Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Secure Mobile IPv6 for B3G Networks 指導教授:黃培壝 老師 學生:藍成浩 Author and Source Celentano, D.; Fresa, A.; Longo, M.; Postiglione, F.; Robustelli, A.L.; Software in Telecommunications and Computer Networks, 2006. SoftCOM 2006. International Conference on Sept. 2006 Page(s):331 - 335 Outline Introduction The IMS Scenario Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure Deploying MIPv6 In IMS Networks A Solution To MIPv6 Security Threats Conclusion Introduction Beyond-3G (B3G). B3G <> 3G B3G是透過(IP ; Internet Protocol)整合(Heterogeneous Multi-access Network),讓使用者在各種網路間Roaming,隨時隨地享受 Seamless接取服務。 Introduction B3G存取技術以OFDM最受矚目。 OFDM是一種多載波調變技術,將不同頻率載波中的大 量訊號合併成單一訊號,而完成訊號傳送。 適合高速寬頻無線傳輸 抗雜訊及抗衰減能力強 Introduction 3GPP defined a network infrastructure named the IP Multimedia Subsystem (IMS)。 基於SIP(會話初始化協議)的通用平台。 Providing all real-time multimedia services to mobile users through the IP technology. Introduction MIPv6 permits an IPv6 user terminal to be reached and to reach other users while roaming across various subnets. 不過, MIPv6 在異質無線網路裡存在一些安全性弱點。 Serious security threats are currently associated to the delivery of messages sent by a mobile terminal, towards other corresponding users notifying its new MIPv6 contact address. Introduction 作者提出 在SIP-based IMS networks 裡整合 MIPv6 framework ,而且提供 telephone-class security standards。 We improve the security level of MIPv6 signalling messages exchanged in order to allow seamless session continuity. The IMS Scenario IMS 在 B3G all-IP networks 裡 將扮演著重要的角色。 It offers to telecom operators the opportunity to build a unified and open service infrastructure. Easy deployment of new and rich real-time multimedia communication services. The IMS Scenario IMS introduced the Call Session Control Function (CSCF) servers that represent the core elements. CSCF的種類 P-CSCF(Proxy-CSCF) I-CSCF(Interrogating CSCF) S-CSCF(Serving CSCF) 本質上它們都是SIP伺服器,處理SIP信令。 The IMS Scenario The IMS Scenario In such a scenario, a top priority for both users and operators is to achieve secure communications. 作者提供 robust framework 去保證 user’s identities and 防 止 session hijackings and attacks. Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure HA HA (2) Tunneled Packet (1) Packet CN MN (3) Packets (Triangle Routing) CN (2) Packets MN (1) Binding Update (Route Optimization) Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure MIPv6 presents some security vulnerabilities when adopted in heterogeneous wireless networks. 尤其在 MN 傳送 BU messages 給 CN(s) 將可能有 security threats. Since security between MN and HA is guaranteed by adopting IPSec [8] together with the Encapsulation Security Payload (ESP) protocol [9]. Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure MN 會儲存這些 cookie values 為了保證CN所傳回來的 cookie是相同的。 CN generates MN 使用 這 two tokens 產生 key 之後傳送 BU 到 CN 去 認證. Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU))) If the authentication data of the BU is valid, the correspondent node adds an entry in its Binding Cache for the particular MN and sends a BA message. Upon receipt of the BA message, the MN adds an entry to its Binding Update List for the CN. Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure Security Vulnerabilities Of Mobile IPv6 And Return Routability Procedure A malicious node, aware of a session between MN and CN, might simulate a handoff of the MN by sending fake HoTI and CoTI messages. In such a way, it can obtain Kbm and send a fake BU to the CN in order to redirect the MN-CN communication to itself (Impersonation Attack) or possibly also forward the traffic to the MN. Deploying MIPv6 In IMS Networks 這部份提到使用IMS SIP-based Network來分析作者提出 的機制. The architectural implications of the SIP signalling infrastructure and the advantages of the integration of MIPv6 within IMS for mobility management and security. Deploying MIPv6 In IMS Networks The IMS defines a security mechanism which verifies that the IPv6 packet source address of SIP messages originating from the MN corresponds to the IPv6 address reported in the SIP headers. Hence, this necessarily requires the MN to use the same address for both the IPv6 packet source address and the IPv6 address used at SIP level. Deploying MIPv6 In IMS Networks Therefore, several scenarios are possible for address management [12]: (i) 在SIP registration 和 session establishment 時,MN 使用 CoA 當作 source address . 這樣 MN 在每次改變Link 時 , 將需要 re-register the new CoA with the ServingCSCF; In real-time communications this would cause loss of RTP packets while the re-INVITE procedure is completed and does not guarantee TCP-based sessions continuity; Deploying MIPv6 In IMS Networks (ii) 在SIP signalling 裡 , MN provides both the CoA and HoA . This requires changes to current SIP standards and therefore it is neither easily feasible nor recommended; (iii) 在 SIP registration 和 session establishment時 MN provides the HoA 當作 IPv6 source address. Deploying MIPv6 In IMS Networks 這樣當 MN changes CoA 時 就不需要 re-register or reinvite other nodes , but it updates the new CoA through MIPv6 signalling. If we suppose that the SIP proxy (PCSCF), supports the MIPv6 stack, then the SIP application can be completely unaware of changes of MN’s CoA. 所以 第(iii) 的方法對於在existing applications, protocols and node 是 efficiency and low impact. A Solution To MIPv6 Security Threats 在先前就提過 security vulnerabilities in an MIPv6-enabled IMS network. As in [13], 作者提出 at call setup (INVITE message) 產生 the authentication key Kbm. and to distribute it to the MN and CN within the body of the SIP 200 OK and ACK messages, instead of using the RRP procedure. A Solution To MIPv6 Security Threats The distribution of the keys is secured between any SIP user (MN and CN) and its own P-CSCF. IPSec with ESP It is important to highlight that this procedure is performed only at the beginning of a communication session, while the standard MIPv6 RRP between MN and CN should be repeated, together with the BU, after every terminal handoff. Such improvement can appreciably reduce end-to-end delays during real-time communications. A Solution To MIPv6 Security Threats A Solution To MIPv6 Security Threats A Solution To MIPv6 Security Threats Using only the Kbm key 免受第三者的攻擊. Our proposal against this kind of threats is based on the use of the AAA server that must generate an additional key, named Ka. 在 INVITE phase 將 Ka 傳送給 P-CSCF1 and CN, but not to the MN. A Solution To MIPv6 Security Threats The MN, after roaming to a new subnet and acquiring a new CoA, performs a BU towards its P-CSCF; In the subsequent BA answer message the MN is provided with a value CoA-Auth generated by the P-CSCF as a hash function of Ka and the new CoA. A Solution To MIPv6 Security Threats The subsequent BU to the CN will then include the value CoA-Auth which will be used by the CN (together with the Ka key) to authenticate the new MN’s CoA. However, in order to include the CoA-Auth value in the BA and BU messages, a new “IMS Care-of-Address Authentication” MIPv6 Mobility Option must be adopted. Conclusion 這篇 paper 作者提出在 MIPv6-enabled IMS network 裡能 夠達到 seamless session mobility. The IMS centralised AAA Server will generate, manage and distribute the MIPv6 authentication keys, thus increasing security. Furthermore, the handoff latency consequently minimised, as already shown in [13].