350 likes | 447 Views
MIPv6Security: Dimension Of Danger. Unauthorized creation (or deletion) of the Binding Cache Entry (BCE). MIPv6Security: Basic Address Stealing. BU <HoA = IP MN , CoA = IP COA >. MN. CN. Original Data Flow. MN sends a BU to the CN with the HoA address IP MN and a COA
E N D
MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).
MIPv6Security: Basic Address Stealing BU <HoA = IPMN, CoA = IPCOA > MN CN Original Data Flow MN sends a BU to the CN with the HoA address IPMN and a COA IPCOA . The CN will create a Binding Cache Entry (BCE) as <HoA = IPMN, CoA = IPCOA >. The data will flow directly from the CN To the MN.
MIPv6Security: Basic Address Stealing-no ingress (continue) Original Data Flow New Data Flow MN CN Victim BU <HoA = IPMN, CoA = IPvictim > Attacker Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The data will flow will be diverted into The victim node.
MIPv6Security: Basic Address Stealing-with ingress (continue) Original Data Flow New Data Flow MN CN Victim Ingress Filter BU <HoA = IPMN, Alt CoA = IPvictim > Attacker Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is The Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The data will flow will be diverted into The victim node.
MIPv6Security: Basic Address Stealing (continue) The Binding Update Authorization Mechanism is designed to prevent this threat, and to limit the location of the attacker in the path between a Correspondent Node and the Home Agent.
MIPv6Security: Address Stealing Of Stationary Node (continue) Initiate Data Flow MN CN New Data Flow Victim-HTTP Server Original Data Flow BU <HoA = IPMN, CoA = IPHTTPServer > Attacker Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPHTTPServer >. The data will flow will be diverted into The HTTP Server.
MIPv6Security: Address Stealing Of Stationary Node-with ingress (continue) Original Data Flow New Data Flow MN CN Victim-HTTP Server Ingress Filter BU <HoA = IPMN, Alt CoA = IPHTTPServer > Attacker Denial Of Service Attack : Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the HTTP Server IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPHTTPServer >. The data will flow will be diverted into the HTTP Server.
MIPv6Security: Static Nodes vs Mobile Nodes Address Stealing of a stationary node is more easier than address stealing of a node which is always configuring its IP address. So, it is not the MN which is vulnerable to address stealing attacks, it is the well known static server. The security design must make reasonable measure to prevent the creation of fraudulent binding cache entries In the first place
MIPv6Security: Future Address Stealing • Attacker is obtaining a dynamic home IP address. • The attacker can figure out the address which will • be used as a home IP address by certain MN. • Attacker will create Binding Cache Entry in a CN with • a vectim IP address as a CoA. • The attacker releases the home IP address, and • the target node obtains the same address. • If the BCE lifetime is very long, then the attacker • will launch a future • Denial Of Service or • Man In theMiddle Attack.
MIPv6Security: Future Address Stealing (continue) Initiate Data Flow 2 New Data Flow 3 MN CN Victim BU <HoA = Future IPMN, CoA = IPvictim > 1 Attacker Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The MN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node.
MIPv6Security: Future Address Stealing (continue) Initiate Data Flow 2 New Data Flow 3 MN CN Victim Ingress Filter BU <HoA = Future IPMN, Alt CoA = IPvictim > 1 Attacker Denial Of Service Attack: Attacker send a BU to the CN. The source IP address for the BU is the Attacker IP address, the Alternative COA is the victim IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPvictim >. The MN obtain a dynamic IP address and initiate a data session. The data will flow will be diverted into The victim node.
MIPv6Security: Future Address Stealing (continue) To limit this type of attack the lifetime Of BCE entries is limited to few minutes.
MIPv6Security: Attacks against Secrecy and Integrity Solution: IPsec-E2E encryption/decryption Original Data Flow MN CN New Data Flow BU <HoA = IPMN, CoA = IPattacker > Attacker Man In the Middle Attack: Attacker pretends that he is a MN. Send a BU to the CN. The source IP address for the BU is the attacker IP address. The CN will modify the Binding Cache Entry (BCE) to <HoA = IPMN, CoA = IPattacker >. The data will flow will be diverted into The attacker node.
MIPv6Security: Attacks against Secrecy and Integrity (continue) • Encryption will limit this type of attacks. • In MIPv6 security design adopt the mechanism to authenticate the HoA & CoA periodically by RR (Round Routability). The mechanism make sure that the HoA & CoA belong to the same node.
BU <HoA = IPMN, CoA> MN CN Copy BU Attacker MIPv6Security: Replaying and Blocking Binding Update BU <HoA = IPMN, nCoA> MN CN jamming BU <HoA = IPMN, CoA> Attacker BU <HoA = IPMN, nCoA> Data Capturing MN CN Victim (CoA) jamming BU <HoA = IPMN, CoA> Attacker Denial Of Service Attack The attacker capture the BU packet and impersonate the mobile node. The attacker reserves the MN’s previous address after the MN’s has Moved away and then replayed the previous BU to redirect packets Back to the previous location.
MIPv6Security: Replaying and Blocking Binding Update (continue) Limiting the replay attack effect by: • Limiting the lifetime of the BCE entry. • Using nonce.
MIPv6Security: Basic Flooding Original Data Flow Attacker CN Victim BU <HoA = IP attacker, CoA = IP victim> • Attacker pretend that he is a MN on a foreign sub-network. • Attacker subscribe video stream with CN. • Attacker redirect the video Stream to Victim.
MIPv6Security: Basic Flooding In MIPv6 security design adopt the mechanism to check if there is a node at the new Care-of address and indeed the node is the one that requested redirecting packets to that Care-of address.
MIPv6Security: Return- to-Home Flooding Original Data Flow New Data Flow Attacker CN Home Sub-network BU <HoA = IP attacker, CoA = IP temporary IP> • Attacker pretend that he is a MN on a foreign sub-network. • Attacker subscribe video stream with CN. • Attacker send BU cancellation into CN or leave the BCE to expires. • The data flow will be diverted into home network.
MIPv6Security: Return-to-home Flooding It is difficult to protect completely against this attach. Some degree of protection is provided by Return routability.
MIPv6Security: Inducing Unnecessary Binding Update Binding Update Procedure Victim 1 Binding Update Procedure MN Victim n HA Attacker • Attacker pretend that he is a large number of CNs and send packets • through HA. • MN will start unnecessary BU procedures with CNs. • MN resource will be wasted.
MIPv6Security: Inducing Unnecessary Binding Update Binding Update Procedure Victim MN 1 Binding Update Procedure MN n HA Attacker • Attacker pretend that he is the Victim CN and send packets to many MNs. • MNs will start a BU procedure with the CN, wasting the CN resources.
MIPv6Security: Inducing Unnecessary Binding Update This type of DoS attack can be protected against by: • Limiting the resource used for BU. Once the resources are expired, no more should be used. • Define security policy at the MN to which IP addresses should initiate BU procedure. Define a security policy at the CN to which MNs it is allowed to communicate with.
TCP SYN with HOA TCP SYN-ACK to HOA Attacker reflector victim MIPv6Security: Reflection & Amplification • Attacker uses the Home Address Option to hide the source of the traffic. • Attacker include HOA with the packets sent to some other nodes, • tricking them to send the same number or more packets to the target.
MIPv6Security: Reflection & Amplification This type of DoS attack can be avoided by ensuring that the CN does reply only to the same address from which it receives the packet.
MIPv6Security: Round Routability It is basically checking if there is a node is able to respond to packets send to the given address. The mechanism doesn’t work: • If routing infrastructure is compromised. • If there is an attack between the verifier and the address to be verified.
MIPv6Security: Reflection & Amplification 1) HoTI MN HA 2) HoT 2) HoT 1) HoTI 3) CoTI 4) CoT CN 5) BU • Attacker uses the Home Address Option to hide the source of the traffic. • Attacker include HOA with the packets sent to some other nodes, • tricking them to send the same number or more packets to the target.
MIPv6Security: Goals Of Round Routability • Avoidance Of reflection: CN reply to the source of the message only. • Avoidance Of Amplification: CN reply with only one packet of similar size of the received packet. • Avoidance Of state Exhaustion: The RR messages doesn’t create any state. The state will be created when the first Binding Update is received.
MIPv6Security: Home Address Check It allows the CN to make sure that the received BU is created by the node that has seen the home test packet. • MN sends HoTI to the CN; the CN will respond back by HoT. • The HoT contains a cryptographic generated token created as follows home keygen token = hash(Kcn | home address| nonce|0); Kcn is a secret key known only to the CN. • The assumption is that the path between the CN and HA is more secure than the wireless path between the MN and HA. Accordingly, the HoTI and HoT are traveled encrypted from MN to HA, while it is on the clear from CN and HA.
MIPv6Security: Care-of Address Check It allows the CN to make sure that the received BU is created by the node that has seen the Care-of test packet. • MN sends CoTI to the CN; the CN will respond back by CoT. • The CoT contains a cryptographic generated token created as follows Care-of keygen token = hash(Kcn | Care-of address| nonce|1); Kcn is a secret key known only to the CN. • The test messages traverse path between the MN and CN which is not protected. It is vulnerable to eavesdroppers near the CN or on the path between the CN and MN.
MIPv6Security: First BU from MN • MN will create Kbm as follows: Kbm = SHA1(home keygen token| Care-of keygen token). • BU contains the following information. • Source address = Care-of address, the same as the source if CoTI • Destination Address = CN node IP address. • Home address, the same as the source of HoTI • Sequence number. • Home and Care-of nonce indices. • First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU))
MIPv6Security: First BU Authentication • From the home and Care-of nonce indeces, the home keygen token and the Care-of keygen token will be regenerated: home keygen token = hash(Kcn | home address| nonce|0). Care-of keygen token = hash(Kcn | Care-of address| nonce|1). • The Kbm will be regenerated as follows: Kbm = SHA1(home keygen token| Care-of keygen token). • The authenticator will be regenerated as follows: Authenticator = First (96,HMAC_SHA1(Kbm, care-of Address: CNIP|BU) • The generated authenticator from the previous step will be compared with the authenticator in the BU.
MIPv6Security: Time Shifting Attacks Lifetime of the BCE allows for the time shifting attack. • If the attacker is able to create false BCE, he will continue his attack until the BCE lifetime expires. • Or, The attacker will be able to delay the return-to-home flooding until the BCE entry expires. The lifetime is very restricted in the current design, consequently the time shift attack will be restricted too.
MIPv6Security: Pretending to be your neighbor • Attacker uses its real home address, but the address of its neighbor as a Care-of address to perform RR procedure. • The attacker will eavesdrop the care-of Test as it appears on the local link. • The attacker will divert the traffic into neighboring node, resulting in an flooding attack. This attack is not very serious because: • It is only possible against neighbors on local link. • Similar attack can be worked out with Neighbor Discovery spoofing
References • Mobile IP version 6 Route Optimization Security Design Background. Draft-nikander-mobileip-v6-ro-sec-01