security for mobility on ipgeneral security objectives lfor telcos – protection of the core...

Branche Développement

Le présent document contient des informations qui sont la propriété de France Télécom. L'acceptation de ce document par son destinataire implique,de la part de ce dernier, la reconnaissance du caractère confidentiel de son contenu et l'engagement de n'en faire aucune reproduction, aucune

transmission à des tiers, aucune divulgation et aucune utilisation commerciale sans l'accord préalable écrit du Cnet

Cnet© France Télécom - (Nom du fichier) - D1 - 21/02/00

Diffusion libre

MTM 2000 Workshop, Dublin, 16-17 February 2000

Security for Mobility on IP

Olivier CHARLESMTM 2000, Dublin17 February 2000

Branche DéveloppementCnet

La communication de ce document est soumise à autorisation du Cnet

© France Télécom - (Nom du fichier) - D2 - 21/02/00

Diffusion libre


Security for Mobility on IP

l Introduction of Mobile IP concepts and challenges for Telcos

l Presentation of the P912 Eurescom project

l Security objectives

l Security threats

l Security solutions

l Futures developments and projects




Diffusion libre


Mobile IP concepts

l Transparent routing of IP datagrams to mobile nodes

l Mobile nodes can keep their connections active while moving

l Each mobile is always identified by its home address

l The mobile gets a temporary address on the foreign network

l Tunnelling of packets between a home agent and the mobileCare of Address




Diffusion libre


Mobile IP challenge for Telcos

l Provide “Mobile IP based remote access” services– to the Internet– to intranets

l Operate Mobile IP based 3rd generation cellular systems– IETF– 3GPP

l Develop Mobile IP based WAP services




Diffusion libre


EURESCOM P912 : Security for Mobility on IP

l objectives

– Security oriented review of protocols for mobility in IP

– Investigation of a threat analysis related to the addition of

mobility facilities on IP (identification, evaluation of risks)

– Definition and proposal of security services to be implemented

in a mobile environment




Diffusion libre


EURESCOM P912 : Security for Mobility on IP

l Shareholders– BT, DT, TE, NT and FT (project leader)

l dates– from January 1999 to December 1999

l deliverables– D1: “Security requirements for the introduction of mobility to IP”– D2 : “ Security guidelines for the introduction of mobility to IP”




Diffusion libre


EURESCOM P912 : Methodology

l Objectives

l Requirements

l threat identification

l Risk assessment

l Selection of the most crucial threats

l Security features

l Guideline for the introduction of the mobility to IP




Diffusion libre


General security objectives

l for Telcos– Protection of the Core Networks– Ease of Implementation– Protection of stored information– Security services

l for user– Confidentiality of user location– Disclosure, modification, or destruction of user information– protection of user identity from exposure– Confidentiality of transmitted data




Diffusion libre


Specific security objectives

l 7 classes– Confidentiality– Authentication– Authenticity– Availability– Authorised access– Accountability– Assurance




Diffusion libre


Threat identification : Methodology

l Based on about 80 scenarios– user, connection, hardware, application...– different types of movements :

• static mobility (slow movements)• dynamic mobility (fast movements)

l Translation of some scenarios into Message Sequence Charts– detailed threat analysis– both IPv4 and IPv6




Diffusion libre


Threat identification : Graphical Scenarios

Correspondent #3

Correspondent #1

Network of thecorrespondent #1

Correspondent #2

visited subnet #2

Internet

Home link

Mobile Node"away from home"

Scen

ario

51.

1.2.

2

Scenario 1.1.2.3

Scenario 1.1.2.1

Mobile Node




Diffusion libre


Threat identification : MSC

AuthenticationBinding Acknowledgment(optional)

MobileNode

ForeignRouter

ForeignRouter 1

Correspondent#1

HomeRouter

HomeAgent

MobileNode

Mobile Node sends bindings updates

Authentication

BindingUpdate

Neighbor Advertisement

BindingAcknowledgment

BindingUpdate

Authentication

Authentication




Diffusion libre


Identified Threats : 4 classes (1)

l Loss of confidentiality/Session stealing/Spoofing on– the mobile node– the foreign-agent– the home-agent– other hosts on the foreign network

l Loss of security features provided by the home network– firewall protection on the home network




Diffusion libre


Identified Threats : 4 classes (2)

l Denial of Service / Flooding of :– the mobile node– the home agent– the foreign agent (IPv4 environment)– the correspondent (IPv6 environment)

l Tracking of the mobile node




Diffusion libre


Evaluation of threats : 10 criterias

• Equipment required (price and availability)• Knowledge required• Time required (Time to prepare the attack, Time to perform the

attack)• Location required• Time-window required (Number of periods of time, length of period

of time)• Number of possible targets• Time to recover• Difficulty of detecting an attack• Difficulty of identifying the attacker• Type of access required




Diffusion libre


Solutions

l IPSec

l Client Side Firewall

l Frequency hopping

l Protection of the PNOs network

l Public Key Infrastructure

l Smartcard

l Special care of ...




Diffusion libre


Use IPSec

l ESP– between the mobile node and the home agent,– between the foreign agent and home agent,– protect sensitive AAA traffic (traffic encryption for

confidentiality).

l Sending IPv6 Binding Updates– mandatory,– use of PKI over IPSec/IKE.




Diffusion libre


Use client side Firewalls

l Protection of the mobile node while visiting a foreign network:– possible attacks from other mobile nodes connected to the

same foreign network.– no more trusted firewall between the mobile and the Internet

l Client side lightweight intrusion detection systems:– on the foreign network,– on the mobile node.




Diffusion libre


Use frequency hopping

l Over wireless links (e.g. WLAN)

l Confidentiality improvement of :– user traffic,– user location.




Diffusion libre


Protecting the PNOs network

l Where the foreign agent is located– firewall (problem with packet filtering)– intrusion detection systems

l Home network and home agent– limit access to home-agent to registration requests




Diffusion libre


Public Key Infrastructure

l Use public key encryption– to establish dynamic IPSec security associations

• based on PKI,• enable non-repudiation services

l Use PKI for management of security elements– no need for protection of secret key bases– enable easy end-to-end strong authentication




Diffusion libre


Smart cards

l Storage of sensitive information– for authentication, signature and generation of ciphering keys

l Enable user mobility vs. terminal mobility– authentication of the user vs terminal authentication– storage of (all or part of) user profiles




Diffusion libre


Special care of

l Using carefully selected IPv6 addresses– autoconfiguration builds traceable IPv6 addresses

l Using carefully selected Network Access Identifiers– loss of user location confidentiality

l Enabling different options– co-located addresses, enabling AAA, etc…




Diffusion libre


Future developments

l AAA for Mobile IP : coming draft– today it is just a requirement list

l Macro & Micro Mobility– IP Cellular, Hawai, HMIP

l 3GPP standard– security aspects




Diffusion libre


Other FT project : « Mobisecv6 » (1)

l Objectives : develop a complete Mobile IPv6 plate-form– Mobile : FreeBSD– Home Agent : AIX– Firewall : Netwall®

– Hierarchical Mobile IPv6 managementl Partners :

– INRIA (Mobile Host, HMIP6)– BULL ( Home Agent, Firewall)– France Telecom CNET (validation, security)




Diffusion libre



Router

Router

Router

Router

H.A

To the 6Bone

DNS

Host

www

PPP / GSM Network

Host HostMicrosoft Kame

WaveLan

Ftp

mobile

mobile




Diffusion libre



l Main results on the security– IPSec IKE IPv6 available– interoperability between AIX and FreeBSD

l Open issues– interoperability with Microsoft and Kame (testing is possible)– theoretical problems while away from home for IKE phase #1




Diffusion libre


New EURESCOM Projects

l P1001 : “PKI Implementation and Test Suites for SelectedApplications and Services”– Defining, implementing and testing a Europe-wide PKI

between telcos– Task 7 : PKI for Mobile IP

l P1013 : ”First steps towards UMTS: Mobile IP Services.A European testbed”– “Mobile IP core network” for UMTS– Testbed– Security aspects

security for mobility on ipgeneral security objectives lfor telcos – protection of the core...

Documents