Bases teóricas científicas

Malicious Last Hop Router

The attacker can masquerade as a last hop router by replying to a router solicitation or multicasting router advertisements. If it is selected then it will be able to redirect all traffic passing through it.

Cryptographically Generated addresses prevent spoofing of legitimate addresses.

Neighbour Solicitation/Advertisement Spoofing

Cryptographically Generated addresses prevent spoofing of legitimate addresses

Spoofing Redirect Messages

Cryptographically Generated addresses prevent spoofing of legitimate addresses

Bogus Address Configuration Prefix

An attacker can advertise a false subnet prefix. The host executing auto-configuration will use the prefix to construct an address resulting in return packets never reaching the host. This is not addressed by the security protocol.

Parameter Spoofing

An attacker can duplicate a valid router advertisement but change the parameter values to disrupt traffic.

Many of these attacks can be avoided with the use of authentication mechanisms, however even authenticated binding updates can be used to amplify a packet flooding attack.

Inducing Unnecessary Authentication

An attacker can exploit the binding update protocol by sending spoofed IP packets to the mobile that appear to come from different correspondents. Return routability and CGA prevent this attack.

However a legitimate user could continually induce authentication unnecessarily. Future work should look in to a way of limiting the amount of authentication that can take place and under what circumstances.

7.2 Summary

The proposed security protocol is designed within the boundaries of the existing architecture and security technologies. The complimentary use for Cryptographically Generated Addresses and return routability limits the options for attackers. It does not however check authentication of the device or user. This has now been introduced and will enhance the security of existing systems. By not modifying any of the standards of mobile IPv6, the security solution should be compatible with any future implementation and at a low cost. The introduction of distributed authentication can have benefits under processor intensive situations but the drawback is that there is an increase in network messages. The option to choose between standard and distributed authentication is a useful choice however under which circumstances one or the other should be used.

8 Conclusions

8.1 Introduction

Wireless communication technologies have come a long way with improvements with every generational leap. As communications evolve so do the system architectures, models and paradigms.

Improvements have been seen with jump from 2G to 3G in terms of security. Yet security issues persist and will continue to plague mobile communications in to the leap to 4G if not addressed. 4G will be based on the transmission of Internet packets only using architecture known as mobile IP. This will feature many advantages however security is still a fundamental issue to be resolved. One particular security issue involves the route optimisation technique, which deals with binding updates. This allows the corresponding node to by-pass the home agent router and communicate directly with the mobile node. The home agent has a static address while the mobile node’s address changes every time it moves to a new location with a new point of attachment. The home agent keeps track of the mobile node’s current address, so that if a correspondent does not know it, it may send the packets to the home address, which will forward the packets to the mobile node. By bypassing the home address with the binding update route optimisation, the speed of the delivery of packets will increase. There are a variety of security vulnerabilities with binding updates, which include the interception of data packets, which would allow an attacker to eavesdrop on its contents breaching the users confidentiality or to modify transmitted packets for the attackers own malicious purposes. Other possible vulnerabilities with mobile IP include address spoofing, redirection and denial of service attacks. For many of these attacks all the attacker needs to know is the IPv6 addresses of the mobile’s home agent and the corresponding node.

Numerous security solutions have been proposed and each have their advantages and disadvantages.

The two main types of security are encryption and authentication. Encryption protects the confidentiality of the data and comes in two flavours, symmetric and asymmetric. The former is useful for low powered devices and participants use the same key to encrypt and decrypt. The problem is how to distribute the key without it being intercepted. Asymmetric keys are split in to encryption and decryption keys. This is useful for the distribution of the keys and can help with authentication with the use of digital signatures. The drawback however is that processing consumption is 100 – 1000 times that of symmetric cryptography. This can be reduced somewhat with the implementation of elliptic curve cryptography which is a lightweight public key cryptographic solution.

Authentication allows users to verify that they are communicating with validated participants. Different systems exist, such as Kerberos that perform authentication by referring to a central authentication database to compare users credentials. However in the mobile IP architecture it is best to stay away from centralized authorities as they are a single entity and hence a single point of attack. A distributed authentication system is required which use techniques such as hashes, digital signatures, address based

keys and cryptographically generated addresses. Address based keys and certified addresses could be used for signing address resolution, duplicate address detection and redirection messages however, cryptographically generated addresses have the advantage that no trusted third parties are required More elaborate systems such as RADIUS based on AAA Authentication, authorization and accounting, allow for a combination of security but must rely on an authentication server. Currently it is recommended that all mobile IP security be handled by IPSEC. However the cost in resources to utilize IPSEC is beyond what it realistically expected from a mobile device in effect reducing the users quality of service.

Security protocols have been specifically designed for the protection of binding updates such as, Bake/2 and CAM, from eavesdropping modification and DOS attacks. However they all make the same fundamental error. They give away the location of the home agent, the mobile node and the correspondent. This is the basis for many of the possible attacks to these nodes.

A solution must be developed that allows for the crucial location information to be transmitted and yet the nodes retain their location privacy. Systems have been developed that do this at some level such as the hierarchical mobile IP management model’s use of the mobility anchor point (MAP). However location privacy is moot point with the introduction of cryptographically generated addresses. This allows users to assert their ownership over an address preventing spoofing. This combined with return routability may provide secure solution.

What is needed is a system that can fulfil the security needs of mobile IP’s vulnerabilities by using a combination of the security technologies available, which operate without over taxing the computing resources available and package them into an easy to implement solution.

The proposed protocol utilizes a combination of established and innovative security solutions. It has been design to work within the existing infrastructure without modifying the standard architecture. The combined use of Cryptographically Generated Addresses and Return Routability provides address ownership and reachability validation. However the lack of authentication has been resolved with the introduction of the Distributed Authentication Protocol, which provides a low cost solution with benefits under processor intensive situations. The fact that the protocol has not modified the standards of Mobile IPv6 means that it will be compatible with future implementations with little to no modification necessary. The only drawback of the protocol are the increase in network messages however the user can choose if they require the distributed feature of the solution and choose not to use it under certain circumstances.