Security of Internet Location Management

1
Security of InternetLocation Management

• Tuomas Aura (Microsoft Research, UK)
• Michael Roe (Microsoft Research, UK)
• Jari Arkko (Ericsson Research, Finland)

2
Outline

• Mobile IPv6 and route optimization
• Attacks false Binding Updates (BU)
• Routing-based authentication
• More attacks, protocol improvements

3
Internet Protocol (IPv6)
source Bdestination A
A
B

• Data sent in IP packets,routed through the
  Internet
• Source spoofing possible

4
Mobility
Correspondent
A
B
Home
Current location
C

• How to communicate after mobileleaves home?

5
Mobile IPv6
Correspondent
source Bdestination A
Home
A
B
tunnel
source Adestination Coriginalsource
Bdestination A
Current location
C

• Mobile always uses the same address A
• Home agent forwards packets

6
Route Optimization
Correspondent
1. first packet
Home
A
B
2. Binding Update (BU)
source Cdestination BThis is AI'm at C
tunnel
3. followingpackets
C
Current location
7
Route Optimization

• Important optimization
• Any IPv6 node can be a correspondent,any address
  can be mobile
• Binding Update (BU) usually triggered when mobile
  receives a tunneled packet, but it may be sent
  at any time

8
False Binding Updates
B
A
False BU
source Cdestination BThis is AI'm at C
Stolen data
Spoofed data
C
Attacker

• Highjack old connections or open new
• A, B and C can be any Internet nodes

9
BU Authentication

• The obvious answer cryptographic BU
  authentication,PKI IPSec
• No global PKI IPSec too expensive
• New ideas needed!
• Requirements
• ? as secure as the non-mobile IPv4
• ? zero user and admin interaction

10
Creating trust from nothing?

• How authenticate between any two IPv6 nodes,
  without adding infrastructure?
• Some IP-layer infrastructure available
• IPv6 addresses
• Routing infrastructure
• Address-based CAM O'Shea,Roe2001
• Routing-based weak authentication

11
BU Authentication v.1
Correspondent
2. K
A
B
Home
reject
accept
1. BU
securetunnel
3. BU, h (K, BU)
C
Current location

• Send a key in plaintext

12
Is that good enough?

• Our protocol, CAM, and other protocols discourage
  lying about who you are
• Still possible to lie about where you are!

13
Bombing Attack
bbc.co.uk
Attacker
Video stream
B
A
source Cdestination BThis is AI'm at C
False BU
Unwanted video stream
C
Target

• Flood target by redirecting data streams

14
Bombing Attack - ACKs
Attacker
bbc.com
False BU
B
A
source Cdestination BThis is AACK
Falseacknowledgments
Unwanted video stream
C
Target

• Spoof TCP-like ACKs, one per window
• ERROR IN PAPER No TCP Reset sent!

15
BU Authentication v.2
Correspondent
2a. K0
A
Home
B
reject
accept
1. BU
2b. K1
securetunnel
3. BU, h (K0,K1,BU)
C
Current location

• Ask C whether it wants to be A

16
Is that good enough?

• All information in BUs is true
• Next Denial of service attacks against the
  authentication protocol

17
Reflection and amplification
Correspondent
2a. K0
A
Home
B
2b. K1
1.
securetunnel
E
C
Current location
DDoS Attacker

• Two DDoS packets become one
• IP trace-back cannot find the attacker

18
BU Authentication v.3
Correspondent
2a. K0
A
Home
B
1a. BU
accept
1b. BU
2b. K1
securetunnel
3. BU, h (K0,K1,BU)
C
Current location

• Balanced message flows

19
Exhausting State Storage

• Correspondent stores K0, K1
• ? DoS attack similar to SYN flooding
• Solution stateless correspondent
• K0 h(N, A), K1 h(N, C)
• N Bs periodically changing secret

20
Unnecessary BUs
Attacker
spoofed packet
source Bdestination A
E
A
Home
B
tunnel
unnecessary BU
C
Current location

• Spoofed packets to home address trigger true but
  unnecessary BUs

21
Summary

• Security the blocking Mobile IPv6 standardization
  in IETF not any more
• The difficult part understanding threats and
  security requirements
• A weak protocol but it does the jobas secure
  as Internet without mobility
• Solving new problems created by new technology
  (mobility) before it is deployed