1 / 35

Internet Goes Mobile

Internet Goes Mobile. Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea. Internet - Yesterday. T1. Enterprise Network. Internet. Dial up. DSL. Home user. Home Network. Internet - Today and Tomorrow. W-CDMA. T1. Enterprise Network. Operator Network.

ulema
Télécharger la présentation

Internet Goes Mobile

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea

  2. Internet - Yesterday T1 Enterprise Network Internet Dial up DSL Home user Home Network

  3. Internet - Today and Tomorrow W-CDMA T1 Enterprise Network Operator Network Community Network Internet Dial up DSL GPRS DSL PAN Home user Home Network Home Network Mobile Network

  4. Challenge • Users expect the same characteristics (greedy!) • Secure • Reliable • Seamless • High performance • Burden is on: • Standards bodies (IETF, IEEE, 3GPP, 3GPP2, etc.) • Vendors • Operators

  5. Security • First things first! • Physical security is replaced with crypto-based security • Threats: Eavesdropping, spoofing • Not a full replacement! • Crypto designs and experts get a good exercise!

  6. Solutions • Good solutions: • 3GPP, 3GPP2 • Bad solutions • IEEE WEP fiasco! • Practical but less than adequate solutions: • WECA WISPer: HTTP redirect and web-based login hackery • Practical and reasonable solutions: • IEEE 802.11b access outside VPN gateway

  7. The Right Solution • Authenticate, authorize the client • Accounting and privacy Home AAA Diameter, RADIUS ISP AAA Home Network Diameter, RADIUS Visited Network Access Router AP PANA, 802.1X host

  8. The Right Solution • IETF AAA, EAP, and PANA Working Groups • IEEE 802.11i, 802.1aa Home AAA Diameter, RADIUS ISP AAA Home Network Diameter, RADIUS Visited Network Access Router AP PANA, 802.1X host

  9. Global AAA • AAA web of trust is here (unlike global PKI) and more capable. AAA server AAA broker AAA broker Home Network AAA server AAA server AAA server Visited Network Visited Network Home Network

  10. Impact • Security is never plug-and-play (plug-and-get-hacked!) • Additional infrastructure • Front-end AAA servers (NAS) • Backend AAA servers (RADIUS, Diameter servers) • VPN gateways • Configuration • On the clients • Per-client configuration on the servers (keys, authorization parameters, etc.) • Configuration to join the AAA web-of trust

  11. Impact • Increased popularity of IPsec and TLS • AAA requires confidential information exchange • VPN • Anonymizer.com • Strengthening internal network is a MUST • Unless you are 100% sure that wireless access is secure • Partitioning, IDS, enforcing strict policy execution (social aspects)

  12. But Still • …. You are vulnerable to attacks! • Price of going wireless

  13. Mobility Management • Host at home (fixed Internet). Web server Access Router Home Network AP a::/64 Visited Network Access Router Access Router Access Router host a::1 AP AP AP

  14. Mobility Management • You move, you break! Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router AP b::/64 AP AP host b::1

  15. Mobile IP • IETF Mobile IP Working Group • www.ietf.org/html.charters/mobileip-charter.html care-of address home address Home Agent Web server Access Router a::1b::1 Home Network AP Visited Network Access Router Access Router Access Router AP b::/64 AP AP host b::1

  16. Mobile IP • Traffic tunneled through home network Home Agent Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router AP b::/64 AP AP host b::1

  17. Mobile IP • End-to-end signaling for route optimization home address care-of address Home Agent Web server Access Router a::1b::1 Home Network AP Visited Network Access Router Access Router Access Router AP b::/64 AP AP host b::1

  18. Mobile IP • Most direct path for data traffic. Home Agent Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router AP b::/64 AP AP host b::1

  19. … Fast and Smooth • Problem: Signaling latency. new care-of address Home Agent Web server Access Router Home Network a::1c::1 AP Visited Network Access Router Access Router Access Router AP AP AP c::/64 host c::1

  20. … Fast and Smooth • Fast Handovers • draft-ietf-mobileip-fast-mipv6-06.txt • IETF Seamoby Working Group • www.ietf.org/html.charters/seamoby-charter.html Home Agent Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router AP AP AP b::1c::1 c::/64 old care-of address host c::1 new care-of address

  21. … Fast and Smooth • Context transferred and routes fixed. Home Agent Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router AP AP AP c::/64 host c::1

  22. … Privacy • Hide precise location and movement. Home Agent Web server Access Router Home Network AP Visited Network Access Router Access Router Access Router d::/64 AP AP AP b::/64 c::/64 host d::1 cafeteria CEO’s office employee office

  23. … Privacy • Obtain an IP address from the localized mobility agent. regional care-of address home address Home Agent Web server Localized Mobility Agent local care-of address Access Router a::1e::1 Home Network e::/64 AP e::1d::1 Visited Network Access Router Access Router Access Router d::/64 AP AP AP b::/64 c::/64 host d::1

  24. … Privacy • Correspondent sends packets directly to the agent. Agent tunnels them to the precise location. Home Agent Web server Localized Mobility Agent Access Router Home Network AP Visited Network Access Router Access Router Access Router d::/64 AP AP AP b::/64 c::/64 host d::1

  25. … Privacy • Correspondent does not know the real IP destination, or when it changes. Home Agent Web server Localized Mobility Agent Access Router Home Network AP Visited Network Access Router Access Router Access Router AP AP AP b::/64 c::/64 host b::1

  26. … AAA • Mobility management is a for-profit “service” Home Agent Home AAA Web server Localized Mobility Agent ISP AAA Access Router Home Network AP Visited Network Access Router Access Router Access Router AP AP AP b::/64 c::/64 host b::1

  27. … Network is Mobile • IETF NEMO Working Group • www.ietf.org/html.charters/nemo-charter.html Visited Network Access Router Access Router Access Router Base Station Base Station Base Station

  28. Impact on Intranet • More stateful servers • Home agents, access routers (for context transfer and fast handovers), localized mobility agents • Mobile IP bindings, tunnels, host-routes • Redundancy and fault-tolerance are MUST! • More configuration • Per client on the servers • Trust relations among communicating servers

  29. Impact on Internet/Intranet • Tunnels • Several levels of nesting Web server Localized Mobility Agent Home Agent Previous Access Router Current Access Router host Home Address (Older local) Care-of Address (Regional) Care-of Address (Current local) Care-of Address Fast Handovers Localized Mobility Management Mobile IP

  30. Impact on Internet • Address consumption • Always-on hosts • Purpose-specific address usage (home address, care-of address) • Multihomed devices (GPRS, IEEE 802.11b, Bluetooth) • Sensor networks

  31. Impact on Internet • Suboptimal routing, redirect servers host A Home Agent A host B Home Agent B

  32. Host Assumptions • Can be anything: • Dynamic auto-configuration needed: • IPv6 address auto-configuration (RFC 2462) • IPv6 prefix delegation (draft-troan-dhcpv6-opt-prefix-delegation-02.txt) • Service discovery (IPv6 anycast address support)

  33. IPv6 • IPv6 benefits: • Ability to run server apps on devices (accept incoming connections) • Plug-and-play • End-to-end IPsec for thwarting first-hop and last-hop threats • Mobile IPv6 : Efficient, easy to deploy and manage, and scalable mobility protocol • Extensibility • Mobile and wireless Internet will expedite the transition from IPv4-NAT to IPv6 • www.isoc.org/briefings/014/index.html

  34. Conclusion • Wireless and mobility provide tremendous benefits, but they come with a price. • Transitioning the Internet protocols, architectures, products, and running networks should be done very carefully.

  35. Questions?

More Related