Distributed Authentication Mechanism for Mobile IP Route Optimization

Transcription

1 Distributed Authentication Mechanism for Mobile IP Route Optimization Neeraj Jaggi Department of ECSE Rensselaer Polytechnic Institute Koushik Kar Department of ECSE Rensselaer Polytechnic Institute Abstract Mobile IP protocol provides a scalable indirection mechanism allowing the mobile hosts to maintain network layer connectivity across mobility. This leads to triangle or indirect routing towards the mobile host. To ameliorate this routing inefficiency, Route Optimization has been proposed. One of the open issues in Mobile IP Route Optimization is the authentication of Binding Update message at the correspondent node. This paper proposes a robust, scalable and efficient distributed authentication mechanism for the Binding Update message in Mobile IP Route Optimization. The mechanism does not require preconfiguration of a shared secret key between the Home Agent and the correspondent node and is still strong enough to achieve its goal. The proposed mechanism only affects the Mobile IP routing protocol and the mobility aware correspondent nodes, and hence is easily incorporated in both MoIP v4 and MoIP v6. 1. Introduction Efforts to support mobility for hosts over the current Internet infrastructure started with the emergence of increasing number of wireless devices and efficient wireless LAN technologies. The mobile hosts could physically move across networks but would like to preserve their ongoing TCP connections and other applications. Internetworking protocols used in the Internet (viz. IP) do not inherently support host movement, thus forcing mobile hosts to change their connection identifier (viz. IP address) when connecting to the Internet through a different network, rendering host movement time consuming and inefficient. To support mobility (without Mobile IP), either the mobile host must change its IP address whenever it changes its point of attachment, or host-specific routes must be propagated throughout the Internet. The former leads to broken higher layer connections during mobility, while the latter This work was supported in part by NSF grant ECS does not scale with large number of mobile nodes in the Internet. Originally an IP Address was intended to be associated to a network attachment point since it was assigned to an interface (and not to a host). With the introduction of mobile devices with wireless interfaces capable of moving across networks, the IP address of those interfaces would essentially change, since the network attachment point has changed. This potentially causes disruption of applications on the host leading to temporary loss of connectivity for the host. Associating an IP address to the host itself, addresses to resolve the issue. But this requires some kind of an indirection mechanism since the existing routing infrastructure does not inherently support this functionality. Mobile IP protocol [6] defines such an indirection mechanism for mobile hosts. It provides a scalable mechanism to enable hosts to change their point of attachment to the Internet, without changing their IP addresses, thus enabling transparent routing of IP datagrams to and from mobile hosts in the Internet. Each mobile host is always identified by its home IP address, regardless of its current point of attachment to the Internet. A Home Agent is associated to the mobile hosts in their home networks, which keeps a binding for a mobile host which is currently away from home, with its Care-Of address, which is its current point of attachment to the Internet. Without any changes to the routing infrastructure, datagrams addressed to the mobile host get hierarchically routed to the mobile host s home network. These datagrams are intercepted by the Home Agent in the home network and forwarded over a tunnel to the Care-Of address, which then delivers the datagrams to the mobile host. Datagrams originating from the mobile hosts are forwarded to the Internet by the Care-Of address itself. A Care-Of address functionality may be provided by a packet gateway called Foreign Agent in the service provider s network Ex. PDSN (Packet Data Serving Node) in CDMA 2000 network. Or alternatively Care-Of address could be a co-located address acquired by the mobile host temporarily. Generally a Foreign Agent is deployed in the network to serve as Care-Of Address for the visiting mobile hosts.

2 1. Location Registry allows for recording mobile host s current location in its home network. This avoids any requirements for changes to the basic routing infrastructure and allows organizations owning networks to manage mobility for all its mobile hosts with this home network, improving scalability. Figure 1. Indirect routing in Mobile IP Figure 1 illustrates the routing of datagrams to and from a mobile host away from home, once the mobile host has registered with its home agent. One of the advantages of this approach is that it does not mandate any changes to other stationary hosts or to the backbone routing already in place in the Internet. In addition, routing is transparent to the applications and transport protocols. The disadvantage is that it introduces a suboptimal route towards the mobile host, also refered to as Indirect Routing or Triangle Routing. Route Optimization [7] addresses this routing anomaly by allowing the correspondent nodes to cache the Care-Of address of the mobile host with which they are communicating. Once the cache has been established, the correspondent node can directly tunnel datagrams destined to the mobile host, to its Care-Of address. Thus this location caching avoids indirect routing for future datagrams destined to the mobile host. Route optimization also suggests improvements during mobile host s handoff across Foreign Agents. The major issue involved with location caching in Mobile IP Route Optimization is the authentication of the Binding Update message at the correspondent node. A Binding Update message needs to be authenticated before being processed, to avoid any threats to hijack the connection etc. This paper proposes a robust, scalable and efficient distributed solution to the issue. This paper is organized as follows. In Section 2, an overview of the Basic Mobile IP protocol is presented. In Section 3, the proposed Route optimization enhancements, its benefits and issues are discussed. In Section 4, the distributed authentication mechanism is discussed in detail, followed by conclusions in Section Mobile IP Protocol Overview The following network layer mobility schemes [2] have been incorporated in the Mobile IP protocol. 2. Packet Tunneling is used to route packets destined to the mobile host, to its current location. Tunneling provides the indirection using an encapsulation protocol, enabling forwarding of packets to the tunnel s other end point transparently across the network. 3. Caching and Consistency: Tunneling supports packet forwarding only through an agent on the mobile host s home network. This results in indirect routing and places unnecessary overhead on the Internet and the agent and also increases packet latency. Correspondent nodes that have been modified to support mobility should be able to learn and cache the current location of the mobile host with which they are communicating, and use this location to tunnel their packets directly to the mobile host. Cache inconsistency, when the mobile host moves, needs to be handled carefully. The basic Mobile IP protocol [6] provides transparent routing of packets to a mobile host and requires no modifications to existing routing infrastructure or correspondent nodes. However, no support is provided for correspondent nodes to be able to tunnel packets directly to the mobile host s current location. Home Agent in the mobile host s home network maintains a registry of mobile host s current location, identified as its Care-Of address. The association between a mobile host s home address and its current Care-Of address is called a Mobility Binding. Whenever a mobile host moves, it registers its new binding with the home agent. Some form of tunneling is used between the home agent and the foreign agent to forward packets destined to the mobile host. A common mechanism used is IP in IP encapsulation. Some of the essential procedures of the Mobile IP protocol include: 1. Agent Discovery: Normally a mobile host attempts to discover a foreign agent in the visited network using agent discovery protocol. Agents periodically advertise their presence by multicasting an agent advertisement message on the network. The mobile host may also multicast an agent solicitation message onto its current network to ask for advertisement. Mobile host then registers with the foreign agent and uses the agent s IP address as its Care-Of address. The mobile host also detects movement using these mechanisms and reregisters appropriately.

3 2. Registration: Registration mechanism allows for a mobile host to inform its home agent of its current location. The mobile host tries to register with a foreign agent providing its home agent s IP address. The foreign agent forwards the request for registration to the home agent. Home agent replies to the foreign agent, who in turn forwards the reply to the mobile host. Each registration has an associated lifetime during which the mobile must reregister to continue to receive service. This results in maintaining only a softstate at the foreign and home agents for the mobile hosts. A mobile host deregisters with the home agent on returning back to its home network. Registration mechanisms also allow the mobile host to discover its home address, if the mobile host is not configured with this information. It also allows for a mobile host to discover the address of its home agent, using a unique NAI (Network Access Identifier) [1] assigned to the mobile host and configured at the AAA (Authentication, Authorization and Accounting) server in the home network. This procedure is also referred to as the dynamic Home Agent assignment. 3. Registration Authentication: All registrations with a mobile host s home agent are authenticated using a secret key shared between the mobile host and its home agent. Replay protection for registration messages may be provided using nonces or timestamps [6] Protocol Scalability The mobile IP protocol is a good approach towards providing seamless transparent mobility for mobile hosts in the Internet. The protocol provides highly scalable support for packet routing to a large numbers of mobile hosts. As new networks are added, each deploys its own home agent to support its mobile hosts. Since a foreign agent only serves the mobile hosts currently registered with it, this approach allows these functions to scale with the number of networks that allow visiting mobile hosts. The correspondent nodes maintain binding caches for only a limited number of mobile hosts with which they are communicating at any time. Another approach suggested to provide host mobility in the Internet is based on an End-to-End architecture using dynamic DNS updates to track host locations [8]. It allows the hosts to change IP addresses across mobility and recommends that transport layer protocols such as TCP, negotiate a change in endpoint IP addresses without involving a third party. This requires modifications to transport layer protocols and applications at all the end hosts. In a foreign network, a mobile host uses a locally obtained IP address as its source address. When a mobile host moves across networks, it obtains a new IP address and sends a secure DNS update to one of the name servers in its home domain updating its current hostname-to-address mapping at the server. Other nodes trying to communicate with the mobile host need to perform a DNS lookup to obtain this mapping. While a connection is already established and the host moves, the connection is migrated with the support of transport layer mechanisms provided. Issues here comprise of providing secure connection migration by the use of token, timestamps and keys, and changes to TCP state machines to enable this. This architecture allows end systems to choose a mobility mode best suited to their needs. Routing paths are efficient with no triangle routing as in Mobile IP, giving better performance. However, this requires a local address pool at all the foreign agents serving mobile hosts. Also when there are multiple IP addresses belonging to a host, the DNS lookups for hostname-to-address mapping may need to be modified. In addition both the communicating peer nodes cannot move simultaneously since this scheme does not have an anchor point like Mobile IP s home agent. Finally, this scheme requires the existing hosts and applications to change to be able to talk to mobile devices! Interpreting end-to-end argument in another way also suggests that any changes to layer3 like IP address change or change in network point of attachment, should be transparent to the higher layers and applications. Also predicting fast and frequent movements of mobile hosts in future, maintaining a consistent IP address seems to be a better option than migrating connections time and over again Protocol Issues Two major issues with Mobile IP protocol design are: Ingress Address Filtering: To combat denial-ofservice attacks, ingress filters are deployed in the networks. With this mechanism, a router does not forward packets with a source address which does not belong to the local network. Due to this, a packet sent by the mobile host in a foreign network with the source address set to mobile host s home IP address will not be forwarded by the foreign agent. The solution is to use Reverse Tunneling [4] for all the packets originating from the mobile host. The packets originating at the mobile host are first tunneled to the host s home agent (using the mobile host s Care-Of address as the source address), and then are forwarded to the destination using the mobile host s home IP address as the source address. Since normal packet tunneling is used to forward packets in the opposite direction, this mechanism is called reverse tunneling. Triangle or Indirect Routing: All datagrams destined to a mobile host are routed through that mobile host s

4 home agent, which tunnels each datagram to the mobile host s current location or Care-Of address. This may result in routing paths significantly longer than optimal. This indirect routing also causes overhead on the network and on the home agent and increases packet latency. Also if ingress address filtering is enabled, these routing anomalies occur in both directions, creating a significant bottleneck to scalability and efficiency. 3. Mobile IP Route Optimization : Issues Route optimization [7] stands for the ability of correspondent nodes to cache the location of a mobile host and then tunnel packets directly to the mobile host at its current location. These improvements have been proposed to address the issues with the basic Mobile IP protocol. The core ideas are presented here Location Caching A mobility-aware correspondent node maintains a binding cache listing the current bindings of one or more mobile hosts with which the node is communicating. When sending a packet to the mobile host, the correspondent node may tunnel it directly to the Care-Of address indicated in the cached binding of the mobile host. In the absence of a binding cache entry at the correspondent node, packets will be routed to the mobile host via its home network, as earlier. Also as a side effect of this indirect routing, the correspondent node will be informed of the mobile host s current mobility binding, providing it with an opportunity to cache the binding. A correspondent node can create or update a mobile host s binding only after it has received and authenticated the binding. A binding cache can be managed using any local cache replacement policy such as LRU (Least Recently Used). Each binding will have an associated lifetime to suggest its validity, resulting in only a soft-state at the correspondent nodes Foreign Agent Handoff When the mobile host moves and registers with a new foreign agent, the basic Mobile IP protocol does not have provisions to notify the previous foreign agent about this movement. Any packets in flight, that had already been tunneled by the home agent to the previous foreign agent are lost. Furthermore the previous foreign agent deletes the binding of the mobile host only after the expiration of the lifetime period. With route optimization, the previous foreign agent is reliably informed of the mobile host s movement and of its new binding (Care-Of address). A mobile host after registering with a new foreign agent, notifies its previous foreign agent by sending a binding update message. This allows packets in flight, and datagrams sent based on an out-of-date cached binding at the correspondent node, to be forwarded to the mobile host s new Care-Of address Binding Cache Updates When the home agent tunnels any packet to the mobile host, it also sends a binding update message to the original sender, informing it of mobile host s current binding. When a foreign agent receives a tunneled packet for a mobile host for which he is not serving as the current Care-Of address, it sends a binding warning message to the original sender, advising it to send a binding request message to the mobile host s home agent to request the mobile host s current binding as a binding update. All binding updates include an associated lifetime which indicates the time remaining in the lifetime of the mobile host s current registration. Correspondent nodes may perform binding cache reconfirmation before the expiry of a binding cache entry Binding Update Authentication All binding update messages need to be authenticated before being processed, to avoid any threats to hijack the connection etc. Since the correspondent node may be arbitrary, this requires that a home agent should in general be able to send an authenticated binding update message to any other node in the Internet. This form of general authentication is currently complicated by the lack of a standard authentication mechanism in the Internet today. One possibility is to manually establish a shared secret key between the home agent and the correspondent node [7], making it similar to mobile host s registration authentication. This is inefficient because it requires a correspondent node to be aware of all the mobile hosts it will be communicating with, apriori. Another approach suggested in Mobile IPv6 [5] is called Return Routability. The basic mechanism involves sending two messages from the correspondent node to the mobile host, containing two different tokens. One of the messages is routed through the home agent, while the other is directly sent to the Care-Of address of the mobile host. The mobile host on receiving these two tokens, creates a binding key and includes it in the binding update message sent to the correspondent node. Note here that the binding update message is being sent by the mobile host itself and not by its home agent. A much secure and robust procedure would require a more direct involvement of the home agent. Also the security guarantees provided here are weaker than the original IPv4. Also, to avoid the possibility of time shifting attacks, the validity

5 4. HA on receiving the binding originate message from MH, (decrypts and) matches N1 and sends a binding update message to CN, and includes N2, the identity of MH and its current location or Care-Of address. 5. CN on receiving the binding update message from HA, (decrypts and) matches N2 and installs the new binding entry in its cache. Figure 2. Binding update authentication mechanism of the tokens is kept limited. This results in shorter lifetimes of the resulting binding cache entries at the correspondent nodes, causing additional overhead. Hence the Return Routability mechanism, to check if there is a node to reply, is not foolproof. 4. Distributed Authentication Mechanism The establishment of the cache requires an authenticated binding update message to be delivered at the correspondent node. This message may be generated by the mobile host itself or by its Home Agent, when it receives a message from the correspondent node to be forwarded to the mobile host. The message needs to be authenticated in order to prevent a malicious binding cache entry from being installed at the correspondent node. The nature of the issue is further complicated by the fact that the correspondent node may be arbitrary and can possibly be any of the nodes in the Internet. This paper proposes a solution approach towards the issue of authenticating binding update messages at the correspondent nodes. The proposed mechanism is dynamic and robust, and involves the following entities: the mobile host (MH), the home agent (HA) and the correspondent node (CN). The mechanism comprises of the following five step procedure: 1. HA, on tunneling a packet destined to MH away from home, or on receiving a binding request message from CN, triggers the procedure. HA sends a binding originate message to CN, and includes the identity of MH and a random generated key N1. 2. CN on receiving the binding originate message from HA, generates a random key N2 and sends a binding originate message to MH, and includes N1 and N2. 3. MH on receiving the binding originate message from CN, sends a binding originate message to HA, and includes the identity of CN, N1 and N2. MH may also be allowed to trigger this procedure, by sending a binding request message to HA, specifying the CN. This will be useful when the host moves to a different network, allowing it to inform all the correspondent nodes with which it is communicating, about its new Care-Of address binding. During the procedure each of the entities (namely MN, HA and CN) maintain a soft-state, which expires with time. If a binding originate message is received at any of the entities at a time when they are stateless, the message should be ignored. To pose a threat to the binding entry at CN, one will need to trigger the above procedure. Even if the procedure gets triggered by a malicious message sent by the attacker, the procedure would not succeed because all the entities are required to maintain a soft-state. Since each time both HA and CN generate different random keys N1 and N2 respectively, a replay attack is prevented. Also since the soft-states at CN and HA are tightly coupled, standalone binding update messages at the CN will be rejected. Note here that both the keys N1 and N2 may be encrypted by HA and CN respectively and since only the sources need to be able to decrypt the keys N1 and N2, the need for any shared secret or public key is avoided. The encryption method depends only on the source and is transparent to the mechanism provided. Hence this serves as a fool-proof, distributed and robust mechanism for binding update authentication. This procedure does not require apriori security associations to be maintained at HA and CN, and is more robust than other methods available [5]. A periodic token exchange is not required and the binding update message is embedded in the authentication procedure itself. Binding cache lifetime can be as large as the mobile host s remaining lifetime at HA, and is not limited due to limited validity of tokens etc. Figure 2 depicts the message exchange sequence. Some of the salient features of this mechanism include: Only the HA is allowed to trigger the procedure leading to the installation of the binding cache at CN, ensuring reliability. The requirement for a shared secret key is avoided. The procedure is scalable due to the presence of mere soft states at the entities involved during the message

6 exchanges. In general, no additional state needs to be maintained at any of the entities other than the binding cache at CN. The procedure is secure, efficient and distributed in nature. The binding cache installation at CN involves a overhead of only three messages in addition to the binding update message itself. The binding originate message has three fields namely the IP address of the MH or CN and a maximum of two keys ( N1 and N2 ). Depending on the receiver context, only the relevant fields (as shown in Figure 2) would be valid. For instance, the IP address field is invalid in the binding originate message received at the MH. The presence of MH in the message exchange sequence guarantees that an attacker, posing to be the HA, is not able to install incorrect binding cache at the CN. In such a scenario the MH would contact its genuine HA, which would drop the binding originate message from the MH due to the lack of a soft-state at the HA. The procedure also allows the MH to be aware of all the CNs which have cached its current location. Later when the MH moves, it can use this information to update the bindings at these CNs. Future renewals of the binding cache take place when a binding request message is received at HA from either MH or CN. CN may request HA for binding cache renewal upon expiration of the binding cache lifetime, by sending a binding request message specifying the MH. MH may also request for binding cache update to the CN it is communicating with, upon change in its Care-Of address. In both these scenarios, the above mentioned procedure is triggered at HA, leading to a successful authenticated binding cache installation at CN. This mechanism also works independent of further enhancements to Mobile IP, like bi-directional route optimizations using correspondent agents [9] and can be used in both IPv4 and IPv6 [3] Robustness to Threats Major threats to Route Optimization include: Address stealing: An attacker illegitimately claims to be a given node at a given address, by sending spoofed binding update messages, and then tries to steal traffic destined to that address. Another variant of such a threat includes the man-in-the-middle attack. Denial-of-Service Attacks: By sending spoofed binding update messages, the attacker could redirect all packets sent between two nodes to a random or nonexistent address(es), disrupting communication. This could also result in flooding of an arbitrary IP address. Refer [5] for a more detailed description of these threats. The proposed authentication mechanism is sufficiently robust in preventing the above threats. 5. Conclusion Mobile IP provides for efficient mobility support over current internet infrastructure. Route optimization deals with indirect routing and allows for caching at correspondent nodes. The distributed authentication mechanism presented in this paper is able to successfully install an authenticated binding cache at the correspondent node, mapping the mobile host to its current Care-Of address. This Care-Of address can be used by the correspondent node to directly tunnel packets destined to the mobile host, to its Care-Of address. The authentication mechanism is robust, efficient, involves minimum overhead and requires no additional infrastructure support. The solution is scalable and distributed and does not require preconfiguration of a shared secret key between the home agent and the correspondent node. References [1] P. Calhoun, C. Perkins, [RFC 2794] Mobile IP Network Access Identifier Extension for IPv4., Ed.. March [2] D. Johnson, Scalable Support for Transparent Mobile Host Internetworking, in Mobile Computing, edited by T. Imielinski and H. Korth, Chapter 3, pages , Kluwer Academic Publishers, [3] D. B. Johnson, C. Perkins, Mobility Support in IPv6, Internet Draft [4] G. Montenegro, [RFC 3024] Reverse Tunneling for Mobile IP, revised., Ed.. January [5] P. Nikander, J. Arkko, T. Aura, G. Montenegro, E. Nordmark, Mobile IP version 6 Route Optimization Security Design Background, Internet Draft 2004, [6] C. Perkins, [RFC 3344] IP Mobility Support for IPv4., Ed.. August [7] C. Perkins, D. B. Johnson Route Optimization in Mobile IP, Internet Draft 1999 (work in progress) [8] A. Snoeren and H. Balakrishnan, An End-to-End Approach to Host Mobility, in Proc. MOBICOM [9] Chun-Hsin Wu, Ann-Tzung Cheng, Shao-Ting Lee, Jan- Ming Ho and D. T. Lee, Bi-directional Route Optimization in Mobile IP over Wireless LAN, in IEEE Vehicular Technology Society Fall Conference 2002.