410 likes | 612 Views
Security Support in Mobile IPv6. 김 건 우 kimgw@etri.re.kr. 네트워크보안연구부. IPv6 도입 배경 및 특징. IPv6 진화 동기 인터넷 접속 노드 증가에 따른 주소 영역의 확장 필요 0.0.0.0 ~ 126.0.0.0(A 클래스 ) 대부분을 미국이 독식 사용자의 다양한 서비스 욕구 실시간 서비스 , 멀티미디어 서비스 등 보안 및 인증서비스 필요 특징 확장된 Addressing 능력
E N D
Security Support inMobile IPv6 김 건 우 kimgw@etri.re.kr 네트워크보안연구부
IPv6 도입 배경 및 특징 • IPv6 진화 동기 • 인터넷 접속 노드 증가에 따른 주소 영역의 확장 필요 • 0.0.0.0 ~ 126.0.0.0(A 클래스) 대부분을 미국이 독식 • 사용자의 다양한 서비스 욕구 • 실시간 서비스, 멀티미디어 서비스 등 • 보안 및 인증서비스 필요 • 특징 • 확장된 Addressing 능력 • Address size : 32bits 128 bits • “anycast”라는 새로운 형태의 address 정의 • 헤더 형식의 단순화 및 옵션화 • QoS 향상 : Flow Labeling 및 Priority • Authentication 및 Privacy • 향상된 Mobility 지원
IPv4 Format vs. IPv6 Format Version HLEN Type of Service Total Length • 14 fields, at least 20 octets • 32-bit addresses • fragmented packet processing at every hop • header checksum recalculation at every hop Identification Flags(3) Fragment Offset TTL Protocol HeaderChecksum Source IP Address Destination IP Address Version Priority Flow Label • 8 fields, fixed 40 octet size • 128-bit addresses • fragmentation only in src and dst endpoint, or lower layer • no checksums • new 20-bit flow label field • options in Extension Headers Payload Length Next Header Hop Limit Source Address Destination Address
IPv6 확장 헤더 • 확장 헤더(IP Extension Header) • 추가적인 정보를 경로에 따라 목적지나 중간 시스템으로 나르거나 IP 데이터그램에 제공하기 위해 사용 • IP datagram의 기본 헤더 다음에 위치 • 확장 헤더 순서 • 중간 라우터가 효율적으로 데이터그램을 처리하기 위해 확장 헤더 순서를 준수 • 예) 0 -> 43 -> 44 ->51 -> 6 Hop-by-hop Options Header 0 43 Routing Header Fragmentation Header 44 50 Encapsulating Security Payload Authentication Header 51 59 No Next Header 60 Destination Options Header
IPv6 주소 체계 • IPv6 address • 128bits로 인터페이스들과 인터페이스들의 집합을 지정 • Subnet Prefix + Interface ID • 주소 유형 • unicast address • anycast address • multicast address • 표현 방식 • FEDC : BA98 : 7654 : 3210 : FEDC : BA98 : 7654 : 3210 • 1080 : 0 : 0 : 0 : 8 : 800 : 200C : 417A => 1080 : : 8 : 800 : 200C : 417A • 0 : 0 : 0 : 0 : 0 : FFFF : 129.254.12.164 => : : FFFF : 129.254.12.164
인증기관 인터넷 정보보호 기술(IPsec) • 보안연계성(SA) 설정 및 안전한 데이터 전송 보장 협상 보안규칙집행 보안규칙집행 보안터널링 Internet
AH & ESP & IKE 를 이용 개요 제공되는 보안서비스 목 적 • Access Control • Connectionless Integrity • Data Origin Authentication • Protection against Replays • Confidentiality • Limited Traffic Flow Confidentiality • IP계층에서의 다양한 보호서비스 제공 • 응용계층과 독립적인 네트워크 보안 가능 • IPv6(mandatory), IPv4(optional) Application IKE Presentation Session Transport IPsec(AH, ESP) Network Datalink Physical
IPsec 컴포넌트 • IPsec 엔진 • AH, ESP 구현 • SP 및 SA를 통한 헤더 프로세싱 • 프레그멘테이션/PMTU와 같은 네트워크 계층의 이슈 제어 • SADB(Security Association Database) • 패킷에 적용되는 security를 결정하는 요소 • IKE(Internet Key Exchange) • 사용자 레벨의 어플리케이션 • 새로운 SA 협상(phase1/phase2) • SPS(Security Policy System) • 패킷 액션을 결정, SA 적용을 위한 selector 제공 • IKE 협상을 위한 security parameter 제공 • 도메인(서브 네트워크)간의 security paradigm 결정 및 교환
SPS SPS Transform Transform SPS SPS Transform Library SMS SPS IPsec 동작 구조 Application Programs telnet ftp mail Security Management Network CA/Key Management Network set SA SAD Auditing Reporting Host Sensor SA Request/ Reply CA Server Certificate IKE Server Auditing IPsec Engine SA Negotiation Auditing Policy Set/Get Key Management System Policy Request/ Reply Enc/Dec Key Store/ Recovery SPDB Policy Setting Network Interface get SA Secure Packet send/receive
Data IPsec Tunnel or Transport Internet Host Host Data IPsec Tunnel Transport mode Tunnel mode Internet 상위계층 데이터에 보안서비스 제공 전체 IP 패킷에 보안서비스 제공 Host Host Secure Gateway Secure Gateway host와 secure gateway에 적용 host에 적용 Operation Mode
Authentication Header(AH) • RFC 2402에 정의 • 제공되는 서비스 • connectionless integrity • data origin authentication for IP datagram • Anti-Replay service • 보호되는 영역 • IP Header 영역 • IP 상위 레벨의 data
31 0 15 16 7 8 Next Header Payload Length RESERVED Security Parameter Index(SPI) Sequence Number Field Authentication Data(variable) AH Format • Next Header(8 bits) • Specify the Next Header Type • Payload Length(8 bits) • Length of AH in 4-byte Unit • RESERVED(16 bits) • Set ot All “Zero” • SPI(32 bits) • Identify the Security Association • 1~255 : Reserved by IANA • Sequence Number(32 bits) • Monotonically Increasing Counter Value • For the Anti-Replay Service • Authentication Data(Variable Size) • ICV of the Packet
Dest. Options ExtHdr(Hop-by-hop, dest,routing, frag.) Extension Headers if present Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) TCP TCP TCP TCP AH AH Data Data Data Data AH Location(1) – Transport Mode IPv4 Authenticated except for mutable fields IPv6 Authenticated except for mutable fields
TCP /UDP Extension Headers if present Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) Ext Hdrs if present TCP/UDP TCP/UDP TCP/UDP AH AH Data Data Data Data New IP Header (Any options) New IP Header (Any options) Ext Hdrs if present AH Location(2) – Tunnel Mode IPv4 Authenticated except for mutable fields in the New IP Header IPv6 Authenticated except for mutable fields in the New IP Header
Encapsulating Security Payload(ESP) • RFC 2406에 정의 • 제공되는 서비스 • Confidentiality • Data Origin Authentication • Connectionless Integrity • Anti-Replay Service(Option for Receiver) • Limited Traffic Flow Confidentiality
SPI(32 bits) Identify the Security Association 1~255 : Reserved by IANA Sequence Number(32 bits) Monotonically Increasing Counter Value For the Anti-Replay Service Padding(for Encryption) For the Block Cipher 31 0 15 16 Security Parameter Index(SPI) Sequence Number Field Payload Data(variable) Padding(0~255 bytes) Pad Length Next Header Authentication Data(variable) ESP Header Format Authentication Coverage Confidentiality Coverage • Payload Data(variable size) • Upper Layer Data • IV(Initial Vector) Included • Pad Length(8 bits) • Next Header(8 bits) • Specify the Next Header Type • Authentication Data(Variable Size) • ICV of the Packet
TCP /UDP TCP /UDP TCP /UDP TCP /UDP Dest. Options ExtHdr(Hop-by-hop, dest,routing, frag.) Extension Headers if present Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) Original IP Header (Any options) Before Applying ESP ESP Hdr. Data Data Data Data IPv4 ESP Trailer ESP Trailer ESP Auth. ESP Auth. ESP Hdr. Encrypted Authenticated Before Applying ESP IPv6 Encrypted Authenticated ESP Location(1) – Transport Mode
Orig Ext Headers Original IP Header (Any options) Original IP Header (Any options) Extension Headers if present Original IP Header (Any options) Original IP Header (Any options) TCP TCP Data Data TCP TCP Data Data ESP Trailer ESP Trailer ESP Auth. ESP Auth. ESP Hdr. ESP Hdr. ESP Location(2) – Tunnel Mode IPv4 New IP Header (Any options) Encrypted Authenticated IPv6 New IP Header (Any options) Ext Hdrs if present Encrypted Authenticated
AH/ESP Example Secure gateway 1 Secure gateway 2 Host A Host B Authentication only IPSEC IPSEC Encryption and authentication Security Policies • Secure gateway use the AH • The ESP is used between End-Hosts Original Packet in Host A IP header Payload Between Host A and Secure gateway 1 IP header ESP header Payload ESP trailer ESP auth Between two Secure gateways New IP header AH IP header ESP header Payload ESP trailer ESP auth Between Host B and Secure gateway 2 IP header ESP header Payload ESP trailer ESP auth AH Added ESP applied packet
방어 가능한 해킹 기술 AH (Authentication Header) ESP (Encapsulating Security Payload) Protocols Attack 방법 Replay Attack SN SN Packet 위•변조 공격 ICV ICV, Encryption IP Spoofing ICV ICV Packet sniffing Encryption Session Hijacking ICV, Encryption DoS(Denial of Service) Attack ICV, Encryption
인터넷 이동성 • Portability • Application을 계속 사용하지 않는 상태에서의 이동 • DHCP(Dynamic Host Configuration Protocol), PPP • 인터넷 주소(IP Address) 할당, DNS 정보 • Mobility • Seamless한 통신 지원 • MIP(v6), GPRS
Mobile IP의 기본 개념 • 우편 시스템과의 비교 • 우편 시스템 • 사람이 자주 이사 다니지 않는다 • 발신자가 수신자의 현재 거주주소를 직접 알아서 보냄 • 이동 인터넷(MIPv4) • 이동 단말은 자주 인터넷을 옮겨 다님 • 발신자가 수신자의 현재 주소를 모름 • 본적지로 보냄 • 본적지에서 현주소로 다시 전송 • 이동 단말은 네트워크 이동할 때마다 현주소를 본적지에 등록 • MIPv6 • 이동 단말이 네트워크를 이동할 때마다 현주소를 본적지에 등록 • 상대 노드에 현재 주소를 직접 알려줘서 현주소로 편지 전송 부탁 • 본적지를 통해서 수신한 경우
Operation in MIP Correspondent Node route optimization(optional) Triangle Routing Foreign Agent(FA) Home Agent(HA) 129.254.2.1 129.254.1.1 터널링 이동 Mobile Node Foreign Network Home Network 129.254.1.100 129.254.2.100
Mobility in IPv6 Correspondent Node Foreign Router Home Agent 3ffe:2e01:2::1 3ffe:2e01:1::1 이동 Foreign Network Home Network Mobile Node Home Address (3ffe:2e01:1::100) Care-of-Address 할당 (3ffe:2e01:2::100)
MIPv6 Operation Flow Correspondent Node correspondent binding procedure return routability procedure Home Agent home registration get care-of address movement Mobile Node Mobile Node
Home Registration Message Format source : care-of address destination : HA’s address IPv6 Header MN’ home address Home Address Destination Option ESP IPsec Header Payload proto Header Len MH Type = 5 Reserved Checksum Sequence # Reserved A H L K Lifetime Alternate Care-of Address option Nonce Indices option BU Binding Authorization Data option BA Home Agent Mobile Node source : HA’ address destination : care-of address IPv6 Header MN’s home address Type 2 Routing Header ESP IPsec Header Payload proto MH Type = 6 Reserved Header Len AH or ESP Checksum K Status Reserved Sequence # Lifetime Binding Refresh Advice Option Binding Authorization Data option
Return Routability Procedure Correspondent Node HoTI CoTI CoT HoT Home Agent HoT HoTI Mobile Node
HoTI & HoT home keygen token = First(64, HMAC_SHA1(Kcn, (home address | nonce | 0))) CN CN’s address home address home address CN’s address home init cookie home keygen token home nonce index home init cookie HoT HA’s address HA care-of address CN’s address home address home init cookie home keygen token home nonce index care-of address HA’s address HoTI home address CN’s address home init cookie MN
CoTI & CoT care-of keygen token = First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1))) CN CN’s address CoT care-of address care-of init cookie care-of keygen token care-of nonce index care-of address CN’s address care-of init cookie HA CoTI MN
Authorizing BU Kbm(160 비트) = SHA1(home keygen token | care-of keygen token) or Kbm(160 비트) = SHA1(home keygen token) MAC_mn = HMAC_SHA1(Kbm, (care-of address | CN address | BU)) or MAC_cn = HMAC_SHA1(Kbm, (care-of address | CN address | BA)) Mobile Node Correspondent Node care-of address nonce indices seq # Binding Update MAC_mn status seq # Binding Acknowledgement(if sent) MAC_cn
MIPv6 구현 사례(1) • Lancaster • Computer lab of Lancaster Univ. • 1998.6.3 • Linux (kernel 2.1.90) • Draft-ietf-mobileip-ipv6-05.txt • National Univ. of Singapore(NUT) • NUS mobile IP research group • 1997.10 : version 1.0 Alpha • Linux(kernel 2.1.59) • Draft-ietf-mobileip-ipv6-05.txt • 1999.12 : version 1.1
MIPv6 구현 사례(2) • Helsinki Univ. of Technology(HUT) • Telecommunication & multimedia lab. of HUT • Linux(kernel 2.3) • 2001.9 : version 0.9 • Draft-ietf-mobileip-ipv6-14.txt • MS • LandMARC project의 한 부분으로 수행 • Version 1.4 • 2000.11 • Window 2000, NT
Security Problems in MIPv6 • Is IPsec adequate ? • Global Key distribution mechanism ? • Burden on the terminal of limited capacity? • Other possibilities ? • IPv6 problem vs. MIPv6 inherent problem vs. problem from wireless
Mobile IPv6 공격 패턴(1) • DoS 공격 • 이미 MN의 home address와 CN의 address 습득 • CN에 BU 전송 BU attacker Divert(DoS) CN MN
Mobile IPv6 공격 패턴(2) • MITM 공격 attacker BU BU MITM CN MN
Mobile IPv6 공격 패턴(3) • Attacker sends ICMP unreachable for MN’s CoA • Effect • Packets from CN will go through HA ICMP unreachable for MN’s CoA CN HA MN
Mobile IPv6 공격 패턴(4) • BU flooding • attacker는 BU를 계속 빠르게 전송 • Exhausts Binding Cache of MIPv6 node attacker BU BU MN CN
Mobile IPv6 공격 패턴(5) • Packet Reflecting Threats • HA as packet reflector • DDos Attacker is easy to hide HA1 believes that one of its’ MNs CoA(MN1) is the address DDos target Tunneling Packets to MN? victim host HA2 believes that one of its’ MNs CoA(MN2) is the address DDos target Sends packets to MN1 attacker Sends packets to MN2 HA3 believes that one of its’ MNs CoA(MN3) is the address DDos target Sends packets to MN3
Mobile IPv6 공격 패턴(6) • Packet Reflecting Threats • CN as packet reflector • DDos Attacker is easy to hide Reply to MN CN1 believes that MN is DDoS target victim host CN2 believes that MN is DDoS target attacker CN3 believes that MN is DDoS target
Mobile IPv6 공격 패턴(7) • Disclosure of Sensitive Information • Send ICMP Home Agent Address Discovery Request to MN’s home network HA MN ICMP Haad Request CN attacker
Security Solutions in MIPv6 • IPsec과 RR을 통한 Binding Update 보호 • DoS, MITM 공격 방지 • BU replay attack • 예전에 사용하던 BU를 통해서 MN으로 향하는 패킷이 현재 care-of address가 아닌 old care-of address로 전송 DoS 공격 • IPsec을 사용할 경우 • SN과 ICV를 통해서 replay attack 방지 • RR을 사용할 경우 • Kbm을 통한 해쉬를 통해서 replay attack 방지 • Security Hole 존재 • attacker가 CN의 network에 위치해서 Kbm을 알게 되면 BU를 이용한 공격 가능 • victim node로 하여금 과도한 암호학적 연산을 요구하거나 상태를 유지하기 위해서 많은 메모리 할당을 요구