Professional Documents
Culture Documents
Computer Networks
Lecture 4
Mobile IP
Lecturer
Dr. Seyed Reza Kamel
Why Mobile Computing?
Seamless, ubiquitous network access for mobile
hosts
◦ Laptop computers
◦ PDAs
◦ Electronic books
Why Mobile IP?
Router
Home Agent (HA)
To MN Home
Address
To MN Care-of
Address
Entities in Mobile IP
Mobile Node (MN) - A Node moving to different network, with permanent Home Address.
Home Agent (HA) - A router on a mobile node's home network which tunnels datagrams for delivery to the
mobile node when it is away from home, and maintains current location information for the mobile node.
Home Address - The static fixed IP Address allocated to a mobile node by Home Agent.
Home Network - A network, having a network prefix/network id.matching that of a mobile node's home
address
Foriegn Network - A network other than a Mobile node’s home network.
Foreign Agent - Router in foreign network that provides CoA and tunneling with HA and forward the
packets to MN.
Care-of Address - Termination point of a tunnel toward a MN in the foreign netwrok.
Mobility Binding - The association of a home address with a care-of address (CoA).
Correspondent Node (CN) - A peer node with which a Mobile node is communicating.
How Mobile IP works ?
Registration
1. Registration Request by MN to FA FA
HA
MN
Mobility Binding Table
How Mobile IP works ?
Registration
1. Registration Request by MN to FA FA
2
1
HA
MN
Mobility Binding Table
How Mobile IP works ?
Registration
1. Registration Request by MN to FA FA
2
3. HA sends Registration reply to FA 1
3
HA
MN
Mobility Binding Table
How Mobile IP works ?
Registration
1. Registration Request by MN to FA FA
2
3. HA sends Registration reply to FA 1
4 3
4. FA Relays Registration reply to MN
HA
MN
Mobility Binding Table
IP-in-IP Tunneling
Packet to be forwarded is encapsulated
in a new IP packet
In the new header:
◦ Destination = care-of-address
◦ Source = address of home agent
◦ Protocol number = IP-in-IP
IP header IP header
data IP header
data
At the Other End...
Depending on type of care-of address:
◦ Foreign agent or
◦ Mobile host
… strips outer IP header of tunneled
packet, which is then fed to the mobile
host
Challenges! Aside: Any thoughts on
advantages of foreign agent vs. co-located
(foreign IP) address?
Tunneling in Mobile IP
CN sends packets to HA
Correspondent node (CN)
HA tunnels the
Packet and sends to FA
MN moves to FA Foreign Agent(FA)
FA extracts original
Packet and sends to the MN
Source &
Destination
Addresses are from
the same network
HA
MN
Problems facing Mobile IP
Registration
1. Registration Request by MN to FA FA
2
1
HA
MN
Problems facing Mobile IP
Registration
1. Registration Request by MN to FA FA
2
3. HA Rejects the registration 1
?
HA
Possible Solutions: Reject… MN
• Introduces New Agent
• FA starts Broadcast search for New Agent
Problems facing Mobile IP
Challenges: Security Issues
There are many ….
????
Hehehehe!!
registration request
Madame Evil
home agent
Authentication
Tofix this problem, authenticate
registration attempts
◦ Use private key encryption to generate
a message digest
◦ Home agent applies private key to
message to see if message digest is
identical
Authentication, Cont.
private key
… care-of address…
digest
???
home agent
Replay Attacks!
home agent
"…mooohahahahahahahaha!!!!!"
Avoiding Replay Attacks
Avoid replay attacks by making registration
requests un-replayable
◦ Add estimate of local time or a pseudo-random
number to registration request/reply
◦ If time estimate or random number is not the
expected number, provide info in "NO!" reply for
resynchronization
◦ Insufficient information to help malicious host
Security in Mobile IP - Solutions
Authentication can be performed by all parties
◦ Only authentication between MN and HA is required
◦ Authenticity and Integrity of Registration messages using
Authentication (e.g. HMAC-MD5)
Replay protection
◦ Timestamps are mandatory
◦ Random numbers on request reply packets are optional
◦ Sending messages using sequence number
IPSec Tunnel
Remote AAA
Broker AAA
Home AAA
Registration Request
Registration Response
Mobile node (MN)
Security in Mobile IP (Cont.)
Remote AAA
Broker AAA
2
Home AAA
1
Home Agent (HA)
Registration Request
Registration Response
Mobile node (MN)
Security in Mobile IP (Cont.)
1
Home Agent (HA)
Registration Request
Registration Response
Mobile node (MN)
Security in Mobile IP (Cont.)
5
Remote Agent (RA)
1
Home Agent (HA)
Registration Request
Registration Response
Mobile node (MN)
Security in Mobile IP (Cont.)
5 6
Remote Agent (RA)
1
Home Agent (HA)
Registration Request
Registration Response
Mobile node (MN)
Security in Mobile IP (Cont.)
5 6
Remote Agent (RA)
1 10
Home Agent (HA)
Registration Request
Registration Response
Mobile node (MN)
Problems with Mobile IP
Other Challenges!
How does the mobile host get a remote
IP?
◦ Router advertisements, DHCP, manual...
How can a mobile host tell where it is?
◦ Am I at home?
◦ Am I visiting a foreign network?
◦ Have I moved?
◦ What if I'm in two places at once?
Problems with Mobile IP
Other Challenges!
Single HA model is fragile
◦ Possible solution – have multiple HA
Frequent reports to HA if MN is moving
◦ Possible solution – support of FA clustering
Security
◦ Connection hijacking, snooping…
Many other open research questions
Conclusions...
Great potential for mobile application deployment
using Mobile IP
Minimizes impact on existing Internet infrastructure
Security issues being looked at
(Complicated) firewall solutions proposed
Several working implementations (e.g., Monarch
project at CMU)
Some things still need work: e.g., integration of
Mobile IP and 802.11 wireless LANs
Lots of research to do on mobile computing!