Anton Kozlov Mobile IP: Security Issues .


53 views
Uploaded on:
Category: Business / Finance
Description
Connected Crypto and e-Security Lab Boston University 2000 . 2. Current State of Mobile Computing. Portable PCs are one of the quickest developing fragments of the PC marketShort-range remote systems (Bluetooth) accessible from IBM, Toshiba, Dell, HP
Transcripts
Slide 1

Anton Kozlov Mobile IP: Security Issues Survey of security sections from the book by James D. Solomon, Mobile IP: The Internet Unplugged , Prentice Hall, 1998 Applied Crypto and e-Security Lab http://www.cs.bu.edu/bunches/pros/Boston University 2000

Slide 2

Current State of Mobile Computing Mobile PCs would one say one are of the quickest developing fragments of the PC showcase Short-extend remote systems (Bluetooth) accessible from IBM, Toshiba, Dell, HP… High-speed (11 Mbps) remote LAN items are presently effectively and inexpensively accessible (IEEE 802.11a, IEEE 802.11b) Low speed (as of now 128 Kbps) Metropolitan Area Wireless Network administrations are accessible in a few urban communities and spreading (Metricom\'s Ricochet) Applied Crypto and e-Security Lab Boston University 2000

Slide 3

Mobile Computers\' Characteristics May change purpose of system association every now and again May be being used as purpose of system association changes Usually have less capable CPU, less memory and plate space Less secure physically Limited battery control Applied Crypto and e-Security Lab Boston University 2000

Slide 4

Wireless Networks\' Characteristics Generally bring down data transmission Higher inactivity and changeability Higher mistake rate More defenseless to impedance and spying Applied Crypto and e-Security Lab Boston University 2000

Slide 5

Outline of the Tutorial Part 1: The Need for Mobile IP Part 2: Mobile IP Overview (for IPv4) Part 3: Security Issues A Simple Mobile IP Application (Private Network without Internet association) A More Complicated Application: Internet-Wide Mobility Applied Crypto and e-Security Lab Boston University 2000

Slide 6

Part 1: The Need for Mobile IP Problems Terminology What Happens When a Node Changes Link? Wouldn\'t we be able to Solve This Problem with Host-Specific Routes? Why Not Just Change the Node\'s IP Address? Wouldn\'t we be able to Just Solve the Problem at the Link Layer? Imagine a scenario in which We Only Need Nomadicity. Connected Crypto and e-Security Lab Boston University 2000

Slide 7

Mobile IP takes care of the accompanying issues: If hub moves starting with one connection then onto the next without changing its IP address, it will be not able get bundles at the new connection If a hub changes its IP address when it moves, it should end and restart any continuous correspondences every time it moves Mobil IP takes care of these issues in secure, powerful, and medium-free way whose scaling properties make it appropriate all through the whole Internet Applied Crypto and e-Security Lab Boston University 2000

Slide 8

The Need for Mobile IP Terminology A home connection is the connection on which a particular hub ought to be found; that is the connection, which has been relegated a similar system prefix as the hub\'s IP address An outside connection is any connection other than a hub\'s home connection – that is, any connection whose system prefix varies from that of the hub\'s IP address Host-particular course is a steering table with Prefix-Length of 32 bits, it will give a match to precisely one IP Destination Address; to be specific, the address indicated in the Target field Mobility is the capacity of a hub to change its purpose of connection starting with one connection then onto the next while keeping up every current correspondence and utilizing a similar IP address at its new connection Applied Crypto and e-Security Lab Boston University 2000

Slide 9

What Happens When a Node Changes Link? Connected Crypto and e-Security Lab Boston University 2000

Slide 10

Can\'t We Solve the Mobility Problem with Host-Specific Routes? By what means Might Host-Specific Routes Solve the Problem? In the event that it Solves the Problem, Is This Solution a Good One? Connected Crypto and e-Security Lab Boston University 2000

Slide 11

Is This Solution a Good One? What number of Mobile Nodes We Can Expect? What number of Routes Are Required for Each Mobile Node? How Fast Will a Node Change Links? Is This Solution Robust? Is It Secure? Connected Crypto and e-Security Lab Boston University 2000

Slide 12

Conclusion: Host Specific Routes is an Unworkable Solution to Node Mobility in the Internet Minimally, have particular courses must be engendered to all hubs along the way between a versatile hub\'s home connection and its outside connection Some (in the most pessimistic scenario all) of these courses must be overhauled each time the hub moves starting with one connection then onto the next We anticipate that a great many hubs will work Applied Crypto and e-Security Lab Boston University 2000

Slide 13

Host-Specific steering has extreme scaling, heartiness, and security issues Unless host-particular courses are spread to a much bigger arrangement of switches than negligible set depicted in the principal thing above, then the Internet portability to course around disconnected hub and connection disappointments is refuted by host-particular directing Serious security suggestions would require verification, and confused key administration convention to address Applied Crypto and e-Security Lab Boston University 2000

Slide 14

Why Not Just Change the Node\'s IP Address? Will Connections Survive a Changing IP Address? No, on the grounds that all open TCP associations will be ended How Do We Find a Node Whose IP Address Keeps Changing? Just if a portable hub itself starts correspondence, a tremendous overhead to keep passages in DNS upgraded, address returned by a name server is liable to change at any minute Can\'t we simply take care of the issue at the Link Layer? (Cell Digital Packet Data - CDPD (11Kbps), IEEE 802.11… ) Provides hub versatility just with regards to a solitary kind of medium and inside a restricted geographic region Applied Crypto and e-Security Lab Boston University 2000

Slide 15

What If We Only Need Nomadicity? An itinerant hub is one which must end every single existing correspondence before changing its purpose of-connection, however then can start new associations with another IP address once it achieves its new area. In the event that all interchanges are started by the client of a versatile hub, and the client does wouldn\'t fret closing down his applications and restarting then at another area, then nomadicity is surely adequate Applied Crypto and e-Security Lab Boston University 2000

Slide 16

Why Mobility Is Preferable to Nomadicity? Numerous applications have arrangement information constructs which depend in light of IP locations, rather than host names later on Servers and not simply Clients may need to wind up distinctly versatile (Clients know their Servers just by their IP addresses) Some permit application merchants give organize authorizing frameworks which limit access to just those hubs having particular scopes of IP addresses Some security components give get to benefits to hubs based upon their IP addresses. Portable hubs utilizing Mobile IP permit such components to work within the sight of hub versatility Limited accessibility of IPv4 locations, requirement for particular address task instruments Applied Crypto and e-Security Lab Boston University 2000

Slide 17

Summary A hub that progressions starting with one connection then onto the next is unequipped for imparting at the new area unless it changes its IP address Host-particular directing is not workable arrangement with regards to the worldwide Internet Changing a hub\'s IP address is undesirable The distinction amongst portable and itinerant processing (inconceivable for other hub to know at what address a roaming PC can be come to at any given minute) Applied Crypto and e-Security Lab Boston University 2000

Slide 18

Summary (cont.) All connection layer arrangements share constraints in their geographic materialness and the media over which they can run. Indeed, even in those cases where a hub requires just nomadicity, the more inconspicuous points of interest offered by Mobile IP versatility can make organize organization much less demanding. Connected Crypto and e-Security Lab Boston University 2000

Slide 19

Part 2: Mobile IP Overview (for IPv4) Is Mobile IP an Official Standard? What Is the Scope of the Mobile IP Solution? What Are the Requirements for Mobile IP? What Assumption Does Mobile IP Make? Where Does Mobile IP Reside? For the most part How Does Mobile IP Works? Outline Applied Crypto and e-Security Lab Boston University 2000

Slide 20

Is Mobile IP an Official Standard? Portable IP was endorsed by the Internet Engineering Steering Group (IESG) in June 1996 and distributed as a Proposed Standard in November 1996. Fundamental reference record : Request for Comments (RFC) 2002 There are different RFCs characterizing particular parts of Mobile IP, for example, burrowing, appropriateness, Management Information Base… Applied Crypto and e-Security Lab Boston University 2000

Slide 21

What Is the Scope of the Mobile IP Solution? Versatile IP is a system layer answer for hub portability in the Internet It achieves its errand by setting up the steering tables in suitable hubs, to such an extent that IP bundles can be sent to versatile hubs not associated with their home connection Can be thought to be a directing convention, which has an exceptionally concentrated reason for permitting IP parcels to be steered to portable hubs which could possibly change their area quickly. Portable IP is one of a kind in its capacity to suit heterogeneous portability notwithstanding homogeneous versatility. Takes care of the essential issue of steering IP parcels to portable hubs, which is an initial phase in giving portability on the Internet. A total portability arrangement would include improvements to different layers of the convention stack. Connected Crypto and e-Security Lab Boston University 2000

Slide 22

What Are the Requirements for Mobile IP? A portable hub must have the capacity to speak with different hubs in the wake of changing its connection layer purpose of-connection to the Internet Must have the capacity to convey utilizing its home ( lasting ) IP address, paying little mind to its present connection layer purpose of-connection to the Internet Must have the capacity to speak with different PCs that don\'t execute the Mobile IP versatility works The Mobile IP usage ought to be constrained just to the portable hubs themselves and the couple of hubs which give uncommon directing capacities for their sake Must not be presented to any new security th

Recommended
View more...