Download
1 / 7
70 likes | 151 Vues
This draft proposes an enhancement to the Return Routability Protocol addressing three types of attacks and introducing new security features. The proposed improvement binds the Home Address and Care-of Address, preventing attacks without additional cost or changes to the protocol architecture.
E N D
Improvement of Return Routability Protocol draft-qiu-mip6-RR-improvement-00.txt Institute for Infocomm Research Singapore
Outline • Three attacks to RR. • Our Improvement to RR.
MN1 CN / Server MN2 MN3 Intruder Traffic Permutation Attacks • Intruder • Collect HoTs and CoTs at the server edge • Randomly form Kbu • Send BU to CN • Random redirection
Session Hijacking Attacks MN2 CN CoTI MN2 / CoTMN2 MN1 FWD HoTMN1 HoTMN1 HA • Intruder • Get HoTMN1 • MN2 send its own CoTIMN2 and get CoTMN2 • MN2 forges as MN1 Intruder
CoA CN / Server CoA’ Intruder Movement Halting Attacks CoTold CoT HoT’ HoTnew • Intruder • Get old CoT • Get new HoT’ • Form valid Kbu • Redirect to old CoA
The Improvement • HoA and CoA are bound together HoTI = {HoA, CNA, CoA, HomeInitCookie } CoTI = {CoA, CNA, HoA, CareInitCookie } HomeKeygenToken = HMAC_SHA1(Kcn, (HoA|Nj|CoA|0)) CareKeygenToken= HMAC_SHA1(Kcn, (CoA|Ni|HoA|1)) • Advantages: • Prevent the 3 attacks • No additional cost • No change of RR protocol architecture
