Mirage

Mobile IP By Team: MIRAGE

Amit Singh Waymon Short Sumanth Ghanta Arshad Mushrif

Outline • Technology • Issues • Commercial presence

Introduction • Mobile IP is a standard approved by the Internet Engineering Steering Group (IESG) in June 1996 and published as a proposed standard by the Internet Engineering Tasks force (IETF) in November 1996 in order to support mobility. • Developed in order to cope with the increasing popularity of PDA’s and Laptop’s. • As the demand grew, connectivity became a significant issue for users with such mobile devices.

Need for Mobile IP • Datagram moved from one network to the other by routers, which use IP addresses. • IP address is divided into two parts: 1. network id 2. host id • Most applications over the Internet are supported by TCP connections.

Need for Mobile IP • TCP uses IP address and port number for routing and delivery. • As a mobile user moves from one network to the other, his IP address changes dynamically. • As a result, any application that uses network connectivity needs to restart any ongoing communications each time it moves

Need for Mobile IP • Mobile IP was developed to deal with the problem of dynamically varying IP addresses.

Entities • Mobile Node: A host or router that may change its point of attachment from one network to the other across the Internet is called a mobile node. • Correspondent Node: A node that sends a packet addressed to a mobile node is called a correspondent node. • Home Agent: A home agent is a node on the home network that maintains a list of registered mobile nodes in a visitor list.

Entities • Foreign Agent: A foreign agent is a router on a foreign network that assists a locally reachable mobile node in delivering datagrams between the mobile node and the home agent.

Mobile Devices

slide by Konidala M. Divyan [3]

Example Network B

R Home network A

Home Agent

R

R

Internet

R

Network C

Corresp. Node C

Router slide by Konidala M. Divyan [3]

Triangle Routing (Mobile IPv4) Network B

R Network A

 R

Internet

Mobile Node



Home Agent

Network C

R



 Corresp. Node C initiates communication with Mobile Node and sends packets to MN‘s home address

 Home Agent intercepts packets and forward them to the Mobile Node (proxy functionality)

 Mobile Node replies directly to Corresp. Node C slide by Konidala M. Divyan [3]

Corresp. Node C

Mobile Node registers at its Home Agent

Network B

R

 Network A

 R

Internet

Mobile Node

Home Agent

R

Mobile Node sends Binding Update Home Agent replies with Binding Acknowledgement slide by Konidala M. Divyan [3]

Network C

Corresp. Node C

Mobile IPv6 Roaming Network B

R Network A

R R

Home Agent

Network D



Internet

R

 Mobile Node sends Binding Updates to Home Agent and all Corresp. Nodes, which already received a previous Binding Update from this Mobile Node slide by Konidala M. Divyan [3]

Network C

Corresp. Node C

Protocol • In order to support mobility, Mobile IP includes three capabilities: 1. Discovery 2. Registration 3. Tunneling

Discovery • Mobile Agents send ICMP router advertisements with mobility agent advertisement extension periodically informing mobile nodes of its presence. • Mobile node is responsible for the discovery process. • In order to receive an advertisement, the mobile node may optionally request one from an agent or simply wait for the next advertisement.

Registration • Mobile node recognizes that it is on a foreign network, acquires a Care-of-Address and requests its home agent to forward its data packets to the foreign agent. • The process of registration requires 4 steps: 1. Mobile node request forwarding service by sending registration request to the foreign agent.

Registration 2. Foreign agent relays this request to the home agent. 3. Home agent accepts or denies the request and sends registration reply to foreign agent.

the

4. Foreign agent relays this reply to Mobile node.

Tunneling • After registration, an IP tunnel is set up between the home agent and care-of-address of the mobile node. • Home agent broadcasts gratuitous ARP request which causes all nodes in the subnet to update their ARP caches to map the mobile nodes IP address to the home agents link level address. • Thus home agent receives packets destined to the mobile node, and forwards the packets to the foreign agent through the IP tunnel.

Tunneling • In the foreign network, decapsulation is done by the foreign agent or by the mobile node itself. • A correspondent node assumes that the reply from the mobile node is coming from its home network and continues to send the packet to the home agent.

Issues in Mobile IP 1. Handoff: • When mobile node changes its point of attachment, a handoff sequence is initiated. • During or immediately after the handoff , packet losses may occur due to delayed propagation of new location information which degrades the quality of service. • Solved by introducing access point probing functionality in the mobile node to identify the current access point it is attached with.

Issues in Mobile IP 2. Replay attacks: • A Bad Guy could obtain a copy of a valid Registration Request, store it, and then “replay” it at a later time, thereby registering a bogus care-of address for the mobile node • To prevent that the Identification field is generated is a such a way as to allow the home agent to determine what the next value should be Mobile IP: Security Issues [4]

Issues in Mobile IP • In this way, the Bad Guy is thwarted because the Identification field in his stored Registration Request will be recognized as being out of date by the home agent (timestamps or nonces are used for Identification field)

Mobile IP: Security Issues [4]

Business Perspective

Show me the $$$!!!!!!!

Outline • The Edge • Impact on Employees and Business Processes • Mobile IP as a Battleground • Famous Quotes • References

The Edge • Consistent Services • Meet the needs of corporate users • Least-cost traffic routing • Protect Proprietary Services • Roaming across technologies

Impact on Employees and Business Processes • Increase in work output by 13% [15] • 50 % of organization (with over $200million revenue) have wireless LAN capabilities [15] • Use of wireless WANs and LANs is expected to double by 2006 [15] • WWAN and WLAN will lead to 10% cost savings and 8% saving of network staff time [15]

Impact on Employees and Business Processes • Mobility enables more freedom and flexibility [15] • Notebook users experience 27% to 30% improvement in time savings, efficiency, and effectiveness [15] • Impact on independence of work, flexibility for group activities, face-face meetings, remote meetings and e-mail communication [15]

Mobile IP as a Battleground • Its not what it seems!!!!!!!! • Mobile IP as a natural extension • Cisco’s competitive advantage • How will it help Wireless Service providers? [13]

Mobile IP as a Battleground Three main approaches: • The Cisco Approach [13] • The key joint venture [13] • The raft of partnerships [13]

Expert's Quotes • "The marriage of these two networks can greatly increase applications and the productivity to the end user," said Ali Tabissi, chief technology and development officer at Mobilestar Network Corp. • "Mobility, along with security, is becoming a key requirement for many of our customers," said Johan Fornaeus, CEO, Interpeak. • “Despite the recent downturn in technology stocks, mobile data services and wireless computing still hold the imagination of the public, the allure of investors, and the promise of value-added applications for service providers. “Gerry Christensen, Contributing Editor, Searchnetworking.com

Major Competitors in MIP • • • • • • • • •

Cisco ipunplugged Secgo Netmotionwireless Giga-wave Intel Columbitech Lucent Nokia

(for more information please go to http://www.dpo.uab.edu/~amit81/index2.htm )

Conclusion “Wireless internet is the next big revolution being driven by growing maturity of 3G networks and rapidly increasing convergence of voice and data. Mobile IP is the key technology in the evolution of internet protocol from fixed line, fixed host routing model to a nomadic wireless model [19].”

References [1] William Stallings, Wireless Communication and Networks, Pearson education Inc, [2] http://www.hut.fi/~sponkane/tlark/10/MIP.html#luku3 [3] http://caislab.icu.ac.kr/course/2002/autumn/ice615/project/inter_DIV.ppt [4] http://cs.engr.uky.edu/~singhal/CS685-papers/46 [5] http://www.cs.uky.edu/~singhal/term-papers/mobileIP.doc [6]http://www.cisco.com/en/US/products/hw/routers/ps272/ products_configuratio_guide_chapter09186a0080186ffd.html [7] http://www.cs.uky.edu/~singhal/CS685-papers/Mobile-IP.ppt [8] http://www.secgo.com/docs/secgo_mip_whitepaper.pdf [9] http://www.ipunplugged.com/products.asp?mi=2.3 [10] http://www.ipunplugged.com/pdf/imos_41_IPU-20040059_B.pdf [11] http://www.birdstep.com/collaterals/mip_certification.pdf [12] http://searchnetworking.techtarget.com [13] http://www.thefeature.com [14] http://www.bridgewatersystems.com [15] http://intel.com [16] http://www.wi-fiplanet.com/tutorials/article.php/2205821 [17] http://ctd.grc.nasa.gov/5610/publications/E-12548_pp1-7.pdf [18] http://net.pku.edu.cn/mobile/reference7.pdf [19] http://www.tcs.com/0_service_practices/ATC_new/Assets/downloads/Mobile_IP.pdf

2002.

Thank You.

Questions

?

Mobile IP Security

Security issues in designing a Mobile IP system. • “Ingress Filtering: The mobile node uses its home address in the packets it is sending to a corresponding node.”[5] • “Minimize the number of required trusted entities: Security may be enhanced, if the number of the required trusted entities, i.e., Home Agent, is decreased.”[5] • “Authentication: Is the process of verifying a claimed identity of a node as the originator of a message or the identity of a node as the end point of a channel.”[5]

Security issues in designing a Mobile IP system. • “Authorization: An organization that owns or operates a network would need to decide who may attach to this network and what network resources may be used by the attaching node.”[5] • “Non-repudiation: In the future wireless Internet, the sender of a message should not be able to falsely deny that it originated a message at a later time.”[5] • “Encryption key distribution: The authentication, integrity and non-repudiation can only be accurately provided by using some form of cryptography which requires the distribution/exchange of encryption key information amongst message senders and receivers.”[5]

Security issues in designing a Mobile IP system. • “Location privacy: A sender of a message should be able to control which receivers know the location of the sender’s current physical attachment to the network.”[5] • “Firewall support in Mobile IP: If a Mobile Node has to enter a private Internet network that is securely protected by a firewall, then Mobile IP aware support at this firewall is required. In Mobile IP this support is not provided.”[5]

Security Associations. • “Security associations establish trust between devices in a peer-to-peer relationship.”[6] • Here are two types of security associations: IPsec and IKE.

Security Associations. • “IPsec Security Association (IPsec SA): requires that separate IPsec SAs be established in each direction to provide non-repudiation, data integrity, and payload confidentiality.”[6] • “Internet Key Exchange (IKE): provides negotiation, peer authentication, key management, and key exchange.”[6]

Summary • “Mobile IP registration has built-in prevention of denialof-service attacks. Specifically, it is impossible for a Bad Guy to lie to a mobile node’s home agent about that mobile node’s current care-of address, because all registration messages provide authentication of the message’s source, integrity checking and replay protection.”[7]

Mobile IP Business Sector

Business Sector Keywords

• IPsec • AAA

Factors considered to meet Competition

General Aspects • Interoperability

• ready to meet future changes • compatible with Existing architecture • Scalability • more supporting platforms • Cost Efficiency

Factors considered to meet Competition Technical Aspects • Failover • Load Balancing • Server Pools

Major Companies in the game • Cisco • Hewlett Packard • SunMicrosystems • Secgo • Interpeak • ipUnplugged • Birdstep (technology)

Secgo Mobile Solution Features • No dependence on Media Type • Flexible Security • Total Transparency to Applications • NAT/NAPT Transversal • Constant Reachability

Secgo Products • Mobile IP Server

Table 1: Snapshot of Secgo Mobile IP Server Features [8]

Secgo Products • Mobile IP Client

Table 2: Snapshot of Secgo Mobile IP Client Features [8]

ipUnplugged Products

[2]

• Roaming Gateway • Roaming Client • Roaming Server Roaming Gateway and Roaming Server act together

ipUnplugged Products • Roaming Gateway Model

RGW 50

Max number of concurrent connections 50

Max encrypted throughput 8/21 Mbit/s Figure 1: RGW 50 [9]

RGW310

1000

44/91 Mbit/s

RGW380

5000

300/324 Mbit/s

Figure 2: RGW 310/380 [9]

ipUnplugged Mobile Solution Features • Mobile IP Support • Dynamic Home IP Address Assignment • Dynamic Home Agent Assignment • Dynamic Provisioning of MIP/IKE keys to HA • Mobile IP Tunneling • Reverse Tunneling • Triangular Routing [11]

Birdstep Mobile IP Certification

• Mobile IP e-Learning Certification Program Course [12] • Price for the complete e-learning course: USD 740