security for mobility on ipgeneral security objectives lfor telcos – protection of the core...
TRANSCRIPT
Branche Développement
Le présent document contient des informations qui sont la propriété de France Télécom. L'acceptation de ce document par son destinataire implique,de la part de ce dernier, la reconnaissance du caractère confidentiel de son contenu et l'engagement de n'en faire aucune reproduction, aucune
transmission à des tiers, aucune divulgation et aucune utilisation commerciale sans l'accord préalable écrit du Cnet
Cnet© France Télécom - (Nom du fichier) - D1 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Security for Mobility on IP
Olivier CHARLESMTM 2000, Dublin17 February 2000
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D2 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Security for Mobility on IP
l Introduction of Mobile IP concepts and challenges for Telcos
l Presentation of the P912 Eurescom project
l Security objectives
l Security threats
l Security solutions
l Futures developments and projects
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D3 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Mobile IP concepts
l Transparent routing of IP datagrams to mobile nodes
l Mobile nodes can keep their connections active while moving
l Each mobile is always identified by its home address
l The mobile gets a temporary address on the foreign network
l Tunnelling of packets between a home agent and the mobileCare of Address
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D4 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Mobile IP challenge for Telcos
l Provide “Mobile IP based remote access” services– to the Internet– to intranets
l Operate Mobile IP based 3rd generation cellular systems– IETF– 3GPP
l Develop Mobile IP based WAP services
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D5 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
EURESCOM P912 : Security for Mobility on IP
l objectives
– Security oriented review of protocols for mobility in IP
– Investigation of a threat analysis related to the addition of
mobility facilities on IP (identification, evaluation of risks)
– Definition and proposal of security services to be implemented
in a mobile environment
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D6 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
EURESCOM P912 : Security for Mobility on IP
l Shareholders– BT, DT, TE, NT and FT (project leader)
l dates– from January 1999 to December 1999
l deliverables– D1: “Security requirements for the introduction of mobility to IP”– D2 : “ Security guidelines for the introduction of mobility to IP”
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D7 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
EURESCOM P912 : Methodology
l Objectives
l Requirements
l threat identification
l Risk assessment
l Selection of the most crucial threats
l Security features
l Guideline for the introduction of the mobility to IP
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D8 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
General security objectives
l for Telcos– Protection of the Core Networks– Ease of Implementation– Protection of stored information– Security services
l for user– Confidentiality of user location– Disclosure, modification, or destruction of user information– protection of user identity from exposure– Confidentiality of transmitted data
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D9 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Specific security objectives
l 7 classes– Confidentiality– Authentication– Authenticity– Availability– Authorised access– Accountability– Assurance
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D10 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Threat identification : Methodology
l Based on about 80 scenarios– user, connection, hardware, application...– different types of movements :
• static mobility (slow movements)• dynamic mobility (fast movements)
l Translation of some scenarios into Message Sequence Charts– detailed threat analysis– both IPv4 and IPv6
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D11 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Threat identification : Graphical Scenarios
Correspondent #3
Correspondent #1
Network of thecorrespondent #1
Correspondent #2
visited subnet #2
Internet
Home link
Mobile Node"away from home"
Scen
ario
51.
1.2.
2
Scenario 1.1.2.3
Scenario 1.1.2.1
Mobile Node
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D12 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Threat identification : MSC
AuthenticationBinding Acknowledgment(optional)
MobileNode
ForeignRouter
ForeignRouter 1
Correspondent#1
HomeRouter
HomeAgent
MobileNode
Mobile Node sends bindings updates
Authentication
BindingUpdate
Neighbor Advertisement
BindingAcknowledgment
BindingUpdate
Authentication
Authentication
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D13 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Identified Threats : 4 classes (1)
l Loss of confidentiality/Session stealing/Spoofing on– the mobile node– the foreign-agent– the home-agent– other hosts on the foreign network
l Loss of security features provided by the home network– firewall protection on the home network
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D14 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Identified Threats : 4 classes (2)
l Denial of Service / Flooding of :– the mobile node– the home agent– the foreign agent (IPv4 environment)– the correspondent (IPv6 environment)
l Tracking of the mobile node
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D15 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Evaluation of threats : 10 criterias
• Equipment required (price and availability)• Knowledge required• Time required (Time to prepare the attack, Time to perform the
attack)• Location required• Time-window required (Number of periods of time, length of period
of time)• Number of possible targets• Time to recover• Difficulty of detecting an attack• Difficulty of identifying the attacker• Type of access required
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D16 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Solutions
l IPSec
l Client Side Firewall
l Frequency hopping
l Protection of the PNOs network
l Public Key Infrastructure
l Smartcard
l Special care of ...
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D17 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Use IPSec
l ESP– between the mobile node and the home agent,– between the foreign agent and home agent,– protect sensitive AAA traffic (traffic encryption for
confidentiality).
l Sending IPv6 Binding Updates– mandatory,– use of PKI over IPSec/IKE.
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D18 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Use client side Firewalls
l Protection of the mobile node while visiting a foreign network:– possible attacks from other mobile nodes connected to the
same foreign network.– no more trusted firewall between the mobile and the Internet
l Client side lightweight intrusion detection systems:– on the foreign network,– on the mobile node.
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D19 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Use frequency hopping
l Over wireless links (e.g. WLAN)
l Confidentiality improvement of :– user traffic,– user location.
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D20 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Protecting the PNOs network
l Where the foreign agent is located– firewall (problem with packet filtering)– intrusion detection systems
l Home network and home agent– limit access to home-agent to registration requests
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D21 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Public Key Infrastructure
l Use public key encryption– to establish dynamic IPSec security associations
• based on PKI,• enable non-repudiation services
l Use PKI for management of security elements– no need for protection of secret key bases– enable easy end-to-end strong authentication
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D22 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Smart cards
l Storage of sensitive information– for authentication, signature and generation of ciphering keys
l Enable user mobility vs. terminal mobility– authentication of the user vs terminal authentication– storage of (all or part of) user profiles
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D23 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Special care of
l Using carefully selected IPv6 addresses– autoconfiguration builds traceable IPv6 addresses
l Using carefully selected Network Access Identifiers– loss of user location confidentiality
l Enabling different options– co-located addresses, enabling AAA, etc…
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D24 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Future developments
l AAA for Mobile IP : coming draft– today it is just a requirement list
l Macro & Micro Mobility– IP Cellular, Hawai, HMIP
l 3GPP standard– security aspects
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D25 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Other FT project : « Mobisecv6 » (1)
l Objectives : develop a complete Mobile IPv6 plate-form– Mobile : FreeBSD– Home Agent : AIX– Firewall : Netwall®
– Hierarchical Mobile IPv6 managementl Partners :
– INRIA (Mobile Host, HMIP6)– BULL ( Home Agent, Firewall)– France Telecom CNET (validation, security)
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D26 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Other FT project : « Mobisecv6 » (2)
Router
Router
Router
Router
H.A
To the 6Bone
DNS
Host
www
PPP / GSM Network
Host HostMicrosoft Kame
WaveLan
Ftp
mobile
mobile
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D27 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
Other FT project : « Mobisecv6 » (3)
l Main results on the security– IPSec IKE IPv6 available– interoperability between AIX and FreeBSD
l Open issues– interoperability with Microsoft and Kame (testing is possible)– theoretical problems while away from home for IKE phase #1
Branche DéveloppementCnet
La communication de ce document est soumise à autorisation du Cnet
© France Télécom - (Nom du fichier) - D28 - 21/02/00
Diffusion libre
MTM 2000 Workshop, Dublin, 16-17 February 2000
New EURESCOM Projects
l P1001 : “PKI Implementation and Test Suites for SelectedApplications and Services”– Defining, implementing and testing a Europe-wide PKI
between telcos– Task 7 : PKI for Mobile IP
l P1013 : ”First steps towards UMTS: Mobile IP Services.A European testbed”– “Mobile IP core network” for UMTS– Testbed– Security aspects