Download ppt

T-110.5110 Computer Networks II
Mobility Issues
6.10.2008
Prof. Sasu Tarkoma
Contents
• Overview
• Mobile IP
• NEMO
• Transport layer solutions
• i3
• SIP mobility
Mobility
• What happens when network endpoints start to move?
• What happens when networks move?
• Problem for on-going conversations
– X no longer associated with address
– Solution: X informs new address
• Problem for future conversations
– Where is X? what is the address?
– Solution: X makes contact address available
• In practice not so easy. Security is needed!
Classifying Mobility Protocols
Mobility
Global
Macro
Micro
Hierarchical MIP
(1996)
Cellular IP
(1998)
MIP
(1996)
Hawaii
(1999)
Dynamic Mobility
Agent (2000)
Intra-subnet
TMIP
(2001)
HMIPv6
(2001)
Intra-domain
MIPv6
(2001)
Inter-domain
Time
(evolutionary
path)
Routing vs. mobility
• Topology data aggregation is necessary
– Cannot track all hosts in the world
– IP addresses determined by topology
• Network gives the routing prefix
• Mobile hosts must change their IP addresses
– Causes sockets / connections to break
• How to communicate address changes?
• Two approaches:
– Let routing handle it  not scalable
• Done by ad hoc routing protocols
– Let end-systems handle it  protocol is needed
• Goal of a mobility protocol
– Transport and applications do not see address changes
– Mobility transparency
Networks: Mobility
MH
AP
NAT
GPRS/UMTS
Access network
BS
MH
NAT
Public Switched Data Network
Router
BS
Ad hoc
MH
Backbone LAN
R
R
R
R
Router
MAN
R
Router
Router
Rendezvous
• How to find the moving end-point?
– Tackling double jump
• What if both hosts move at the same time?
• Requires a rendezvous point
• Mobility management is needed!
– Initial rendezvous
– Can be based on directories
– Requires fast updates to directories
• Does not work well for DNS
Security issues
• Address stealing
– Alice and Bob communicate
– Mallory tells Alice
• Bob is now at C
• Address flooding
– Mallory downloads from Alice, Bob, etc.
– Mallory tells everybody
• I have moved to C
Mobile IP
• Two versions
– IPv4 (optional)
– integrated into IPv6 (with IPSec security)
• Home Agent (HA)
– Home address
– Initial reachability
– Triangular routing / reverse tunneling
• Route optimization
– Tunnels to bypass HA
– HA as a rendezvous point
Mobility Example:Mobile IP
Triangular Routing
Ingress filtering causes problems for IPv4
(home address as source), IPv6 uses CoA
so not a problem . Solutions:
Correspondent
(reverse tunnelling) or
host
route optimization
Foreign agent left
out of MIPv6. No special
support needed with
IPv6 autoconfiguration
DELAY!
Foreign agent
Home agent
Home link
Foreign link
Mobile host
Care-of-Address (CoA)
Reverse Tunnelling
Correspondent
host
Firewalls and ingress
filtering no longer a
problem
Double triangular routing
leads to overhead and
increases congestion
DELAY!
Router
Home agent
Home link
Foreign link
Mobile host
Care-of-Address (CoA)
Mobility Example:Mobile IPv6
Route Optimization
CH sends
packets using routing header
Correspondent
host
Secure tunnel (ESP)
Home agent
First, a Return Routability test
to CH. CH sends home test and CoA
test packets. When MH receives both,
It sends the BU with the Kbm key.
Router
MH sends a binding update to CH
when it receives a tunnelled packet.
Home link
Foreign link
Mobile host
MIPv6
• MIP6 utilizes IPv6 header options for signalling between the HA
and CN.
• The important changes are a new extension header (mobility
header) for the creation and management of binding, a new
routing header type to allow packets to be routed directly from
CN to a MN CoA (home address in ext), and a new destination
type (MN to CN, home address again)
• MIP6 uses the new IPv6 autoconfiguration mechanism to
determine the CoA, and thus does not need a FA.
• Using autoconfiguration, the MN receives Router Advertisements
that contain the routing prefixes of the visited network. This prefix
information is then combined with the interface ID (MAC address)
of the MN to obtain the CoA.
• MIP6 also supports the dynamic discovery of the HA or HAs.
Extension Headers
CN to MN
MN to CN
MH
Upper Layer
headers
Data
Mobility Header
MH Type in Mobility Header: Binding Update,
Binding Ack, Binding Err, Binding refresh
MN, HA, and CN for Binding
Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007
MIPv6 Operation: Mobile on a Foreign network
3
2
Foreign Network
4
Stateless address Auto
configuration
1
Bidirectional tunnel
Duplicate address detection,
Proxy neighbor discovery,
and Binding cache update
(Acquiring COA)
5 Update Binding Update List
Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007
MIPv6: Dynamic Home Agent Discovery
Home Agents List
Home Agent 2
Home Agent 1
Preference Value
6
2
1
1
2
Home Agents List
Home Agent 2
Home Agent 1
2
Preference Value
6
2
Mobile Node
1
Dynamic Home Agent Address Discovery request to anycast address
2
DHAAD reply with addresses of home agents with their preferences
Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007
Source: Microsoft,
Understanding Mobile IPv6
Security in Mobile IP
• MIPv6 RFC 3775/3776
– Protection of Binding Updates HA, CNs
– IPsec extension headers or the binding authorization data
option
– Binding management key, Kbm, which is established through
return routability procedure
– Protection of mobile prefix discovery
– Protection of the mechanisms that MIPv6 uses for
transporting data
• Protecting binding updates
– Must be secured through IPsec
– ESP is used for updates and acks
• Shoulds: init messages, prefix discovery
Return Routability
Mobile Node
Correspondent Node
Home Agent
HOTI (HOme address Test Init)
COTI (Care-Of address Test Init )
HOTI
COT (Care-Of Test )
HOT (HOme Test)
HOT
BU
ACK BU
Can see HOT but
not COT
Claim to own home
address
Use current
address as CoA.
Offpath attack
using refresh
Sends COTI and HOTI to CN,
construct Kbm  claim
ownership of CoA
send binding updates, break
comms. with CN.
Offpath attack
CN
1
2
HA
4
3
MiTM attacks.
Cannot construct
Kbm.
MN
Both HOTI and
HOT are encrypted.
Malicious node may
be able to forward
traffic to neighbor if
has a valid HA
Offpath attacks
• DoS attacks: memory/processing capability exhaustion.
Connection termination.
• Reflection attacks. Victim’s IP address is spoofed,
receiver will respond, causing messages sent to the
victim
– Ingress filtering can help
• MiTM attacks. Attacker compromises routers on-path.
Route injection.
MIP specific attacks
• Prevent connections between CN and MN by picking a
home address and RR
• Attacker can move to another location and refresh
binding, continue deny service to MN while offpath
• Solutions
– When location changes, MN runs RR (malicious
node fails this if offpath)
– Public keys and certificates, IKE
– Cryptographically generated address (CGA)
CGA and MIP
• Each node has a key-pair
• Produce h(PK, data)  64 bits that can be used as the
interface identifier
• Put this into IPv6 address host part
•  cryptographically generated address
• MN can prove it owns such an address by providing a
signature inside a message
• CGA can be used to prove that a noede owns a
particular addres, but not that a node is currently
located at this address
–  RR is needed
Hierarchical Mobile IP
• HMIPv6 is specified in RFC 4140
• Introduces local Mobility Anchor Points (MAP) that are
essentially Home Agents
• MAPs can be located at any level in a hierarchical
network of routers, including the access routers.
• The aim of the HMIPv6 is to minimize the signaling
latency and reduce the number of required signaling
messages.
• As long as the MN stays inside one MAP domain it only
needs to update its location with the MAP.
• The localized mobility management can also be
completely handled on the network side without MN's
involvement at the IP mobility protocol level.
NEMO
• It is also possible for a
whole subnetwork to roam from
one part of the Internet to another.
• Network Mobility (NEMO) is specified in RFC 3963
• The technical solution of NEMO is based on MIP6.
NEMO allows subnetworks to change their location in a
network.
• This is realized using a mobile router that manages
the mobile network. The mobile router updates its HA
regarding the CoA of the mobile router.
• A NEMO compliant HA can act also as a MIP6 HA. The
basic solution creates a bi-directional tunnel between
the mobile router and the HA, which effectively keeps
the mobile network reachable.
• Hosts behind the mobile router do not need to be aware
of mobility in any way.
Hierarchical Mobile IP (HMIP)
MH@FA1
HA
Localizing Registrations
Internet
MH@FA2
MH@FA4
FA1
MH@FA3
MH@FA6
FA2 MH@FA5
Lineage <FA4, FA2, FA1>
MH@VL
FA5
FA3
FA6
MH@VL
<FA6, FA3, FA1>
FA4
<FA5 FA2, FA1>
Common ancestor
= FA2 (nearest)
Common ancestor
= FA1 (nearest)
Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007
Multi-layer Operation
• Mobility and multi-homing can be realized on different
layers
– Network
• Mobile IP, HMIP, NEMO
– Between network and transport
• Host Identity Protocol (HIP)
– Transport (SCTP)
• TCP extensions, SCTP (TrASH)
– Application
• SIP, Wireless CORBA, overlays
• Re-establish TCP-sessions after movement
TCP Solutions to Mobility
• When MN initiates a connection, it tells the CN it’s new
IP address through SYN
• CN uses DNS lookup to locate a MN
• TCP Migrate option is used to migrate to a new
connection
CN
MN
CN
• (s_ip, s_port, d_ip, d_port) to (s_ip, s_port,
d_ip’,d_port’)
MN after movement
(Migrate SYN, Migrate SYN/ACK, ACK)
• Segmented TCP, Indirect TCP (I-TCP)
• SCTP multihoming can be used as well
Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007
SIP Mobility
• Session mobility allows a user to maintain and manage
a media session across devices
• Terminal mobility allows a device to move between IP
subnets while continuing to be reachable for incoming
requests and maintaining sessions across subnet
changes
• Personal mobility allows the addressing of a single user
• Located at different terminals by using the same logical
address
• Service mobility allows users to maintain access to
services while moving or changing devices and network
service providers
• SIP implements these using URLs, proxies, and
redirect servers. The home domain keeps track of users
and devices. Message forking
Host Identity Protocol
• New cryptographic namespace
• Connection endpoints mapped to 128 bit host identity
tags (hashes of public keys)
• Mapping at HIP layer
• 4-phase Base Exchange with cryptographic puzzle for
DoS prevention
• IPSec for network-level security
Identity/Locator split
Process
Transport
identifier
ID Layer
IP Layer
Link Layer
locator
Application-layer mobility
• Many application-layer protocols are, in principle,
similar to Mobile IP
• Moving entity may differ
– Instead of host we have object, session, entity, or
interests
• For example:
– Object mobility
• Wireless CORBA
– Session mobility
• SIP
– Interest mobility
• Content-based routing
– Generic mobility
• i3 overlay, service composition
Internet Indirection Infrastructure (i3)
• An Overlay infrastructure.
• Every packet is associated with an identifier.
• Receiver receives using identifier
A Trigger
Movement with a
different address
(Natural Support for Mobility)
[Source: http://i3.cs.berkeley.edu/]
i3: How it Works?
CHORD ensures O (log N )
no. of intermediate hops to
reach at the destination
(A Receiver R inserts a trigger into i3)
(A Sender S sends a packet with same identifier
37, that is delivered to R)
[http://i3.cs.berkeley.edu/]
Mobile Web Server
Webserver
2
Browser
1
3
2.5/3G
Operator
Firewall
DNS
Gateway
By courtesy of Johan Wikman
Presented in EuroOSCON 2006
Internet
Indirection Points
• Mobility may be characterized by indirection points
– Mobile IP
• Single fixed indirection point
– Location / Identity split
• Single indirection point
– SIP
• Single fixed indirection point (home domain)
(other are possible)
– Content-based routing
• Many indirection points
Lessons to learn
• Hierarchical routing likely to stay
– Addresses carry topological information
– Efficient and well established
• Applications face changing connectivity
– QoS varies
– periods of non-connectivity
• Identifiers and locators likely to split
• Mobility management is needed
• Probably changes in directory services
– Overlays have been proposed
Summary
• Topology based routing is necessary
• Mobility causes address changes
• Address changes must be signalled end-to-end
– Alternative: use triangular routing as in Mobile IP
• Mobility management needed
– Initial rendezvous: maybe a directory service
– Double jump problem: rendezvous needed
• Many engineering trade-offs