Practical Considerations for Securely Deploying Mobility Will Ivancic

Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216) 433 -3494 wivancic@grc. nasa. gov

Network Design Triangle SYZYGY Engineering Maturity Policy Protocols Architecture Mobility Security Qo. S $$$

Design Issues • Host and/or Network Mobility • Security Policy – Corporate and/or Individual • Scalability • Handoff Speed • Intranet or Internet – Own and/or Shared Infrastructure • May be an issue even within you own Organization – Crossing Autonomous Systems • Multi-Homing – Multiple Radio Links – Varying Multi-homed link characteristics (e. g Wi. Fi, Satellite, GPRS, Low-Rate VHF) 3

Mobile Networking Solutions • Routing Protocols – Route Optimization – Convergence Time – Sharing Infrastructure – who owns the network? • Mobile-IP – – Route Optimization Convergence Time Sharing Infrastructure Security – Relatively Easy to Secure • Domain Name Servers – Route Optimization – Convergence Time – Reliability 4

Mobility at What Layer? SYZYGY Engineering • Layer-2 (Radio Link) – Fast and Efficient – Proven Technology within the same infrastructure • Cellular Technology Handoffs • Wi. Fi handoffs • Layer-3 (Network Layer) – Slower Handover between varying networks – Layer-3 IP address provides identity – Security Issues • Need to maintain address • Layer-4 (Transport Layer) – Research Area – Identity not tied to layer-3 IP address – Proposed Solutions • HIP – Host Identity Protocol • SCTP – Stream Control Transport Protocol 5 © 2004 Syzygy Engineering – Will Ivancic

Location Identifier I am in Paris France HQ Keeps Track of Alice. SYZYGY Engineering Hello Bob, I am in Cleveland, Ohio Binding Updates What is the Alice Weather like in Registration Where is Alice’s (Mobile Node) Cleveland? Location Manager? Internet Alice (Mobile Node) Hello Alice Bob (Corresponding Node) © 2004 Syzygy Engineering – Will Ivancic Headquarters (Location Manager) 6

IPv 4 “Real World” Operation CN US Coast Guard Operational Network (Private Address Space) US Coast Guard Mobile Network Public Internet FA MR P R O X y HA Proxy had not originated the Glenn Research Center request; therefore, the. Policy: USCG Requires 3 DES encryption. No UDP, IPSec, etc… response is. Egress squelched. Ingress or. No Filtering stops WEP is notstopped acceptable due to Mobile-IP its tracks. Peer-to-peer networking Transmission due tointopologically known deficiencies. What’s your policy? becomes problematic at best. Incorrect source address. IPv 6 Corrects this problem. 7

Current Solution – Reverse Tunneling CN Adds Overhead and kills route optimization. US Coast Guard Mobile Network US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y HA NAT Must Run NAT MR Transversal Using UDP Tunnels FA Anticipate similar problems for IPv 6. 8

Shared Network Infrastructure MR MR Canadian Coast Guard FA ACME Shipping FA HA Public Internet MR HA US Coast Guard M R US Navy Encrypting wireless links HA makes it very difficult to ACME share infrastructure. SHIPPING HA This is a policy issue. 9

Basic Mobile Network Support for IPv 6 Mobile Network Binding Nodes Update Mobile Network P Access Router U k n i L x Access Router Note, Mobile Network allows for single Binding Update. Other Mobility Solutions may Oversubscribe link during Binding updates. Internet or Intranet Bidirectional Tunnel Corresponding Node Home Agent 10

Mobile Security The Next (Current) Research / Deployment Area

Behind Router – Strategic SYZYGY Engineering Mobile Network Address Changes with Mobility HA-MR Tunnel IPE-2 M Mobile Router Roaming Interface HA-FA Tunnel Internet Home Agent Foreign Agent Address can Be Fixed IPE-IPE Secure Tunnel Home Network Source – Western Data. Com IPE-2 M 12

In-Front of Router – Tactical SYZYGY Engineering Mobile Network Mobile Router Address Changes with Mobility IPE-2 M Roaming Interface Secure WAN HA-MR Tunnel IPE-IPE Secure Tunnel IPE-2 M HA-FA Tunnel Internet Foreign Agent Home Network Source – Western Data. Com 13

Mobile IPSec ? SYZYGY Engineering Intranet Address Changes with Mobility Mobile IPSec Device Internet Partially Being Addressed • MOBIKE Mobile IPSec Device Intranet Secure Tunnel • HIP • Certificate Based Identity? • Others? 14 © 2004 Syzygy Engineering – Will Ivancic

IPv 6 Ad Hoc Networking Challenges SYZYGY Engineering • Denial of Service – Duplicate Address Detection (DAD) Do. S, Uncooperative Router, etc… – Neighbor Discovery trust and threats • Network Discovery – Reachback, DNS, Key Manager • Security – – IPSec / HAIPES tunnel end-points Security Policies in a dynamic environment Is layer-2 encryption sufficient security? Insecure routing • Attackers may inject erroneous routing information to divert network traffic, or make routing inefficient • Key Management – Lack of key distribution mechanism – Hard to guarantee access to any particular node (e. g. obtain a secret key) 15 © 2004 Syzygy Engineering – Will Ivancic

IPv 6 Ad Hoc Networking Challenges SYZYGY Engineering • Duplicate Address Discovery – Not suitable for multi-hop ad hoc networks that have dynamic network topology – Need to address situation where two MANET partitions merge • Radio Technology – Layer-2 media access often incompatible with layer-3 MANET routing protocol • Battery exhaustion threat – A malicious node may interact with a mobile node very often trying to drain the mobile node’s battery • Testing of Applications • Integrating MANET into the Internet 16 © 2004 Syzygy Engineering – Will Ivancic