPS employs a Diffie- Helman (DH) like technique to generate cryptographic keys, such as session keys, for short-term use. Each MoIPS certificate contains the DH public values needed to support a Diffie- Helman key-generation exchange. The Diffle-Helman secret and a repetition of the replay-protection identification number are fed into an HMAC function (MoIPS employs the HMAC- MD5 function) as the “key” and “message” components, respectively. The output is then used in the process of authenticating Mobile IP control messages by feeding the output string and the control message back through the HMAC function.
7. MoIPS uses the RSA CryptoKi CAPI (Cryptographic Application Program Interface) as the mechanism by which users access the cryptographic engine. Also supported is the PF Key CAPI for the management of short-term keys (such as session keys) and security associations. The MoIPS designers created a third API, called the Cert_API, to provide a link between the system’s key management module and the certificate verifier.
8. MoIPS employs the certificate policy extensions fields in the X.509 certificates to transmit information needed for access control under Mobile IP.
9. Under MoIPS, secure IPSec tunnels can be established from Mobile Host to Foreign Agent, from Mobile Host to Home Agent, and from Foreign Agent to Home Agent. In addition,
outside the purview of MoIPS/Mobile IP, it is possible to establish a secure tunnel between Mobile Host and Corresponding Host, to provide end-to-end encryption and data confidentiality. Mobile IP entities operating in the MoIPS environment can request the establishment o f IPSec tunnels by adding an IPSec Tunnel Selection extension to the standard Mobile IP Agent Solicitation, Agent Advertisement, and Registration Request messages. The particulars of the tunnel to be established are then negotiated between entities via ISAKMP.
An initial prototype o f the MoIPS environment, developed by BBN researchers with DARPA funding and the re-use o f system modules developed earlier at CMU and Portland State University, was completed in1997. Among the key points were:
(1) the capability to obtain X.509 certificates and certificate revocation lists from DNS servers as X509CCRRL resource records;
(2) the capability to verify X.509 certificates and CRLs by following theCA multi-tree hierarchy;
(3) the capability to authenticate Mobile IP registration messages formulated according to the IETF specification via session keys produced by the public-key algorithm described in point 6 above; and
(4) the integration o f Mobile Host to Corresponding Host IPSec tunnels with Mobile IP packet redirection. A block diagram illustrating the system modules o f the MoIPS prototype appears in Figure 5.7.
f&fobilei F
:
b̂didegat*, t %limy)gpr**. , , 1 r.1 r 1
fc
E;r.7̂ ;■ B k* .n-soc'. ,M u d iJe
[ (Portland
1 Sut»)
Figure 5.7: Block diagram o f the 1997 prototype o f the MoIPS (Mobile BP Security) environment.
[Derived from Zao, et al]
Target applications for enhanced versions of MoIPS include “scaleable implementations of secure route-optimized Mobile IP and IPSec support for virtual private networks” that include Mobile Hosts. The authors identify a need for further investigation of fast, hierarchical location management and more sophisticated management of security associations
5.9 OBSERVATIONS AND PREDICTIONS
As noted in the Foreword to this study, change is rapid in the underlying platform technologies o f wireless communications, as it is at the level of security and authentication itself. The only certain thing is that dramatic changes are in store. At this point in the study, however, a number ofobservations and predictions are appropriate:
1. The providers oi’ wireless telecommunications scrviccs, a filer the cxpcricncc with sccond-gcncration wireless systems, can no longer defend proprietary encryption algorithms. In the future, algorithms that are disclosed to the public and can be evaluated by the public will prevail. One outcome will be increasing friction between the security community, which supports robust encryption protocols, and governments and law-enforcement agencies, which continue to desire the capability to monitor communications when national security or law enforcement priorities so dictate.
2. As we have seen, second-generation digital cellular networks have employed symmetric, private-key encryption technology. While research projects conducted in advance of the design o f third-generation digital cellular systems have explored public-key, asymmetric approaches, it appears that conventional symmetric methods will prevail in the first round of third generation system implementations. As the work of Lin/Ham and Lo/Chen indicates, however, a variety of “light-weight” hybrid private-key/public- key algorithms can be used with UMTS and other third-generation cellular systems. Such approaches will have commercial impact in the next three to five years.
3. In third-generation digital cellular systems, subscriber authentication will be bi-directional: the mobile handset will authenticate the network node with which it communicates, in addition to the network validating the handset. Use o f changing data elements, such as time-stamps or protocol sequence numbers, in addition to symmetric private keys, will become common as a means of combating replay and related attacks.
4. Handsets for third-generation cellular networks will be outfitted with more powerful processors and DSPs than current-generation products, due to the highspeed network connections (at least 384Kbit/sec. downlinks) and the need to process video information. This enhanced processing power will give designers o f security protocols new flexibility, including the capability to handle the processing requirements of public-key techniques.
5. Wireless Internet access is the camel’s nose under the tent for a more opensystems approach in wireless networks. From a commercial standpoint, mobile access to resources on the Internet is likely critical to the success of providers of third-generation digital cellular communications services. As users take to the wireless Internet, however, they will begin to lobby the operators for broader, less restricted access. This will put pressure on the proprietary network architectures o f the digital cellular networks; it also may force changes in security and authentication regimes.
6. The current business paradigm in wireless communications services might be called “The Service Provider Rules.” Subscribers sign up for a relatively long-term relationship with the service provider of their choice. This company then provides them with wireless telecommunications services both in the local area and when the customer is on the road (though some o f these services may be conducted under roaming agreements with other providers). In the realm of wireless Internet access, the service provider plays an active role in determining which set o f information resources are easily accessible to the user. This is the way that things are, currently, but not the way they have to be. Other paradigms are
possible; for example: The AOL Model - Here the customer has a long-term relationship with a single provider of telecommunications services, and this provider may set forward a selection of “preferred” information resources and services. However, the subscriber has full, unfettered access to the Internet when they wish to pursue it. The “Per Diem” Model - Under this business paradigm, the customer would not enter a long-term relationship with one provider of wireless telecommunications services, but would rather use the services of whichever provider has the most attractive offering on a short-term basis. The unit o f granularity could be a day in a specific location, or even just one telephone call or access to an Internet site. As noted in Observation 5 above, the emergence o f wireless Internet access will work to change the rules. The trend over the next 3-5 years will be away from “The Service Provider Rules,” toward the more flexible and ephemeral relationships. This trend will push security regimes toward public-key and hybrid private-key / public-key approaches.
7. This study has not allocated much attention to biometrics - the use of physical characteristics o f a subscriber, such as fingerprints, voice-prints, or iris analysis - to authenticate the user. As emphasis increases on authenticating human users, and not just wireless handsets, biometric approaches to authentication and security will gain in acceptance. The increasing processing power o f handsets will be instrumental in permitting use of biometric analysis.
8. Given its origins as a network that would support R&D, security was not an early design goal in the creation of the Internet. However, over the history o f the evolution o f the Internet, several security incidents - the Robert Morris Internet worm, the Melissa virus,
and the more recent “I Love You” virus all come to mind - have made it emphatically clear thatinformation security matters. In the realm of wireless networks, we have not yet experienced a security incident of comparable magnitude. It is highly likely that a major incident or threat will emerge in the next several years, heightening awareness of the increased risks and exposures of the wireless networkingenvironment.
This will lead to increased emphasis on security and authentication for wireless networks by both service providers and the government. In conclusion, there are several key points to be drawn from this study of subscriber authentication and security in wireless networks. First, the challenges of achieving authentication and security in wireless networking environments are distinct from and on several dimensions exceed those encountered with conventional wireline networks. The security risks o f the wireless environment are substantial, and, as wireless Internet access becomes the norm, impact security for the entire network infrastructure, whether wireless or fixed. Given these factors, authentication and securityfor wireless environments will move to the forefront of research anddevelopment in information security over the next five years.