1 / 27

Network Security: Security of Internet Mobility

Network Security: Security of Internet Mobility. Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011. Outline. Mobile IPv6 Spoofed bindings, bombing attack Return routability test. Mobile IPv6. Mobile IPv6 and addresses. The mobile node (MN) has two IPv6 addresses

alair
Télécharger la présentation

Network Security: Security of Internet Mobility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security: Security of Internet Mobility Tuomas Aura T-110.5241 Network securityAalto University, Nov-Dec 2011

  2. Outline • Mobile IPv6 • Spoofed bindings, bombing attack • Return routability test

  3. Mobile IPv6

  4. Mobile IPv6 and addresses • The mobile node (MN) has two IPv6 addresses • Home address (HoA): • Subnet prefix of the home network • Used as address when MN is at home. Used as node identifier when MN is roaming in a foreign network • Home network may be virtual – MN never at home. • Care-of address (CoA): • MN’s current point of attachment to the Internet • Subnet prefix of the foreign network • Correspondent node (CN) can be any Internet host (Note: MN and CN are hosts, not routers.)

  5. Mobility Correspondent node (CN) • How to communicate after MN leaves its home network and is roaming in a foreign network? (HoA, CN and CoA are IPv6 addresses) Home Network Home address(HoA) Mobile node (MN) Foreign Network Care-of address (CoA)

  6. Mobile IPv6 tunnelling Home Network CN • Home agent (HA) is a router at the home network that forwards packets to and from the mobile • MN always reachable at HoA source = CNdestination = HoA Home agent HA at HoA source = HAdestination = CoA tunnel Encapsulatedpacket source = CNdestination = HoA MN at CoA

  7. Route optimization (RO) CN 1. First packet HA at HoA 3. Followingpackets 2. Binding Update (BU) source = CoAdestination = CNThis is HoAI'm at CoA source = CNdestination = CoAFor HoA tunnel Routing header (RH) source = CoAdestination = CNFrom HoA MN at CoA Home addressoption (HAO)

  8. Threats and protectionmechanisms All weaknesses shown here have been addresses in the RFC

  9. Attack 1: false binding updates • A, B and C can be anyIPv6 nodes (i.e. addresses) on the Internet A B False BU source = Cdestination = BThis is AI'm at C Stolen data C Attacker

  10. Attacker could highjack old connections or open new A, B and C can be any Internet nodes Connection hijacking A B False BU source = Cdestination = BThis is AI'm at C Stolen data source = C destination = BFrom A Spoofed data Attacker C

  11. Man-in-the-middle attack A B False BU False BU This is BI'm at C This is AI'm at C Attacker C

  12. If no security measures added • Attacker anywhere on the Internet can hijack connection between any two Internet nodes, or spoof such a connection • Attacker must know the IPv6 addresses of the target nodes, though

  13. BU authentication • MN and HA trust each other and can have a secure tunnel between them. Authenticating BUs to CN is the problem • The obvious solution is strong cryptographic authentication of BUs • Problem:there is no global system for authenticating any Internet node

  14. Authentication without infrastructure? • How authenticate messages between any two IPv6 nodes, without introducing new security infrastructure? • Set requirements to the right level: Internet with Mobile IPv6 deployed must be as secure as before it → no general-purpose strong authentication needed • Some IP-layer infrastructure is available: • IPv6 addresses • Routing infrastructure • Surprisingly, both can be used for BU authentication: • Cryptographically generated addresses (CGA) • Routing-based “weak” authentication, called return routability

  15. BU Authentication – v.1 • CN send a key in plaintext to HoA 2. K HAat HoA CN accept BU 1. BU securetunnel 3. BU, MACK(BU) MNat CoA

  16. Is that good enough? • “Weak”, routing-based authentication, but it meets the stated requirement • Attacker has to be on the path between CN and HA to break the authentication and hijack connections • This is true even if the MN never leaves home, so mobility does not make the Internet less secure • Not possible for any Internet node to hijack any connection → significantly reduced risk • K is not a general-purpose session key! Only for authenticating BUs from MN to CN • Anything else? • The routing-based authentication, CGA, and other protocols discourage lying about who you are • Still possible to lie about where you are!

  17. Attack 2: bombing attack • Attacker can flood the target by redirecting data streams bbc.co.uk Attacker Video stream B A source = Cdestination = BThis is AI'm at C False BU Unwanted video stream Target C

  18. Bombing attack - ACKs Attacker bbc.com False BU • Attacker participated in the transport-layer handshake → can spoof TCP ACKs or similar acknowledgements • Attacker only needs to spoof one ACK per sender window to keep the stream going • Target will not even send a TCP Reset! A A B source = Cdestination = BThis is AACK Falseacknowledgments Unwanted video stream Target C

  19. BU Authentication – v.2 • CN sends a message to CoA to ask whether someone there wants the packets • Common misconception: the purpose is not to send K0 and K1 along two independent paths! 2a. K0 CN HAat HoA accept BU 1. BU 2b. K1 securetunnel 3. BU, MACK(BU)K=h(K0,K1) MNat CoA

  20. Is that good enough? • Not possible to lie about identity or location; all information in BUs is true • Almost ready, but we still need to consider standard denial of service attacks against the BU protocol

  21. Attack 3: Exhausting state storage • Correspondent will generate and store K0, K1 • Attacker can flood CN with false BUs → CN has to remember thousands of K0s and K1s 2a. K0 B lost 1. BU source = Ddestination = BThis is EI'm at D 2b. K1 lost Attacker C

  22. periodically changing random value BU authentication – v.3 • We can make the correspondent stateless N 2a. K0 = h (N, HoA) HAat HoA CN accept BU 1. BU 2b. K1 = h (N, CoA) securetunnel 3. BU, MACK(BU) K=h(K0,K1) MNat CoA

  23. Attack 4: reflection and amplification • Two DDoS packets become one — minor issue • IP trace-back cannot find the attacker 2a. K0 B HAat HoA 2b. K1 1. securetunnel MNat CoA DDoS Attacker

  24. BU Authentication – v.4 • Balanced message flows prevent amplification 2a. K0 HAat HoA CN 1a. BU accept BU 1b. BU 2b. K1 securetunnel 3. BU, MACK(BU) K=h(K0,K1) MNat CoA

  25. The Mobile IPv6 Standard (RFC 6275) • Return routability (RR) test for HoA and CoA 2a. HoT HAat HoA CN 1a. HoTI 1b. CoTI 2b. CoT ESP tunnel 3. BU 4. BA MNat CoA

  26. Puzzle of the day • Compare identity protection in • PGP • Kerberos • TLS + username and password in web form • TLS + HTTP Digest Authentication • EAP-TLS • PEAP-MSCHAP2 • IPsec. • Can a passive sniffer learn the identities of the authenticating parties? • What about active attackers? • Does one side in the protocol have an advantage?

  27. Exercises • Based on the historical flaws in Mobile IPv6, are there any potential security problems in dynamic DNS? Does Secure DNS solve these problems? • Could a SIP INVITE specify a false destination for a data stream? How could this be prevented? • Design a more efficient binding-update protocol for Mobile IPv6 assuming a global PKI is available • How could the return-routability test for the care-of address (CoA RR) be optimized if the mobile is opening a TCP connection? What are the advantages and disadvantages? • What problems arise if mobile node can automatically pick a home agent in any network?

More Related