Application of Mobile IP and Proxy Mobile IP Security

/
International Civil Aviation Organization
WORKING PAPER / ACP-WG I-06/IP-02
3/17/2008

Aeronautical Communication Panel

Working Group I – Internet Protocol Suite (IPS)

March 17-20, 2008

Montreal, Canada

Application

of

Mobile IPandProxy Mobile IP

Security

Prepared by: Vic Patel and Tom McParland

SUMMARY

This paper summarizes the methods of security for IP layer mobility.

1. Introduction

The IETF, WiMAX, 3GPP, and 3GPP2 standards development organizations (SDO) have generally selected two approaches for mobility: Mobile IP [RFC 3344, RFC 3775] and Proxy Mobile IP [mip4-proxy-mode, proxymip6]. The interaction between MIP and PMIP signaling entities is subject to various attacks [bu-attacks], [RFC 4832]. This paper summarizes the methods of securing these approaches.

2. SECURITY OF mip AND pmip

2.1 Authentication of Signaling Messages

2.1.1 MIP SignalingAuthentication

There two common approaches to securing MIP signaling:

a)IPsec [RFC 4301] and

b)the Authentication Protocol for Mobile IPv6 [RFC 4285].

For using IPsec with MIP, [RFC 3776] requires MNs and HAs to support the Encapsulating Security Payload (ESP) [RFC 4303] in transport mode using a non-null payload authentication algorithm.

[RFC 4285] defines aMIPv6-specific mobility message authentication option that can beadded to MIPv6 signaling messages.

2.1.2 PMIP SignalingAuthentication

PMIP signaling is secured with IPsec. [proxymip6] requires MNs and HAs to support ESP in transport mode as in the MIP case. Although IPsec is the mandatory to implement security mechanism, [ proxymip6] states that additional documents may specifyalternative mechanisms.

2.2 Key Establishment

2.2.1 MIP Key Establishment and Entity Authentication

For MIP [RFC 3775] states that manual configuration of IPsec security associations must be supported, and automated key management maybe supported. Manual configuration is generally not practical when large numbers of mobile nodes are involved. [RFC 4877] describes the use of IKEv2 for dynamic keying.

Authentication and access control in access networks it is typically used with the Extensible Authentication Protocol (EAP) [RFC 3748] and a backend Authentication, Authorization, and Accounting (AAA) Server. EAP provides a basic request/response protocol framework over which a specific authentication method, called an EAP method, can run. Within EAP three entities are involved: the Supplicant (which is the MN), the Authenticator (an entity in the access network), and the Authentication Server (typically a AAA server in the home network). EAP between the MN and Authenticator may operate over the access network link level protocol or in conjunction with IKEv2 [eap-ikev2]. EAP between the Authenticator and AAA server operates over RADIUS [RFC 2865] or DIAMETER [RFC 3588]. In cases where there is a distinct home and visited network, the Authenticator may communicate with a local or Proxy AAA server, which in turn communicates with Home AAA server.

In addition to authentication and key distribution, use of an AAA infrastructure facilitates other configuration tasks, such as the MN and HA addresses. The interaction with an AAA infrastructurefor these tasks is referred to Mobile IPv6 bootstrapping [RFC 4640]. For MIP there are two scenarios for operation with an AAA infrastructure. In the integrated scenario [bootstrapping-integrated], authentication between the MN and HA is dependent on the network access authentication process. Configuration parameters and keying material obtained during network access authentication is used for subsequent mobility signaling. The MN and HA interaction requires the HA to still interact with the AAA server. In the split scenario [RFC 5026], the entire bootstrapping procedure is between the MN, HA, and AAA server.

2.2.2 PMIP Key Establishment and Entity Authentication

For PMIP [ proxymip6] specifies that IKEv2 should be used to setup security associationsbetween the mobile access gateway and the local mobility anchor toprotect the Proxy Binding Update and Proxy Binding Acknowledgementmessages. The MAG and LMA can use any of the authentication mechanisms, as specified in IKEv2,for mutual authentication.

For PMIP using an AAA infrastructure [dime-pmip6]specifies an interaction with the AAA server similar to the MIPv6 integrated scenario.

4. REFERENCES

[bootstrapping-integrated]

K. Chowdhury, Ed., MIP6-bootstrapping for the Integrated

Scenario, draft-ietf-mip6-bootstrapping-integrated-05.txt,

June 2007

[bu-attack]T.Aura and J. Arkko, MIPv6 BU Attacks and Defenses,

draft-aura-mipv6-bu-attack-01.txt, February 2002

[dime-pmip6]J. Korhonen et al., Diameter Proxy Mobile IPv6: Support for

Mobility Access Gateway and Local Mobility Anchor to

Diameter Server Interaction, draft-korhonen-dime-pmip6-03.txt

February 2008

[eap-ikev2]H. Tschofenig et al., EAP-IKEv2 Method, draft-tschofenig-

eap-ikev2-15.txt, September 2007

[mip4-proxy-mode]K. Leung et al., WiMAX Forum/3GPP2 Proxy Mobile IPv4,

draft-leung-mip4-proxy-mode-07.txt, February 2008

[netlmm-mip-interactions]

G. Giaretta, Ed., Interactions between PMIPv6 and MIPv6:

scenarios and related issues, draft-giaretta-netlmm-mip-

interactions-02.txt, November 2007

[proxymip6]D. Gundavelli, Ed., Proxy Mobile IPv6, draft-ietf-netlmm-

proxymip6-11.txt, February 2008

[RFC 2865]C. Rigney et al., Remote dial-in user service (RADIUS),

RFC 2865, June 2000

[RFC 3344]C. Perkins, Ed., IP Mobility Support for IPv4, RFC 3344,

August 2002

[RFC 3588]P. Calhoun et al., Diameter in use, RFC 3588, September 2003

[RFC 3748]B. Aboba et al., Extensible Authentication Protocol (EAP),

RFC 3748, June 2004

[RFC 3775]D. Johnson et al., Mobility Support in IPv6, RFC 3775,

June 2004

[RFC 3776]J. Arkko et al., Using IPsec to Protect Mobile IPv6 Signalling

Between Mobile Nodes and Home Agents, RFC 3776,

June 2004

[RFC 4285]A. Patel et al., Authentication Protocol for Mobile IPv6,

RFC 4385 January 2006

[RFC 4301]S. Kent and K. Seo, Security Architecture for the Internet Protocol, RFC 4301, December, 2005

[RFC 4303]S. Kent, IP Encapsulating Security Payload (ESP), RFC 4303 December 2005

[RFC 4382]C. Vogt and J. Kempf, Security Threats to Network-Based

Localized Mobility Management (NETLMM), RFC 4382,

April, 2007

[RFC 4640]A. Patel et al., Problem Statement for bootstrapping Mobile

IPv6, RFC 4640, September 2006

[RFC 4877]V. Devarapalli and F. Dupont, Movile IPv6 Operation with IKEv2 and the Revised IPsec Architecture, RFC 4877, April 2007

[RFC 5026]G. Giaretta, Ed., Mobile IPv6 Bootstrapping in Split Scenario,

October 2007