Mobile IP Version 6 Route Optimization Security Design Background
RFC 4225
Document | Type | RFC - Informational (December 2005; No errata) | |
---|---|---|---|
Authors | Tuomas Aura , Erik Nordmark , Gabriel Montenegro , Jari Arkko , Pekka Nikander | ||
Last updated | 2018-12-20 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4225 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | gab@sun.com, erik.nordmark@sun.com, tuomaura@microsoft.com |
Network Working Group P. Nikander Request for Comments: 4225 J. Arkko Category: Informational Ericsson Research NomadicLab T. Aura Microsoft Research G. Montenegro Microsoft Corporation E. Nordmark Sun Microsystems December 2005 Mobile IP Version 6 Route Optimization Security Design Background Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document is an account of the rationale behind the Mobile IPv6 (MIPv6) Route Optimization security design. The purpose of this document is to present the thinking and to preserve the reasoning behind the Mobile IPv6 security design in 2001 - 2002. The document has two target audiences: (1) helping MIPv6 implementors to better understand the design choices in MIPv6 security procedures, and (2) allowing people dealing with mobility or multi-homing to avoid a number of potential security pitfalls in their designs. Nikander, et al. Informational [Page 1] RFC 4225 Mobile IPv6 RO Security Design December 2005 Table of Contents 1. Introduction ....................................................3 1.1. Assumptions about the Existing IP Infrastructure ...........4 1.2. The Mobility Problem and the Mobile IPv6 Solution ..........6 1.3. Design Principles and Goals ................................8 1.3.1. End-to-End Principle ..................................8 1.3.2. Trust Assumptions .....................................8 1.3.3. Protection Level ......................................8 1.4. About Mobile IPv6 Mobility and its Variations ..............9 2. Avenues of Attack ...............................................9 2.1. Target ....................................................10 2.2. Timing ....................................................10 2.3. Location ..................................................11 3. Threats and Limitations ........................................11 3.1. Attacks Against Address 'Owners' ("Address Stealing").. ...12 3.1.1. Basic Address Stealing ...............................12 3.1.2. Stealing Addresses of Stationary Nodes ...............13 3.1.3. Future Address Sealing ...............................14 3.1.4. Attacks against Secrecy and Integrity ................15 3.1.5. Basic Denial-of-Service Attacks ......................16 3.1.6. Replaying and Blocking Binding Updates ...............16 3.2. Attacks Against Other Nodes and Networks (Flooding) .......16 3.2.1. Basic Flooding .......................................17 3.2.2. Return-to-Home Flooding ..............................18 3.3. Attacks against Binding Update Protocols ..................18 3.3.1. Inducing Unnecessary Binding Updates .................19 3.3.2. Forcing Non-Optimized Routing ........................20 3.3.3. Reflection and Amplification .........................21 3.4. Classification of Attacks .................................22 3.5. Problems with Infrastructure-Based Authorization ..........23 4. Solution Selected for Mobile IPv6 ..............................24 4.1. Return Routability ........................................24 4.1.1. Home Address Check ...................................26 4.1.2. Care-of-Address Check ................................27 4.1.3. Forming the First Binding Update .....................27 4.2. Creating State Safely .....................................28 4.2.1. Retransmissions and State Machine ....................29 4.3. Quick expiration of the Binding Cache Entries .............29 5. Security Considerations ........................................30 5.1. Residual Threats as Compared to IPv4 ......................31 5.2. Interaction with IPsec ....................................31 5.3. Pretending to Be One's Neighbor ...........................32 5.4. Two Mobile Nodes Talking to Each Other ....................33 6. Conclusions ....................................................33 7. Acknowledgements ...............................................34Show full document text