SlideShare una empresa de Scribd logo

Mobile IP

Descargar como PPT, PDF
Siva Priya
Siva Priya

Mobile IP

Tecnología
1 de 31
Mobile IP By m. Rishi Vinthiya Msc(IT) Nadar saraswathi college of arts and science
Mobile IP  Motivation  Data Transfer  Encapsulation  Security  IPv6  Problem  Micro Mobility Support
Motivation for Mobile IP Routing  based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet  change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables Specific routes to end-systems?  change of all routing table entries to forward packets to the right destination  does not scale with the number of mobile hosts and frequent changes in the location, security problems Changing the IP-address?  adjust the host IP address depending on the current location  almost impossible to find a mobile system, DNS updates take to long time  TCP connections break, security problems
Requirements to Mobile IP (RFC 3220, was: 2002) Transparency  mobile end-systems keep their IP address  continuation of communication after interruption of link possible  point of connection to the fixed network can be changed Compatibility  support of the same layer 2 protocols as IP  no changes to current end-systems and routers required  mobile end-systems can communicate with fixed systems Security  authentication of all registration messages Efficiency and scalability  only little additional messages to the mobile system required (connection typically via a low bandwidth radio link)  world-wide support of a large number of mobile systems in the whole Internet
Terminology Mobile Node (MN)  system (node) that can change the point of connection to the network without changing its IP address Home Agent (HA)  system in the home network of the MN, typically a router  registers the location of the MN, tunnels IP datagrams to the COA Foreign Agent (FA)  system in the current foreign network of the MN, typically a router  forwards the tunneled datagrams to the MN, typically also the default router for the MN Care-of Address (COA)  address of the current tunnel end-point for the MN (at FA or MN)  actual location of the MN from an IP point of view  can be chosen, e.g., via DHCP Correspondent Node (CN)  communication partner
Example network
Internet sender FA HA MN home network foreign network receiver 1 2 3 1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP) 2. HA tunnels packet to COA, here FA, by encapsulation 3. FA forwards the packet to the MN CN Data transfer to the mobile system
Data transfer from the mobile system Internet receiver FA HA MN home network foreign network sender 1 1. Sender sends to the IP address of the receiver as usual, FA works as default router CN
Overview CN router HA router FA Internet router 1. 2. 3. home network MN foreign network 4. CN router HA router FA Internet router home network MN foreign network COA
Network integration  Agent Advertisement – HA and FA periodically send advertisement messages into their physical subnets – MN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network) – MN reads a COA from the FA advertisement messages  Registration (always limited lifetime!) – MN signals COA to the HA via the FA, HA acknowledges via FA to MN – these actions have to be secured by authentication
Network integration  Advertisement – HA advertises the IP address of the MN (as for fixed systems), i.e. standard routing information – routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time) – packets to the MN are sent to the HA, – independent of changes in COA/FA
Agent advertisement type = 16 length = 6 + 4 * #COAs R: registration required B: busy, no more registrations H: home agent F: foreign agent M: minimal encapsulation G: GRW encapsulation r: =0, ignored (former Van Jacobson compression) T: FA supports reverse tunneling reserved: =0, ignored preference level 1 router address 1 #addresses type addr. size lifetime checksum COA 1 COA 2 type = 16 sequence numberlength 0 7 8 15 16 312423 code preference level 2 router address 2 . . . registration lifetime . . . R B H F M G r reservedT
Registration t MN HA t MN FA HA
Mobile IP registration request home agent home address type = 1 lifetime 0 7 8 15 16 312423 T x identification COA extensions . . . S B DMG r S: simultaneous bindings B: broadcast datagrams D: decapsulation by MN M mininal encapsulation G: GRE encapsulation r: =0, ignored T: reverse tunneling requested x: =0, ignored
Mobile IP registration reply home agent home address type = 3 lifetime 0 7 8 15 16 31 code identification extensions . . . Example codes: registration successful 0 registration accepted 1 registration accepted, but simultaneous mobility bindings unsupported registration denied by FA 65 administratively prohibited 66 insufficient resources 67 mobile node failed authentication 68 home agent failed authentication 69 requested Lifetime too long registration denied by HA 129 administratively prohibited 131 mobile node failed authentication 133 registration Identification mismatch 135 too many simultaneous mobility bindings
Encapsulation original IP header original data new datanew IP header outer header inner header original data
Encapsulation I Encapsulation of one packet into another as payload  e.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone)  here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE (Generic Record Encapsulation) IP-in-IP-encapsulation (mandatory, RFC 2003)  tunnel between HA and COA Care-of address COA IP address of HA TTL IP identification IP-in-IP IP checksum flags fragment offset lengthDS (TOS)ver. IHL IP address of MN IP address of CN TTL IP identification lay. 4 prot. IP checksum flags fragment offset lengthDS (TOS)ver. IHL TCP/UDP/ ... payload
Encapsulation II Minimal encapsulation (optional)  avoids repetition of identical fields  e.g. TTL, IHL, version, DS (RFC 2474, old: TOS)  only applicable for unfragmented packets, no space left for fragment identification care-of address COA IP address of HA TTL IP identification min. encap. IP checksum flags fragment offset lengthDS (TOS)ver. IHL IP address of MN original sender IP address (if S=1) Slay. 4 protoc. IP checksum TCP/UDP/ ... payload reserved
Reverse tunneling (RFC 3024, was: 2344) Internet receiver FA HA MN home network foreign network sender 3 2 1 1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case) CN
Mobile IP with reverse tunneling Router accept often only “topological correct“ addresses (firewall!)  a packet from the MN encapsulated by the FA is now topological correct  furthermore multicast and TTL problems solved (TTL in the home network correct, but MN is to far away from the receiver) Reverse tunneling does not solve  problems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking)  optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing) The standard is backwards compatible  the extensions can be implemented easily and cooperate with current implementations without these extensions  Agent Advertisements can carry requests for reverse tunneling
Mobile IP and IPv6 Mobile IP was developed for IPv4, but IPv6 simplifies the protocols  security is integrated and not an add-on, authentication of registration is included  COA can be assigned via auto-configuration (DHCPv6 is one candidate), every node has address auto configuration  no need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisement; addresses are always co-located  MN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization)  „soft“ hand-over, i.e. without packet loss, between two subnets is supported  MN sends the new COA to its old router  the old router encapsulates all incoming packets for the MN and forwards them to the new COA  authentication is always granted
Problems with mobile IP Security  authentication with FA problematic, for the FA typically belongs to another organization  no protocol for key management and key distribution has been standardized in the Internet  patent and export restrictions Firewalls  typically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling) QOS  many new reservations in case of RSVP  tunneling makes it hard to give a flow of packets a special treatment needed for the QOS Security, firewalls, QOS etc. are topics of current research and discussions!
Security in Mobile IP Security requirements (Security Architecture for the Internet Protocol, RFC 1825)  Integrity any changes to data between sender and receiver can be detected by the receiver  Authentication sender address is really the address of the sender and all data received is really data sent by this sender  Confidentiality only sender and receiver can read the data  Non-Repudiation sender cannot deny sending of data  Traffic Analysis creation of traffic and user profiles should not be possible  Replay Protection receivers can detect replay of messages
IP security architecture I Two or more partners have to negotiate security mechanisms to setup security association  typically, all partners choose the same parameters and mechanisms Two headers have been defined for securing IP packets:  Authentication-Header  guarantees integrity and authenticity of IP packets  if asymmetric encryption schemes are used, non-repudiation can also be guaranteed Encapsulation Security Payload  protects confidentiality between communication partners Authentification-HeaderIP-Header UDP/TCP-Paketauthentication headerIP header UDP/TCP data not encrypted encrypted ESP headerIP header encrypted data
IP security architecture II  Mobile Security Association for registrations  parameters for the mobile host (MH), home agent (HA), and foreign agent (FA)  Extensions of the IP security architecture  extended authentication of registration  prevention of replays of registrations  time stamps: 32 bit time stamps + 32 bit random number  nonces: 32 bit random number (MH) + 32 bit random number (HA) registration reply registration request registration request MH FA HA registration reply MH-HA authentication MH-FA authentication FA-HA authentication
IP Micro-mobility support Micro-mobility support:  Efficient local handover inside a foreign domain without involving a home agent  Reduces control traffic on backbone  Especially needed in case of route optimization Example approaches:  Cellular IP  HAWAII  Hierarchical Mobile IP (HMIP) Important criteria:  Security Efficiency, Scalability, Transparency, Manageability
Cellular IP Operation:  CIP Nodes“ maintain routing entries (soft state) for MNs  Multiple entries possible  Routing entries updated based on packets sent by MN CIP Gateway:  Mobile IP tunnel endpoint  Initial registration processing Security provisions:  all CIP Nodes share network key  MN key: MD5(net key, IP addr)  MN gets key upon registration CIP Gateway Internet BS MN1 data/control packets from MN 1 Mobile IP BSBS MN2 packets from MN2 to MN 1
Cellular IP: Security Advantages:  Initial registration involves authentication of MNs and is processed centrally by CIP Gateway  All control messages by MNs are authenticated  Replay-protection (using timestamps) Potential problems:  MNs can directly influence routing entries  Network key known to many entities (increases risk of compromise)  No re-keying mechanisms for network key  No choice of algorithm (always MD5, prefix+suffix mode)  Proprietary mechanisms (not, e.g., IPSec AH)
Cellular IP: Other issues Advantages:  Simple and elegant architecture  Mostly self-configuring (little management needed)  Integration with firewalls / private address support possible Potential problems:  Not transparent to MNs (additional control messages)  Public-key encryption of MN keys may be a problem for resource-constrained MNs  Multiple-path forwarding may cause inefficient use of available bandwidth
Reference  JOCHEN SCHILLER, Mobile Communication  James F. Kurose and Keith W. Ross, Computer Networking: A Top- Down Approach, 5/E  William Stallings, Wireless Communications and Networks  https://www.ietf.org/rfc/rfc3220.txt  https://tools.ietf.org/html/rfc3024
Questions??

Recomendados

WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORKprakash m
 
internetworking operation
internetworking operationinternetworking operation
internetworking operationSrinivasa Rao
 
REMnux tutorial 4.1 - Datagrams, Fragmentation & Anomalies
REMnux tutorial 4.1 - Datagrams, Fragmentation & AnomaliesREMnux tutorial 4.1 - Datagrams, Fragmentation & Anomalies
REMnux tutorial 4.1 - Datagrams, Fragmentation & AnomaliesRhydham Joshi
 
C08 network protocols
C08 network protocolsC08 network protocols
C08 network protocolsRio Nguyen
 
Mobile network layer
Mobile network layerMobile network layer
Mobile network layerVikram Nandini
 
Transport protocols
Transport protocolsTransport protocols
Transport protocolstrupti patil
 
Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 

Recomendados

WIRELESS NETWORK
WIRELESS NETWORKWIRELESS NETWORK
WIRELESS NETWORKprakash m
 
internetworking operation
internetworking operationinternetworking operation
internetworking operationSrinivasa Rao
 
REMnux tutorial 4.1 - Datagrams, Fragmentation & Anomalies
REMnux tutorial 4.1 - Datagrams, Fragmentation & AnomaliesREMnux tutorial 4.1 - Datagrams, Fragmentation & Anomalies
REMnux tutorial 4.1 - Datagrams, Fragmentation & AnomaliesRhydham Joshi
 
C08 network protocols
C08 network protocolsC08 network protocols
C08 network protocolsRio Nguyen
 
Mobile network layer
Mobile network layerMobile network layer
Mobile network layerVikram Nandini
 
Transport protocols
Transport protocolsTransport protocols
Transport protocolstrupti patil
 
Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
Lecture1, TCP/IP
Lecture1, TCP/IPLecture1, TCP/IP
Lecture1, TCP/IPcsyuhk
 
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPTEC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPTbabuece
 
Umts 18 19
Umts 18 19Umts 18 19
Umts 18 19rajeshvbe
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET Journal
 
Mạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewMạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewJackie Tran
 
UCL
UCLUCL
UCLJanak Chandarana
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesNathanAn
 
Mobile IP - pavankumar_912
Mobile IP - pavankumar_912Mobile IP - pavankumar_912
Mobile IP - pavankumar_912Pavan Kumar Sindgi
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6mithilak
 
network fundamental
network fundamentalnetwork fundamental
network fundamentalInstitute of Information Security (IIS)
 
Ipv4
Ipv4Ipv4
Ipv4asimnawaz54
 
Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage Sridhar Kumar N
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Ip
IpIp
Ipmanjunathkn
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networkingsangusajjan
 
bluetooth
bluetooth bluetooth
bluetooth Anand Dhana
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6Ankita Mahajan
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPTWIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPTbabuece
 
WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKSdsit1234
 
NetworkProtocols.ppt
NetworkProtocols.pptNetworkProtocols.ppt
NetworkProtocols.pptAkashImam
 

Más contenido relacionado

La actualidad más candente

Lecture1, TCP/IP
Lecture1, TCP/IPLecture1, TCP/IP
Lecture1, TCP/IPcsyuhk
 
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPTEC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPTbabuece
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET Journal
 
Mạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewMạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewJackie Tran
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesNathanAn
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6mithilak
 
Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage Sridhar Kumar N
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networkingsangusajjan
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6Ankita Mahajan
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 

La actualidad más candente (19)

Lecture1, TCP/IP
Lecture1, TCP/IPLecture1, TCP/IP
Lecture1, TCP/IP
 
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPTEC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
EC 6802 WIRELESS NETWORK_ BABU M_ unit 3 ,4 & 5 PPT
 
Umts 18 19
Umts 18 19Umts 18 19
Umts 18 19
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
 
Mạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewMạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overview
 
UCL
UCLUCL
UCL
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep Notes
 
Mobile IP - pavankumar_912
Mobile IP - pavankumar_912Mobile IP - pavankumar_912
Mobile IP - pavankumar_912
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
 
network fundamental
network fundamentalnetwork fundamental
network fundamental
 
Ipv4
Ipv4Ipv4
Ipv4
 
Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage Session Initiation Protocol (SIP)– Via Header Detailed Coverage
Session Initiation Protocol (SIP)– Via Header Detailed Coverage
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
 
Ip
IpIp
Ip
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networking
 
bluetooth
bluetooth bluetooth
bluetooth
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 

Similar a Mobile IP

WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPTWIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPTbabuece
 
WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKSdsit1234
 
NetworkProtocols.ppt
NetworkProtocols.pptNetworkProtocols.ppt
NetworkProtocols.pptAkashImam
 
C08-Network_Protocols.ppt
C08-Network_Protocols.pptC08-Network_Protocols.ppt
C08-Network_Protocols.pptAshwini Biradar
 
mobile_network_layer.pptx
mobile_network_layer.pptxmobile_network_layer.pptx
mobile_network_layer.pptxsinghram281982
 
Ch6-Network_Protocols.ppt
Ch6-Network_Protocols.pptCh6-Network_Protocols.ppt
Ch6-Network_Protocols.pptMakoutOrganizer
 
mobile ip, Mobile COmmunication Internet Protocol
mobile ip, Mobile COmmunication Internet Protocolmobile ip, Mobile COmmunication Internet Protocol
mobile ip, Mobile COmmunication Internet ProtocolGaurav Dwivedi
 
Mobile
MobileMobile
MobileLE RUE
 
Mobile
MobileMobile
MobileLE RUE
 

Similar a Mobile IP (20)

WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPTWIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
WIRELESS NETWORKS EC6802 BABU unit 1 & 2 PPT
 
WIRELESS NETWORKS
WIRELESS NETWORKSWIRELESS NETWORKS
WIRELESS NETWORKS
 
NetworkProtocols.ppt
NetworkProtocols.pptNetworkProtocols.ppt
NetworkProtocols.ppt
 
C08-Network_Protocols.ppt
C08-Network_Protocols.pptC08-Network_Protocols.ppt
C08-Network_Protocols.ppt
 
Mobile Communication
Mobile CommunicationMobile Communication
Mobile Communication
 
mobile_network_layer.pptx
mobile_network_layer.pptxmobile_network_layer.pptx
mobile_network_layer.pptx
 
C08-Network_Protocols (1).ppt
C08-Network_Protocols (1).pptC08-Network_Protocols (1).ppt
C08-Network_Protocols (1).ppt
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Mobile IP - UNIT 4 part1.pptx
Mobile IP - UNIT 4 part1.pptxMobile IP - UNIT 4 part1.pptx
Mobile IP - UNIT 4 part1.pptx
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
 
Ch6-Network_Protocols.ppt
Ch6-Network_Protocols.pptCh6-Network_Protocols.ppt
Ch6-Network_Protocols.ppt
 
Cs8601 3
Cs8601 3Cs8601 3
Cs8601 3
 
Cs8601 3
Cs8601 3Cs8601 3
Cs8601 3
 
mobile ip, Mobile COmmunication Internet Protocol
mobile ip, Mobile COmmunication Internet Protocolmobile ip, Mobile COmmunication Internet Protocol
mobile ip, Mobile COmmunication Internet Protocol
 
Mobileip 161105154557
Mobileip 161105154557Mobileip 161105154557
Mobileip 161105154557
 
Mobileip 161105154557
Mobileip 161105154557Mobileip 161105154557
Mobileip 161105154557
 
Tcp
TcpTcp
Tcp
 
Mobile network layer (mobile comm.)
Mobile network layer (mobile comm.)Mobile network layer (mobile comm.)
Mobile network layer (mobile comm.)
 
Mobile
MobileMobile
Mobile
 
Mobile
MobileMobile
Mobile
 

Más de Siva Priya

source code metrics and other maintenance tools and techniques
source code metrics and other maintenance tools and techniquessource code metrics and other maintenance tools and techniques
source code metrics and other maintenance tools and techniquesSiva Priya
 
Class properties
Class propertiesClass properties
Class propertiesSiva Priya
 
Planning the development process
Planning the development processPlanning the development process
Planning the development processSiva Priya
 
recovery management with concurrent controls
recovery management with concurrent controlsrecovery management with concurrent controls
recovery management with concurrent controlsSiva Priya
 
Web technology
Web technology Web technology
Web technology Siva Priya
 
Retail of big data analytics
Retail of big data analyticsRetail of big data analytics
Retail of big data analyticsSiva Priya
 
Deadlock and shadow paging
Deadlock and shadow pagingDeadlock and shadow paging
Deadlock and shadow pagingSiva Priya
 
density based method and expectation maximization
density based method and expectation maximizationdensity based method and expectation maximization
density based method and expectation maximizationSiva Priya
 
Classification by backpropacation
Classification by backpropacationClassification by backpropacation
Classification by backpropacationSiva Priya
 
Disk scheduling & Disk management
Disk scheduling & Disk managementDisk scheduling & Disk management
Disk scheduling & Disk managementSiva Priya
 
Routing algorithm
Routing algorithmRouting algorithm
Routing algorithmSiva Priya
 
Servlets & jdbc
Servlets & jdbcServlets & jdbc
Servlets & jdbcSiva Priya
 

Más de Siva Priya (12)

source code metrics and other maintenance tools and techniques
source code metrics and other maintenance tools and techniquessource code metrics and other maintenance tools and techniques
source code metrics and other maintenance tools and techniques
 
Class properties
Class propertiesClass properties
Class properties
 
Planning the development process
Planning the development processPlanning the development process
Planning the development process
 
recovery management with concurrent controls
recovery management with concurrent controlsrecovery management with concurrent controls
recovery management with concurrent controls
 
Web technology
Web technology Web technology
Web technology
 
Retail of big data analytics
Retail of big data analyticsRetail of big data analytics
Retail of big data analytics
 
Deadlock and shadow paging
Deadlock and shadow pagingDeadlock and shadow paging
Deadlock and shadow paging
 
density based method and expectation maximization
density based method and expectation maximizationdensity based method and expectation maximization
density based method and expectation maximization
 
Classification by backpropacation
Classification by backpropacationClassification by backpropacation
Classification by backpropacation
 
Disk scheduling & Disk management
Disk scheduling & Disk managementDisk scheduling & Disk management
Disk scheduling & Disk management
 
Routing algorithm
Routing algorithmRouting algorithm
Routing algorithm
 
Servlets & jdbc
Servlets & jdbcServlets & jdbc
Servlets & jdbc
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Mobile IP

  • 1. Mobile IP By m. Rishi Vinthiya Msc(IT) Nadar saraswathi college of arts and science
  • 2. Mobile IP  Motivation  Data Transfer  Encapsulation  Security  IPv6  Problem  Micro Mobility Support
  • 3. Motivation for Mobile IP Routing  based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet  change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables Specific routes to end-systems?  change of all routing table entries to forward packets to the right destination  does not scale with the number of mobile hosts and frequent changes in the location, security problems Changing the IP-address?  adjust the host IP address depending on the current location  almost impossible to find a mobile system, DNS updates take to long time  TCP connections break, security problems
  • 4. Requirements to Mobile IP (RFC 3220, was: 2002) Transparency  mobile end-systems keep their IP address  continuation of communication after interruption of link possible  point of connection to the fixed network can be changed Compatibility  support of the same layer 2 protocols as IP  no changes to current end-systems and routers required  mobile end-systems can communicate with fixed systems Security  authentication of all registration messages Efficiency and scalability  only little additional messages to the mobile system required (connection typically via a low bandwidth radio link)  world-wide support of a large number of mobile systems in the whole Internet
  • 5. Terminology Mobile Node (MN)  system (node) that can change the point of connection to the network without changing its IP address Home Agent (HA)  system in the home network of the MN, typically a router  registers the location of the MN, tunnels IP datagrams to the COA Foreign Agent (FA)  system in the current foreign network of the MN, typically a router  forwards the tunneled datagrams to the MN, typically also the default router for the MN Care-of Address (COA)  address of the current tunnel end-point for the MN (at FA or MN)  actual location of the MN from an IP point of view  can be chosen, e.g., via DHCP Correspondent Node (CN)  communication partner
  • 7. Internet sender FA HA MN home network foreign network receiver 1 2 3 1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP) 2. HA tunnels packet to COA, here FA, by encapsulation 3. FA forwards the packet to the MN CN Data transfer to the mobile system
  • 8. Data transfer from the mobile system Internet receiver FA HA MN home network foreign network sender 1 1. Sender sends to the IP address of the receiver as usual, FA works as default router CN
  • 10. Network integration  Agent Advertisement – HA and FA periodically send advertisement messages into their physical subnets – MN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network) – MN reads a COA from the FA advertisement messages  Registration (always limited lifetime!) – MN signals COA to the HA via the FA, HA acknowledges via FA to MN – these actions have to be secured by authentication
  • 11. Network integration  Advertisement – HA advertises the IP address of the MN (as for fixed systems), i.e. standard routing information – routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time) – packets to the MN are sent to the HA, – independent of changes in COA/FA
  • 12. Agent advertisement type = 16 length = 6 + 4 * #COAs R: registration required B: busy, no more registrations H: home agent F: foreign agent M: minimal encapsulation G: GRW encapsulation r: =0, ignored (former Van Jacobson compression) T: FA supports reverse tunneling reserved: =0, ignored preference level 1 router address 1 #addresses type addr. size lifetime checksum COA 1 COA 2 type = 16 sequence numberlength 0 7 8 15 16 312423 code preference level 2 router address 2 . . . registration lifetime . . . R B H F M G r reservedT
  • 14. Mobile IP registration request home agent home address type = 1 lifetime 0 7 8 15 16 312423 T x identification COA extensions . . . S B DMG r S: simultaneous bindings B: broadcast datagrams D: decapsulation by MN M mininal encapsulation G: GRE encapsulation r: =0, ignored T: reverse tunneling requested x: =0, ignored
  • 15. Mobile IP registration reply home agent home address type = 3 lifetime 0 7 8 15 16 31 code identification extensions . . . Example codes: registration successful 0 registration accepted 1 registration accepted, but simultaneous mobility bindings unsupported registration denied by FA 65 administratively prohibited 66 insufficient resources 67 mobile node failed authentication 68 home agent failed authentication 69 requested Lifetime too long registration denied by HA 129 administratively prohibited 131 mobile node failed authentication 133 registration Identification mismatch 135 too many simultaneous mobility bindings
  • 16. Encapsulation original IP header original data new datanew IP header outer header inner header original data
  • 17. Encapsulation I Encapsulation of one packet into another as payload  e.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone)  here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE (Generic Record Encapsulation) IP-in-IP-encapsulation (mandatory, RFC 2003)  tunnel between HA and COA Care-of address COA IP address of HA TTL IP identification IP-in-IP IP checksum flags fragment offset lengthDS (TOS)ver. IHL IP address of MN IP address of CN TTL IP identification lay. 4 prot. IP checksum flags fragment offset lengthDS (TOS)ver. IHL TCP/UDP/ ... payload
  • 18. Encapsulation II Minimal encapsulation (optional)  avoids repetition of identical fields  e.g. TTL, IHL, version, DS (RFC 2474, old: TOS)  only applicable for unfragmented packets, no space left for fragment identification care-of address COA IP address of HA TTL IP identification min. encap. IP checksum flags fragment offset lengthDS (TOS)ver. IHL IP address of MN original sender IP address (if S=1) Slay. 4 protoc. IP checksum TCP/UDP/ ... payload reserved
  • 19. Reverse tunneling (RFC 3024, was: 2344) Internet receiver FA HA MN home network foreign network sender 3 2 1 1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case) CN
  • 20. Mobile IP with reverse tunneling Router accept often only “topological correct“ addresses (firewall!)  a packet from the MN encapsulated by the FA is now topological correct  furthermore multicast and TTL problems solved (TTL in the home network correct, but MN is to far away from the receiver) Reverse tunneling does not solve  problems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking)  optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing) The standard is backwards compatible  the extensions can be implemented easily and cooperate with current implementations without these extensions  Agent Advertisements can carry requests for reverse tunneling
  • 21. Mobile IP and IPv6 Mobile IP was developed for IPv4, but IPv6 simplifies the protocols  security is integrated and not an add-on, authentication of registration is included  COA can be assigned via auto-configuration (DHCPv6 is one candidate), every node has address auto configuration  no need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisement; addresses are always co-located  MN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization)  „soft“ hand-over, i.e. without packet loss, between two subnets is supported  MN sends the new COA to its old router  the old router encapsulates all incoming packets for the MN and forwards them to the new COA  authentication is always granted
  • 22. Problems with mobile IP Security  authentication with FA problematic, for the FA typically belongs to another organization  no protocol for key management and key distribution has been standardized in the Internet  patent and export restrictions Firewalls  typically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling) QOS  many new reservations in case of RSVP  tunneling makes it hard to give a flow of packets a special treatment needed for the QOS Security, firewalls, QOS etc. are topics of current research and discussions!
  • 23. Security in Mobile IP Security requirements (Security Architecture for the Internet Protocol, RFC 1825)  Integrity any changes to data between sender and receiver can be detected by the receiver  Authentication sender address is really the address of the sender and all data received is really data sent by this sender  Confidentiality only sender and receiver can read the data  Non-Repudiation sender cannot deny sending of data  Traffic Analysis creation of traffic and user profiles should not be possible  Replay Protection receivers can detect replay of messages
  • 24. IP security architecture I Two or more partners have to negotiate security mechanisms to setup security association  typically, all partners choose the same parameters and mechanisms Two headers have been defined for securing IP packets:  Authentication-Header  guarantees integrity and authenticity of IP packets  if asymmetric encryption schemes are used, non-repudiation can also be guaranteed Encapsulation Security Payload  protects confidentiality between communication partners Authentification-HeaderIP-Header UDP/TCP-Paketauthentication headerIP header UDP/TCP data not encrypted encrypted ESP headerIP header encrypted data
  • 25. IP security architecture II  Mobile Security Association for registrations  parameters for the mobile host (MH), home agent (HA), and foreign agent (FA)  Extensions of the IP security architecture  extended authentication of registration  prevention of replays of registrations  time stamps: 32 bit time stamps + 32 bit random number  nonces: 32 bit random number (MH) + 32 bit random number (HA) registration reply registration request registration request MH FA HA registration reply MH-HA authentication MH-FA authentication FA-HA authentication
  • 26. IP Micro-mobility support Micro-mobility support:  Efficient local handover inside a foreign domain without involving a home agent  Reduces control traffic on backbone  Especially needed in case of route optimization Example approaches:  Cellular IP  HAWAII  Hierarchical Mobile IP (HMIP) Important criteria:  Security Efficiency, Scalability, Transparency, Manageability
  • 27. Cellular IP Operation:  CIP Nodes“ maintain routing entries (soft state) for MNs  Multiple entries possible  Routing entries updated based on packets sent by MN CIP Gateway:  Mobile IP tunnel endpoint  Initial registration processing Security provisions:  all CIP Nodes share network key  MN key: MD5(net key, IP addr)  MN gets key upon registration CIP Gateway Internet BS MN1 data/control packets from MN 1 Mobile IP BSBS MN2 packets from MN2 to MN 1
  • 28. Cellular IP: Security Advantages:  Initial registration involves authentication of MNs and is processed centrally by CIP Gateway  All control messages by MNs are authenticated  Replay-protection (using timestamps) Potential problems:  MNs can directly influence routing entries  Network key known to many entities (increases risk of compromise)  No re-keying mechanisms for network key  No choice of algorithm (always MD5, prefix+suffix mode)  Proprietary mechanisms (not, e.g., IPSec AH)
  • 29. Cellular IP: Other issues Advantages:  Simple and elegant architecture  Mostly self-configuring (little management needed)  Integration with firewalls / private address support possible Potential problems:  Not transparent to MNs (additional control messages)  Public-key encryption of MN keys may be a problem for resource-constrained MNs  Multiple-path forwarding may cause inefficient use of available bandwidth
  • 30. Reference  JOCHEN SCHILLER, Mobile Communication  James F. Kurose and Keith W. Ross, Computer Networking: A Top- Down Approach, 5/E  William Stallings, Wireless Communications and Networks  https://www.ietf.org/rfc/rfc3220.txt  https://tools.ietf.org/html/rfc3024