Security for Mobility on IP

Transcription

1 Security for Mobility on IP Olivier CHARLES MTM 2000, Dublin 17 February 2000 Le présent document contient des informations qui sont la propriété de France Télécom. L'acceptation de ce document par son destinataire implique, de la part de ce dernier, la reconnaissance du caractère confidentiel de son contenu et l'engagement de n'en faire aucune reproduction, aucune transmission à des tiers, aucune divulgation et aucune utilisation commerciale sans l'accord préalable écrit du France Télécom - (Nom du fichier) - D1-21/02/00

2 Security for Mobility on IP Introduction of Mobile IP concepts and challenges for Telcos Presentation of the P912 Eurescom project Security objectives Security threats Security solutions Futures developments and projects La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D2-21/02/00

3 Mobile IP concepts Transparent routing of IP datagrams to mobile nodes Mobile nodes can keep their connections active while moving Each mobile is always identified by its home address The mobile gets a temporary address on the foreign network Tunnelling of packets between a home agent and the mobile Care of Address La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D3-21/02/00

4 Mobile IP challenge for Telcos Provide Mobile IP based remote access services to the Internet to intranets Operate Mobile IP based 3rd generation cellular systems IETF 3GPP Develop Mobile IP based WAP services La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D4-21/02/00

5 EURESCOM P912 : Security for Mobility on IP objectives Security oriented review of protocols for mobility in IP Investigation of a threat analysis related to the addition of mobility facilities on IP (identification, evaluation of risks) Definition and proposal of security services to be implemented in a mobile environment La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D5-21/02/00

6 EURESCOM P912 : Security for Mobility on IP Shareholders BT, DT, TE, NT and FT (project leader) dates from January 1999 to December 1999 deliverables D1: Security requirements for the introduction of mobility to IP D2 : Security guidelines for the introduction of mobility to IP La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D6-21/02/00

7 EURESCOM P912 : Methodology Objectives Requirements threat identification Risk assessment Selection of the most crucial threats Security features Guideline for the introduction of the mobility to IP La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D7-21/02/00

8 General security objectives for Telcos Protection of the Core Networks Ease of Implementation Protection of stored information Security services for user Confidentiality of user location Disclosure, modification, or destruction of user information protection of user identity from exposure Confidentiality of transmitted data La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D8-21/02/00

9 Specific security objectives 7 classes Confidentiality Authentication Authenticity Availability Authorised access Accountability Assurance La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D9-21/02/00

10 Threat identification : Methodology Based on about 80 scenarios user, connection, hardware, application... different types of movements : static mobility (slow movements) dynamic mobility (fast movements) Translation of some scenarios into Message Sequence Charts detailed threat analysis both IPv4 and IPv6 La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D10-21/02/00

11 Threat identification : Graphical Scenarios Network of the correspondent #1 visited subnet #2 Scenario Correspondent #2 Scenario Correspondent #1 Home link Internet Mobile Node "away from home" Scenario Mobile Node Correspondent #3 La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D11-21/02/00

12 Threat identification : MSC Mobile Node Foreign Router Foreign Router 1 Correspondent #1 Home Router Home Agent Mobile Node Mobile Node sends bindings updates Binding Update Authentication Binding Acknowledgment Authentication Neighbor Advertisement Binding Update Authentication Binding Acknowledgment (optional) Authentication La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D12-21/02/00

13 Identified Threats : 4 classes (1) Loss of confidentiality/session stealing/spoofing on the mobile node the foreign-agent the home-agent other hosts on the foreign network Loss of security features provided by the home network firewall protection on the home network La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D13-21/02/00

14 Identified Threats : 4 classes (2) Denial of Service / Flooding of : the mobile node the home agent the foreign agent (IPv4 environment) the correspondent (IPv6 environment) Tracking of the mobile node La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D14-21/02/00

15 Evaluation of threats : 10 criterias Equipment required (price and availability) Knowledge required Time required (Time to prepare the attack, Time to perform the attack) Location required Time-window required (Number of periods of time, length of period of time) Number of possible targets Time to recover Difficulty of detecting an attack Difficulty of identifying the attacker Type of access required La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D15-21/02/00

16 Solutions IPSec Client Side Firewall Frequency hopping Protection of the PNOs network Public Key Infrastructure Smartcard Special care of... La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D16-21/02/00

17 Use IPSec ESP between the mobile node and the home agent, between the foreign agent and home agent, protect sensitive AAA traffic (traffic encryption for confidentiality). Sending IPv6 Binding Updates mandatory, use of PKI over IPSec/IKE. La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D17-21/02/00

18 Use client side Firewalls Protection of the mobile node while visiting a foreign network: possible attacks from other mobile nodes connected to the same foreign network. no more trusted firewall between the mobile and the Internet Client side lightweight intrusion detection systems: on the foreign network, on the mobile node. La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D18-21/02/00

19 Use frequency hopping Over wireless links (e.g. WLAN) Confidentiality improvement of : user traffic, user location. La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D19-21/02/00

20 Protecting the PNOs network Where the foreign agent is located firewall (problem with packet filtering) intrusion detection systems Home network and home agent limit access to home-agent to registration requests La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D20-21/02/00

21 Public Key Infrastructure Use public key encryption to establish dynamic IPSec security associations based on PKI, enable non-repudiation services Use PKI for management of security elements no need for protection of secret key bases enable easy end-to-end strong authentication La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D21-21/02/00

22 Smart cards Storage of sensitive information for authentication, signature and generation of ciphering keys Enable user mobility vs. terminal mobility authentication of the user vs terminal authentication storage of (all or part of) user profiles La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D22-21/02/00

23 Special care of Using carefully selected IPv6 addresses autoconfiguration builds traceable IPv6 addresses Using carefully selected Network Access Identifiers loss of user location confidentiality Enabling different options co-located addresses, enabling AAA, etc La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D23-21/02/00

24 Future developments AAA for Mobile IP : coming draft today it is just a requirement list Macro & Micro Mobility IP Cellular, Hawai, HMIP 3GPP standard security aspects La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D24-21/02/00

25 Other FT project : «Mobisecv6» (1) Objectives : develop a complete Mobile IPv6 plate-form Mobile : FreeBSD Home Agent : AIX Firewall : Netwall Hierarchical Mobile IPv6 management Partners : INRIA (Mobile Host, HMIP6) BULL ( Home Agent, Firewall) France Telecom CNET (validation, security) La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D25-21/02/00

26 Other FT project : «Mobisecv6» (2) To the 6Bone DNS H.A Router Router mobile mobile www Ftp Router Host Microsoft Kame Host Host Router WaveLan PPP / GSM Network La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D26-21/02/00

27 Other FT project : «Mobisecv6» (3) Main results on the security IPSec IKE IPv6 available interoperability between AIX and FreeBSD Open issues interoperability with Microsoft and Kame (testing is possible) theoretical problems while away from home for IKE phase #1 La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D27-21/02/00

28 New EURESCOM Projects P1001 : PKI Implementation and Test Suites for Selected Applications and Services Defining, implementing and testing a Europe-wide PKI between telcos Task 7 : PKI for Mobile IP P1013 : First steps towards UMTS: Mobile IP Services. A European testbed Mobile IP core network for UMTS Testbed Security aspects La communication de ce document est soumise à autorisation du France Télécom - (Nom du fichier) - D28-21/02/00