On the Security of the Mobile IP
Protocol Family
Ulrike Meyer and Hannes Tschofenig
Nokia Siemens Networks
Georgios Karagiannis
University of Twente
Nokia Siemens Networks
University of Twente
• The Mobile IP protocol family
• Security Challenges of the MIP protocol family
• Security solutions standardized by the IETF
– Mobile IPv6 and Proxy Mobile IPv6
• Applications of MIP and MIP security solutions
– in 3GPP and WiMAX
• Open Problems
• Conclusion
MIP Protocol Family
• Mobile IPv4 (RFC 3344), Mobile IPv6 (RFC 3775)
– Enable MN to keep IP address although moving to new subnet
• Proxy Mobile IP (PMIP, draft)
– Enables network node to do mobility signalling on behalf of mobile
nodes that do not support MIP
• Dual Stack Mobile IP (DSMIP, draft)
– Supports MIPv4 and MIPv6 collocated/home addresses within one
• Hierarchical Mobile IP (HMIP, RFC 4140)
– Hierarchy of home agents to optimize routing in local mobility
• Fast Handovers for Mobile IP (FMIP, RFC 4068)
– Enables fast handover by preparing before movement
Network architecture for MIPv4, MIPv6, and DSMIP
Correspondent Node (CN)
Network of
Correspondent Node
AAA Server
AAA Server
Visited Network
Home Network
Home Agent (HA)
Mobile Node (MN)
↔Mobility signaling between MN and HA for
 binding updates (BU): binds home IP address to care of address (CoA)
 binding acknowledgements (BA): acknowledges binding
↔Data traffic between CN and MN (via HA)
Network architecture for PMIP
Correspondent Node
Network of
Correspondent Node
AAA Server
AAA Server
Visited Network
Mobile Node
Home Network
Home Agent
Proxy MIP Client
(Local Mobility Anchor)
(Mobile Access Gateway)
↔Mobility signaling between PMIP Client and HA
 Proxy MIP Client binds home address of MN to care of address with BUs
 Home agent (LMA) acknowledges binding with BAs
↔Data traffic between CN and MN
Main Security Challenges
• Establishment of security associations (SAs) between mobility
signaling end points
• Integrity and replay protection of mobility signaling
Security solutions for MIPv6 standardized in IETF
• IPsec / IKEv2 (Internet Key Exchange v2) RFC 4877
– Part of base MIPv6 RFC 3775
– IPsec for Integrity and replay protection
– IKEv2 with EAP (Extensible Authentication Protocol) for authentication
used for SA establishment between MN and HA,
▪ home AAA server acts as EAP authentication server
• Authentication protocol RFC 4285
– Message authentication code on BUs/BAs for integrity protection
– Sequence numbers / Time stamps for replay protection
– MN-HA security association established during first binding update
▪ with the help of a security association between MN and HAAA
▪ draft-devarapalli-mip6-authprotocol-bootstrap-03.txt
– MN-HAAA SA static or established during network authentication
▪ out of scope
Security Solutions for PMIPv6
• Base PMIPv6 draft (draft-ietf-netlmm-proxymip6)
– IPsec for integrity and reply protection between PMIP client MAG and
PMIP home agent LMA
▪ same IPsec SAs used for all mobile nodes in base PMIP draft
– IKEv2 to set up SAs between MAG and LMA
▪ only one pair of SAs need to be setup
– Requires MAG to be trusted
▪ send only BUs for MNs that are present
Application of MIP in the EPS/E-UTRAN context
• MIP protocols used
– for mobility between E-UTRAN and non 3GPP networks
– not for mobility within E-UTRAN or mobility with 3GPP networks
• Evolved Packet System of 3GPP will support
– MIPv4 in FA (Foreign Agent) mode
– Proxy MIPv6
• MIPv4 security
– As in base RFC but establishement of MN-AAA key currently unsolved
– IPsec/IKEv2 was selected over RFC 4285 recently
• Proxy MIPv6
– Will use NDS (Network Domain Security) for IPsec SA establishment
– Open problem: compromised MAG problem if non 3GPP not trusted
Application of MIP in WiMAX
• MIP protocols used for mobility within WiMAX
– MIPv4
– MIPv6
– Proxy MIPv4
• Proxy MIPv6 will be supported in future
• MIPv6 currently secured with RFC 4285
– MN-AAA key established during EAP-based network authentication
▪ MN-AAA key derived from Extended Master Session Key
• Use of IPsec/IKEv2 planned as option for MIPv6
• Proxy MIPv6 used with RFC 4285
– Separate key per mobile node used
– MAG-LMA key established during EAP-based network authentication
Main Open Problems / Work in Progress
– Firewall traversal problem (RFC 4487)
▪ Off-the-shelf firewalls interfere with MIP signaling traffic
• MN behind firewall: BUs protected with ESP blocked, ...
• CN behind firewall: problems if route optimization is used as state is created
based on HoA, ...
• HN behind firewall: blocking ESP traffic, blocking of unsolicited incoming traffic
– Location privacy (RFC 4882)
▪ CoA reveals location information to CN and eavesdroppers
▪ Eavesdropping on BUs allows for
• identifying the MN by its HoA and observing the binding
• tracking of MN on subnet granularity
• 3GPP
– Compromised MAG problem if PMIP used for global mobility
– Dynamic establishment of MN-AAA key for MIPv4 in 3GPP
• MIP protocol family matured
• Used more and more in mobile systems
• Security issues still often solved in system specific way
– WiMAX as very obvious example
– Goal is often to
▪ optimize the system as a whole
▪ leverage security procedures already available
– E.g. WiMAX derives MIP SAs from keys established during network
Thank You!
