ip mobility ip mobility
play

IP Mobility: IP Mobility: Threat Models and Security Requirements - PowerPoint PPT Presentation

Nov 01, 2022 •43 likes •413 views

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security Requirements Vidya Narayanan (vidyan@qualcomm.com vidyan@qualcomm.com) ) Vidya Narayanan ( Lakshminath Dondeti (ldondeti@qualcomm.com

  1. IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security Requirements Vidya Narayanan (vidyan@qualcomm.com vidyan@qualcomm.com) ) Vidya Narayanan ( Lakshminath Dondeti (ldondeti@qualcomm.com ldondeti@qualcomm.com) ) Lakshminath Dondeti (

  2. Outline Outline Introduction and Goals Introduction and Goals Typical network architecture Typical network architecture Assets Assets Internet Threat Model – – A Recap A Recap Internet Threat Model Routing and IP Mobility Routing and IP Mobility Security analysis of IP mobility protocols Security analysis of IP mobility protocols Security Requirements Security Requirements Security Models Security Models IETF- -67 INT Area 67 INT Area 2 2 IETF

  3. Introduction and Goals Introduction and Goals IP Mobility handles changes to the IP point of presence IP Mobility handles changes to the IP point of presence (PoP) (PoP) – Forwards packets meant for an Forwards packets meant for an “ “anchor anchor” ” IP address to a IP address to a – “transient transient” ” IP address IP address “ – Several models (global, local, host Several models (global, local, host- -based, network based, network- -based) based) – Aid analysis of threat models for IP mobility protocols Aid analysis of threat models for IP mobility protocols Remove the guesswork in threats Remove the guesswork in threats Provide high level security requirements for IP mobility Provide high level security requirements for IP mobility protocols protocols Allow evaluation of a security solution Allow evaluation of a security solution IETF- -67 INT Area 67 INT Area 3 3 IETF

  4. Overall Mobility Architecture Overall Mobility Architecture CN 1 Internet AAAH MA CN 3 CA Local Home Network Network AAAL CN 2 MA CA AR AR L3 Mobility Management Entity L2 PoP1 L2 PoP2 L2 PoP3 L2 PoP4 L2 Mobility Management Entity Security Infrastructure Entity MN Correspondent Entity IETF- -67 INT Area 67 INT Area 4 4 IETF

  5. Definitions Definitions Mobility Agent Mobility Agent – Entity maintaining state on location of mobile nodes Entity maintaining state on location of mobile nodes – E.g., MIP HA, FMIP pAR, HMIP MAP, NETLMM LMA, MIP RO- -enabled CN enabled CN E.g., MIP HA, FMIP pAR, HMIP MAP, NETLMM LMA, MIP RO Mobility Facilitators Mobility Facilitators – Other entities that facilitate IP mobility Other entities that facilitate IP mobility – E.g., NETLMM MAG, MIP4 FA, HMIP AR E.g., NETLMM MAG, MIP4 FA, HMIP AR – It is plausible for these to fail/be compromised without denial It is plausible for these to fail/be compromised without denial of service of service – Mobility Provider Mobility Provider – Mobility Agent or Mobility Facilitator Mobility Agent or Mobility Facilitator – Mobility Recipient Mobility Recipient – Entity receiving the IP mobility service Entity receiving the IP mobility service – – Mobile node is the recipient – Mobile node is the recipient IETF- -67 INT Area 67 INT Area 5 5 IETF

  6. Assets Assets Critical Assets Critical Assets – Failure/compromise of these assets leads to failed mobility sess Failure/compromise of these assets leads to failed mobility sessions ions – Mobile Node Mobile Node Mobility Agent Mobility Agent Security Infrastructure Entities Security Infrastructure Entities Non- -critical Assets critical Assets Non – The mobility session can continue despite failure/compromise of The mobility session can continue despite failure/compromise of these these – assets assets Network infrastructure, including links Network infrastructure, including links Mobility facilitators (e.g., ARs, routers) Mobility facilitators (e.g., ARs, routers) Other Assets Other Assets – Correspondent Nodes Correspondent Nodes – – Other nodes (mobile or fixed) attaching to the mobility domain Other nodes (mobile or fixed) attaching to the mobility domain – Not all assets are applicable for all mobility models Not all assets are applicable for all mobility models IETF- -67 INT Area 67 INT Area 6 6 IETF

  7. The Internet Threat Model – – A Recap A Recap The Internet Threat Model Assumption 1: Critical assets are not compromised Assumption 1: Critical assets are not compromised Assumption 2: The attacker has full control of the communication Assumption 2: The attacker has full control of the communication channel channel – Attacker can read, inject, remove, modify any packets without de Attacker can read, inject, remove, modify any packets without detection tection – Types of attacks Types of attacks – – Passive attacks Passive attacks – Active attacks Active attacks – – Off Off- -path Attacks path Attacks – – On – On- -path Attacks path Attacks Superset of Off Superset of Off- -path attacks path attacks Reference: RFC3552 Reference: RFC3552 Are all these assumptions and/or attacks applicable to IP mobility ty Are all these assumptions and/or attacks applicable to IP mobili protocols? protocols? Are there other assumptions and/or attacks that are applicable to IP o IP Are there other assumptions and/or attacks that are applicable t mobility protocols? mobility protocols? IETF- -67 INT Area 67 INT Area 7 7 IETF

  8. Routing and Byzantine Failures Routing and Byzantine Failures A network can function in the presence of Byzantine failures A network can function in the presence of Byzantine failures – Entities lying about routing or other information selectively, w Entities lying about routing or other information selectively, while hile – appearing to function correctly (due to compromise, mis appearing to function correctly (due to compromise, mis- -configuration) configuration) As long as there is a non- -faulty path between nodes A and B, they faulty path between nodes A and B, they As long as there is a non can communicate can communicate – Even if the adversary sends bogus and disparate information to Even if the adversary sends bogus and disparate information to – legitimate infrastructure entities, e.g., routers legitimate infrastructure entities, e.g., routers B A IETF- -67 INT Area 67 INT Area 8 8 IETF

  9. Mobility and Failure of Non- -critical Nodes critical Nodes Mobility and Failure of Non Mobility signaling is possible even if one a few non- -critical assets fail critical assets fail Mobility signaling is possible even if one a few non in an adversarial fashion in an adversarial fashion Mobility facilitators may fail in a Byzantine fashion, yet MNs can and an and Mobility facilitators may fail in a Byzantine fashion, yet MNs c should be able to get service should be able to get service MA AR C AR MN MN IETF- -67 INT Area 67 INT Area 9 9 IETF

  10. Don’ ’t Mess With Routing! t Mess With Routing! Don A protocol among a given set of entities must not A protocol among a given set of entities must not impact routing for unrelated entities impact routing for unrelated entities – – D’ D ’s malicious use of a protocol between C and D MUST not s malicious use of a protocol between C and D MUST not impact communication between A and B impact communication between A and B B C A D IETF- -67 INT Area 67 INT Area 10 10 IETF

  11. Outline Outline Introduction and Goals Introduction and Goals Introduction and Goals Defining IP Mobility Defining IP Mobility Defining IP Mobility IP Mobility Models IP Mobility Models IP Mobility Models Typical network architecture Typical network architecture Typical network architecture Assets Assets Assets Internet Threat Model – A Recap Internet Threat Model – – A Recap A Recap Internet Threat Model Routing and IP Mobility Routing and IP Mobility Routing and IP Mobility Security analysis of IP mobility protocols Security analysis of IP mobility protocols – Threats to IP mobility – Threats to IP mobility “ “providers providers” ” – – Threats to IP mobility Threats to IP mobility “ “recipients recipients” ” – Off Off- -path vs. on path vs. on- -path attacks path attacks – – Threats enabled by mobility protocols Threats enabled by mobility protocols – Security Requirements Security Requirements Security Requirements Security Models Security Models Security Models IETF- -67 INT Area 67 INT Area 11 11 IETF

  12. Threats to IP Mobility Provider Threats to IP Mobility Provider Provider’ ’s interests s interests Provider – Ensuring that only authorized entities obtain the service Ensuring that only authorized entities obtain the service – Ensuring that service is provided as intended Ensuring that service is provided as intended – Only entities served by the provider are able to create state at Only entities served by the provider are able to create state at – the mobility agent the mobility agent Threats to mobility “ “agents agents” ” Threats to mobility – Creation of state by unauthorized nodes Creation of state by unauthorized nodes – – Creation of incorrect state for valid nodes Creation of incorrect state for valid nodes – Threats to mobility “ “facilitators facilitators” ” Threats to mobility – Creation of spurious state at the facilitator Creation of spurious state at the facilitator – – Use of facilitator to disrupt IP mobility – Use of facilitator to disrupt IP mobility IETF- -67 INT Area 67 INT Area 12 12 IETF

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY Planning for Mobility in

MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY Planning for Mobility in

MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY Planning for Mobility in Hillsborough County Tuesday, November 28 th , 2006 Lutz Community Center MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY MOBILITY CHOICE STUDY Agenda I.

349 views • 18 slides
THE (NEAR) FUTURE OF MOBILITY Choice as the paradigm of innovative mobility, Integration

THE (NEAR) FUTURE OF MOBILITY Choice as the paradigm of innovative mobility, Integration

THE (NEAR) FUTURE OF MOBILITY Choice as the paradigm of innovative mobility, Integration between static volumes and dynamic fmows Repubblica di San Marino Smart Mobility Forum 2017 Arch. Federico Cassani A B O U T U S MIC | Mobility in

236 views • 22 slides
Insero E-Mobility o t d to Driving the e-mobility industry forward r d r: e r k r n

Insero E-Mobility o t d to Driving the e-mobility industry forward r d r: e r k r n

Insero E-Mobility o t d to Driving the e-mobility industry forward r d r: e r k r n OK r The future is e-mobility Insero E-Mobility is an international hotspot for business and project development in e-mobility We are a

566 views • 15 slides
THE FUTURE OF SUSTAINABLE MOBILITY. LEADING (E)-MOBILITY INTO A NEW ERA. THE FUTURE OF MOBILITY.

THE FUTURE OF SUSTAINABLE MOBILITY. LEADING (E)-MOBILITY INTO A NEW ERA. THE FUTURE OF MOBILITY.

Manuel Sattig, BMW i THE FUTURE OF SUSTAINABLE MOBILITY. LEADING (E)-MOBILITY INTO A NEW ERA. THE FUTURE OF MOBILITY. Urbanisation Politics and Regulations Environment By 2030, over 60 % of world population CO2 - and fleet regulations,

367 views • 18 slides
E-Mobility Strategy for Alpiq E-Mobility Strategy, 09.08.2017 Confidential p. 1 Why did Alpiq

E-Mobility Strategy for Alpiq E-Mobility Strategy, 09.08.2017 Confidential p. 1 Why did Alpiq

Energy for Transportation Experiences and challenges for E-Mobility Marcel Morf; 15 Sept. 2017 E-Mobility Strategy for Alpiq E-Mobility Strategy, 09.08.2017 Confidential p. 1 Why did Alpiq go into the E-Mobility business? ALPIQ E-Mobility

288 views • 7 slides
DAY 2 MOBILITY MOBILITY SERVICES, MANAGED On Day 1 you signed a new carrier agreement, now what?

DAY 2 MOBILITY MOBILITY SERVICES, MANAGED On Day 1 you signed a new carrier agreement, now what?

DAY 2 MOBILITY MOBILITY SERVICES, MANAGED On Day 1 you signed a new carrier agreement, now what? Day 2 Mobility transforms the management of your mobile devices by offering a fully Managed Mobility Service solution. Our integrated mobile asset

646 views • 27 slides
Mobility disability & Healthy aging Mobility disorders / disabilities o Definitions o

Mobility disability & Healthy aging Mobility disorders / disabilities o Definitions o

Promoting healthy ageing among people who already have mobility disabilities I dont have any conflict of interest in relation with the topic of my today lecture Mobility disability & Healthy aging Mobility disorders /

463 views • 25 slides
BMW GROUP MOBILITY SERVICES. SHAPING URBAN MOBILITY - TOGETHER. Viola Spengler Mobility Services

BMW GROUP MOBILITY SERVICES. SHAPING URBAN MOBILITY - TOGETHER. Viola Spengler Mobility Services

BMW GROUP MOBILITY SERVICES. SHAPING URBAN MOBILITY - TOGETHER. Viola Spengler Mobility Services NUMBER ONE > NEXT VISION. VISION We are Number ONE. We inspire people on the move: We shape tomorrows individual premium mobility. BMW

296 views • 16 slides
Contents Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs

Contents Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs

Contents Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs Refining mobility activities Refining mobility in sequence diagrams A semantic approach to refinement: Mobile TLA Lecture 3: Property-driven

279 views • 14 slides
THE GLOBAL MOBILITY OPPORTUNITY April 2019 Bob Lafon Global Director of Mobility WHAT IS

THE GLOBAL MOBILITY OPPORTUNITY April 2019 Bob Lafon Global Director of Mobility WHAT IS

THE GLOBAL MOBILITY OPPORTUNITY April 2019 Bob Lafon Global Director of Mobility WHAT IS MOBILITY? Buy Back or Trade Repair MOBILITY: Refurbishment Certified Pre-Owned (CPO) sales 3 SMARTPHONE REMARKETING REASONS Trade

406 views • 12 slides
Promoting Functional Mobility Independence and Activity in Mobility Older Adults Activity

Promoting Functional Mobility Independence and Activity in Mobility Older Adults Activity

Promoting Functional Mobility Independence and Activity in Mobility Older Adults Activity Function Falls Individual Anna H. Chodos, MD, MPH Assistant Professor Function Activity Division of Geriatrics UCSF Mobility Mobility is

453 views • 18 slides
EU strategy on (e)-mobility e-MOTICON 26/03/2019 Mobility and Transport 2017-2018 Mobility

EU strategy on (e)-mobility e-MOTICON 26/03/2019 Mobility and Transport 2017-2018 Mobility

EU strategy on (e)-mobility e-MOTICON 26/03/2019 Mobility and Transport 2017-2018 Mobility Packages: an integrated approach to transport decarbonisation Mobility and Transport New emission performance standards CO2 emission standards for

464 views • 9 slides
MOBILITY: A NEW ERA FOR THE INDUSTRY A NEW ERA FOR MOBILITY BASED ON SEMICONDUCTOR TECHNOLOGY !

MOBILITY: A NEW ERA FOR THE INDUSTRY A NEW ERA FOR MOBILITY BASED ON SEMICONDUCTOR TECHNOLOGY !

MOBILITY: A NEW ERA FOR THE INDUSTRY A NEW ERA FOR MOBILITY BASED ON SEMICONDUCTOR TECHNOLOGY ! 80% of all core innovation Infrastructures Electrification Electronics: 50% of vehicle production cost in 2030 (30% in 2015)

187 views • 8 slides
in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

Open Charging Cloud Security and Privacy in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network Architecture e-Mobility Energy Provider 1 Provider Charging (Mobile) Station Charging Internet

563 views • 39 slides
On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian,

On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian,

On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian, Ibrahim Matta, Joseph Akinwumi Computer Science Boston University I. Matta 1 Mobility = Dynamic Multihoming Mobility Dynamic Multihoming Hosts

404 views • 24 slides
MOBILITY UPDATE N O RT H W E S T A U S T I N C O A L I T I O N F E B R U A RY 2 5 , 2 0 1 9

MOBILITY UPDATE N O RT H W E S T A U S T I N C O A L I T I O N F E B R U A RY 2 5 , 2 0 1 9

MOBILITY UPDATE N O RT H W E S T A U S T I N C O A L I T I O N F E B R U A RY 2 5 , 2 0 1 9 1 REGIONAL MOBILITY PROJECT UPDATES 2 ANDERSON MILL ROAD Final preliminary engineering report completed Sept. 2018 90% design by March

156 views • 14 slides
Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of Genoa 1 Before starting . Take you time to answer these question, w.r.t. your everyday use of smartphones and tablets: 1. How long do you

952 views • 61 slides
PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet

PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet

PL-LAB: Polish initiative to develop laboratory infrastructure for testing Future Internet solutions J. Sliwinski, J. Mongay Batalla (National Institute of Telecommunication) W.Burakowski, A.Beben, H.Tarasiuk (Warsaw University of Technology)

641 views • 27 slides
Charity Tax Group (CTG) Charity Members Virtual Meeting 22 September 2020 @CharityTaxGroup

Charity Tax Group (CTG) Charity Members Virtual Meeting 22 September 2020 @CharityTaxGroup

Charity Tax Group (CTG) Charity Members Virtual Meeting 22 September 2020 @CharityTaxGroup #charitytax The voice of charities on Tax VAT updates CTG research project to quantify the value of VAT reliefs for charities VAT implications of

235 views • 19 slides
Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by

Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by

HPC Meets Cloud: Opportunities and Challenges in Designing High-Performance MPI and Big Data Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by Dhabaleswar K. (DK) Panda The Ohio State University E-mail:

1k views • 70 slides
Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 31, 2011 Todays Lecture Applying crypto technology in

695 views • 51 slides
Source Framework for Io IoT Greg Zaverucha Microsoft Real World Cryptography Conference 2016

Source Framework for Io IoT Greg Zaverucha Microsoft Real World Cryptography Conference 2016

Cry ryptography in in AllJ llJoyn, an Open Source Framework for Io IoT Greg Zaverucha Microsoft Real World Cryptography Conference 2016 Internet of Things Things are devices that have one or more sensors/functions and network connectivity

937 views • 32 slides
Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense e Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell Presented by Surya Mani Content u Motivation u Related Work u

262 views • 23 slides
Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

CS 563 - Advanced Computer Security: Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss two recent studies that use measurement methods

925 views • 54 slides

More recommend