Introduction to Mobile IP

Golden G. Richard III, Ph.D. University of New Orleans
(With thanks to Sumi Helal @ U of F)

2

For More Information...
 Mobile IP: The Internet Unplugged, by James D.

Solomon, Prentice Hall.  "Mobility Support in IPv6," C. Perkins and D. Johnson, Proceedings of the Second Annual International Conference on Mobile Computing and Networking (MobiCom '96).  "Supporting Mobility in MosquitoNet," M. Baker et al, Proceedings of the 1996 USENIX Technical Conference.  "Mobile Networking Through Mobile IP," C. Perkins, http://www.computer.org/internet/v2n1/perkins.htm

3 Mobile Computing: Why?  Dream: Seamless. ubiquitous network access for mobile hosts – Laptop computers – PDAs – Electronic books  Impacts: – Tourism (electronic tour guides) – Field research – Collaborative applications – Lots more  Computing in your garden!! .

 Must be compatible with large installed base of IPv4 networks/hosts  Confine changes to mobile hosts and a few support hosts which enable mobility . etc.4 Why Mobile IP?  Need a protocol which allows network connectivity across host movement  Protocol to enable mobility must not require massive changes to router software.

5 Talk Overview  Will cover: – Why IP routing breaks under mobility – Mobile IPv4 basics – Some Mobile IP security issues  Won't cover: – Details of IP routing – IPv6 in detail – Low-level protocol details (message formats. headers.) – All of the Mobile IP-related security issues – Any of the other problems with mobile computing! . etc.

"best-effort" packet delivery  Supports UDP and TCP (transport layer protocols)  IP host addresses consist of two parts – network id + host id  By design. immobile – Intermediate routers look only at network address – Mobility without a change in IP address results in un-route-able packets .6 Internet Protocol (IP)  Network layer. IP host address is tied to home network address – Hosts are assumed to be wired.

7 IP Routing Breaks Under Mobility .20.50 .200 router 139.3.2.* Why this hierarchical approach? Answer: Scalability! Millions of network addresses.53 router 137.* .52 .30. billions of hosts! .

8 Mobile IP: Basics  Proposed by IETF (Internet Engineering Task Force) – Standards development body for the Internet  Mobile IP allows a mobile host to move about without changing its permanent IP address  Each mobile host has a home agent on its home network  Mobile host establishes a care-of address when it's away from home .

Cont.  Correspondent host is a host that wants to send packets to the mobile host  Correspondent host sends packets to the mobile host’s IP permanent address  These packets are routed to the mobile host’s home network  Home agent forwards IP packets for mobile host to current care-of address  Mobile host sends packets directly to correspondent.9 Mobile IP: Basics. using permanent home IP as source IP .

Cont.10 Mobile IP: Basics. correspondent host home agent .

. foreign IP address obtained through. e.g.11 Mobile IP: Care-of Addresses  Whenever a mobile host connects to a remote network. DHCP • home agent tunnels packets directly to the temporary IP address  Regardless. two choices: – care-of can be the address of a foreign agent on the remote network • foreign agent delivers packets forwarded from home agent to mobile host – care-of can be a temporary. care-of address must be registered with home agent .

12 IP-in-IP Tunneling  Packet to be forwarded is encapsulated in a new IP packet  In the new header: – Destination = care-of-address – Source = address of home agent – Protocol number = IP-in-IP IP header data IP header IP header data .

which is then fed to the mobile host  Aside: Any thoughts on advantages of foreign agent vs..13 At the Other End..  Depending on type of care-of address: – Foreign agent or – Mobile host  … strips outer IP header of tunneled packet. co-located (foreign IP) address? .

14 Routing Inefficiency Mobile host and correspondent host might even be on the same network!! correspondent host home agent .

– Cached care-of address becomes stale when the mobile host moves – Potential security issues with providing care-of address to correspondent (ask me about this when we talk about security!) ...15 Route Optimizations  Possible Solution: – Home agent sends current care-of address to correspondent host – Correspondent host caches care-of address – Future packets tunneled directly to care-of address  But! – An instance of the cache consistency problem arises.

16 Possible Route Optimization .

manual. DHCP..  How can a mobile host tell where it is? – Am I at home? – Am I visiting a foreign network? – Have I moved? – What if I'm in two places at once? .17 The Devil is in the Details!  How does the mobile host get a remote IP? – Router advertisements..

18 Devil. Cont.  Redundancy: What if the home agent doesn't answer a registration request? – Registration request to broadcast address – Rejection carries new home agent ID  "Ingress" filtering – Routers which see packets coming from a direction from which they would not have routed the source address are dropped .

19 Packets Dropped due to "Ingress" Filtering Correspondent. Packet from mobile host is deemed "topologically incorrect" correspondent host home agent . home agent on same network.

20 Another Devil: Security Issues  We'll look at only one of the "godzillions" of security issues:  Bogus registration (denial of service) attacks – Malicious host sends fake registration messages to home agent "on behalf" of the mobile host – Packets could be forwarded to malicious host or to the bit bucket .

21 Bogus Registration Attack ???? Send packets to me!! Hehehehe!! registration request Madame Evil home agent .

22 Authentication  To fix this problem. authenticate registration attempts  Use private key encryption to generate a message digest  Home agent applies private key to message to see if message digest is identical .

… care-of address… private key digest ??? home agent . Cont.23 Authentication.

24 Ooops. Replay Attacks! home agent "…mooohahahahahahahaha!!!!!" .

provide info in "NO!" reply for resynchronization  Insufficient information to help malicious host .25 Avoiding Replay Attacks  Avoid replay attacks by making registration requests un-replayable  Add estimate of local time or a pseudo-random number to registration request/reply  If time estimate or random number is not the expected number.

g...26 Abrupt Conclusions. integration of Mobile IP and 802. Monarch project at CMU)  Some things still need work: e..11 wireless LANs  Lots of research to do on mobile computing! .g.  Great potential for mobile application deployment using Mobile IP  Minimizes impact on existing Internet infrastructure  Security issues being looked at  (Complicated) firewall solutions proposed  Several working implementations (e..

Sign up to vote on this title
UsefulNot useful