security support in mobile ipv6
DESCRIPTION
Security Support in Mobile IPv6. 김 건 우 [email protected]. 네트워크보안연구부. IPv6 도입 배경 및 특징. IPv6 진화 동기 인터넷 접속 노드 증가에 따른 주소 영역의 확장 필요 0.0.0.0 ~ 126.0.0.0(A 클래스 ) 대부분을 미국이 독식 사용자의 다양한 서비스 욕구 실시간 서비스 , 멀티미디어 서비스 등 보안 및 인증서비스 필요 특징 확장된 Addressing 능력 - PowerPoint PPT PresentationTRANSCRIPT
ETR I Proprietary Network Security Department P.2
IPv6 도입 배경 및 특징▣ IPv6 진화 동기
◈ 인터넷 접속 노드 증가에 따른 주소 영역의 확장 필요 0.0.0.0 ~ 126.0.0.0(A 클래스 ) 대부분을 미국이 독식
◈ 사용자의 다양한 서비스 욕구 실시간 서비스 , 멀티미디어 서비스 등
◈ 보안 및 인증서비스 필요▣ 특징
◈ 확장된 Addressing 능력 Address size : 32bits 128 bits “anycast” 라는 새로운 형태의 address 정의
◈ 헤더 형식의 단순화 및 옵션화◈ QoS 향상 : Flow Labeling 및 Priority◈ Authentication 및 Privacy◈ 향상된 Mobility 지원
ETR I Proprietary Network Security Department P.3
IPv4 Format vs. IPv6 Format▣ 14 fields, at least 20 octets▣ 32-bit addresses▣ fragmented packet processing at
every hop▣ header checksum recalculation at
every hop
VersionVersion HLENHLEN Type of Service
Type of Service Total LengthTotal Length
IdentificationIdentification Flags(3)Flags(3) Fragment OffsetFragment Offset
TTLTTL ProtocolProtocolHeader ChecksumHeader Checksum
Source IP AddressSource IP Address
Destination IP AddressDestination IP Address
VersionVersion PriorityPriorityFlow LabelFlow Label
Payload LengthPayload Length Next HeaderNext Header Hop LimitHop Limit
Source AddressSource Address
Destination AddressDestination Address
▣ 8 fields, fixed 40 octet size▣ 128-bit addresses▣ fragmentation only in src and dst
endpoint, or lower layer▣ no checksums▣ new 20-bit flow label field▣ options in Extension Headers
ETR I Proprietary Network Security Department P.4
Destination Options HeaderDestination Options Header
6060
No Next HeaderNo Next Header
5959
Authentication HeaderAuthentication Header
5151
Encapsulating Security PayloadEncapsulating Security Payload
5050
Fragmentation HeaderFragmentation Header
4444
Routing HeaderRouting Header
4343
Hop-by-hop Options HeaderHop-by-hop Options Header
00
IPv6 확장 헤더▣ 확장 헤더 (IP Extension Header)
◈ 추가적인 정보를 경로에 따라 목적지나 중간 시스템으로 나르거나 IP 데이터그램에 제공하기 위해 사용
◈ IP datagram 의 기본 헤더 다음에 위치
▣ 확장 헤더 순서◈ 중간 라우터가 효율적으로 데이터그램을 처리하기 위해 확장 헤더 순서를
준수 예 ) 0 -> 43 -> 44 ->51 -> 6
ETR I Proprietary Network Security Department P.5
IPv6 주소 체계▣ IPv6 address
◈ 128bits 로 인터페이스들과 인터페이스들의 집합을 지정◈ Subnet Prefix + Interface ID
▣ 주소 유형◈ unicast address
◈ anycast address
◈ multicast address
▣ 표현 방식◈ FEDC : BA98 : 7654 : 3210 : FEDC : BA98 : 7654 : 3210
◈ 1080 : 0 : 0 : 0 : 8 : 800 : 200C : 417A => 1080 : : 8 : 800 : 200C : 417A
◈ 0 : 0 : 0 : 0 : 0 : FFFF : 129.254.12.164 => : : FFFF : 129.254.12.164
ETR I Proprietary Network Security Department P.6
인터넷 정보보호 기술 (IPsec)▣ 보안연계성 (SA) 설정 및 안전한 데이터 전송 보장
InternetInternet
인증기관
보안규칙집행 보안규칙집행
협상
보안터널링
ETR I Proprietary Network Security Department P.7
개요
Physical
Datalink
Network
Transport
Session
Presentation
Application IKE
IPsec(AH, ESP)
IP 계층에서의 다양한 보호서비스 제공
응용계층과 독립적인 네트워크 보안 가능
IPv6(mandatory), IPv4(optional)
IP 계층에서의 다양한 보호서비스 제공
응용계층과 독립적인 네트워크 보안 가능
IPv6(mandatory), IPv4(optional)
목 적목 적
AH & ESP & IKE 를 이용
Access Control
Connectionless Integrity
Data Origin Authentication
Protection against Replays
Confidentiality
Limited Traffic Flow Confidentiality
Access Control
Connectionless Integrity
Data Origin Authentication
Protection against Replays
Confidentiality
Limited Traffic Flow Confidentiality
제공되는 보안서비스제공되는 보안서비스
ETR I Proprietary Network Security Department P.8
IPsec 컴포넌트▣ IPsec 엔진
◈ AH, ESP 구현◈ SP 및 SA 를 통한 헤더 프로세싱◈ 프레그멘테이션 /PMTU 와 같은 네트워크 계층의 이슈 제어
▣ SADB(Security Association Database)◈ 패킷에 적용되는 security 를 결정하는 요소
▣ IKE(Internet Key Exchange)◈ 사용자 레벨의 어플리케이션◈ 새로운 SA 협상 (phase1/phase2)
▣ SPS(Security Policy System)◈ 패킷 액션을 결정 , SA 적용을 위한 selector 제공◈ IKE 협상을 위한 security parameter 제공◈ 도메인 ( 서브 네트워크 ) 간의 security paradigm 결정 및 교환
ETR I Proprietary Network Security Department P.9
IPsec 동작 구조
IPsec Engine
Host Sensor
SPDB
SAD
NetworkInterface
IKEServer
IKEServer
CAServer
KeyManagement
System
telnet ftp mail
Application Programs
SPSSPSSPSTransformTransformTransformLibrary
SecurityManagement
Network
CA/KeyManagement
Network
Auditing
PolicyRequest/
Reply
PolicySetting
AuditingReporting
AuditingPolicy Set/Get
Enc/Dec
SARequest/
Reply
SA Negotiation
set SA
get SA
Certificate
KeyStore/
Recovery
Secure Packetsend/receive
SPSSPSSMS
ETR I Proprietary Network Security Department P.10
Operation Mode
Internet
IPsec Tunnel or TransportData
Host Host
Internet
IPsec Tunnel
Data
Host HostSecure
GatewaySecure
Gateway
Transport mode Tunnel mode
상위계층 데이터에 보안서비스 제공 전체 IP 패킷에 보안서비스 제공
host 에 적용 host 와 secure gateway 에 적용
ETR I Proprietary Network Security Department P.11
Authentication Header(AH)▣ RFC 2402 에 정의▣ 제공되는 서비스
◈ connectionless integrity
◈ data origin authentication for IP datagram
◈ Anti-Replay service
▣ 보호되는 영역◈ IP Header 영역◈ IP 상위 레벨의 data
ETR I Proprietary Network Security Department P.12
AH Format
▣ Next Header(8 bits)
◈ Specify the Next Header Type
▣ Payload Length(8 bits)
◈ Length of AH in 4-byte Unit
▣ RESERVED(16 bits)
◈ Set ot All “Zero”
▣ SPI(32 bits)
◈ Identify the Security Association
◈ 1~255 : Reserved by IANA
▣ Sequence Number(32 bits)
◈ Monotonically Increasing Counter Value
◈ For the Anti-Replay Service
▣ Authentication Data(Variable Size)
◈ ICV of the Packet
Next Header Payload Length RESERVED
Security Parameter Index(SPI)
Sequence Number Field
Authentication Data(variable)
0 7 8 15 16 31
ETR I Proprietary Network Security Department P.13
AH Location(1) – Transport Mode
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
IPv4
Authenticated except for mutable fields
Original IP Header(Any options)
TCP Data
Original IP Header(Any options)
TCP DataAH
Extension Headersif present
ExtHdr(Hop-by-hop,dest,routing, frag.)
Dest.Options
IPv6
Authenticated except for mutable fields
ETR I Proprietary Network Security Department P.14
AH Location(2) – Tunnel Mode
Original IP Header(Any options)
TCP/UDP Data
Original IP Header(Any options)
TCP/UDP DataAH
IPv4
New IP Header(Any options)
Authenticated except for mutable fields in the New IP Header
Original IP Header(Any options)
TCP/UDP Data
Original IP Header(Any options)
TCP/UDP
DataAH
Extension Headersif present
Ext Hdrsif present
IPv6
Ext Hdrsif present
New IP Header(Any options)
Authenticated except for mutable fields in the New IP Header
ETR I Proprietary Network Security Department P.15
Encapsulating Security Payload(ESP)▣ RFC 2406 에 정의▣ 제공되는 서비스
◈ Confidentiality
◈ Data Origin Authentication
◈ Connectionless Integrity
◈ Anti-Replay Service(Option for Receiver)
◈ Limited Traffic Flow Confidentiality
ETR I Proprietary Network Security Department P.16
ESP Header Format
Sequence Number Field
Payload Data(variable)
0 15 16 31Security Parameter Index(SPI)
Pad Length
Authentication Data(variable)
Next Header
Padding(0~255 bytes)
AuthenticationCoverage
ConfidentialityCoverage
▣ SPI(32 bits)
◈ Identify the Security Association
◈ 1~255 : Reserved by IANA
▣ Sequence Number(32 bits)
◈ Monotonically Increasing Counter Value
◈ For the Anti-Replay Service
▣ Padding(for Encryption)
◈ For the Block Cipher
▣ Payload Data(variable size)
◈ Upper Layer Data
◈ IV(Initial Vector) Included
▣ Pad Length(8 bits)
▣ Next Header(8 bits)
◈ Specify the Next Header Type
▣ Authentication Data(Variable Size)
◈ ICV of the Packet
ETR I Proprietary Network Security Department P.17
ESP Location(1) – Transport Mode
Original IP Header(Any options)
TCP/UDP
Data
Original IP Header(Any options)
ESP Hdr.
IPv4
Before Applying ESP
TCP/UDP
DataESP
TrailerESPAuth.
Original IP Header(Any options)
Original IP Header(Any options)
ESP Hdr.
Extension Headersif present
ExtHdr(Hop-by-hop,dest,routing, frag.)
Dest.Options
IPv6
Before Applying ESPTCP/UDP
Data
TCP/UDP
DataESP
TrailerESPAuth.
EncryptedAuthenticated
EncryptedAuthenticated
ETR I Proprietary Network Security Department P.18
ESP Location(2) – Tunnel Mode
Original IP Header(Any options)
TCP Data
New IP Header(Any options)
ESP Hdr.
IPv4
TCP DataESP
TrailerESPAuth.
Original IP Header(Any options)
Original IP Header(Any options)
New IP Header(Any options)
ESP Hdr.
Extension Headersif present
Ext Hdrsif present
Orig ExtHeaders
IPv6TCP Data
TCP DataESP
TrailerESPAuth.
Original IP Header(Any options)
EncryptedAuthenticated
EncryptedAuthenticated
ETR I Proprietary Network Security Department P.19
AH/ESP Example
IPSECIPSEC
Secure gateway 2
IPSECIPSEC
Secure gateway 1
Encryption and authentication
14 72
Host A14 72
Host B
Authentication only
IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween Host A andSecure gateway 1
New IP headerNew IP header AHAH IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween twoSecure gateways
ESP applied packetAH Added
IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween Host B andSecure gateway 2
IP headerIP header PayloadPayloadOriginal Packet in Host A
Secure gateway use the AH The ESP is used between End-Hosts
SecurityPolicies
ETR I Proprietary Network Security Department P.20
방어 가능한 해킹 기술
Attack 방법Protocols AH
(Authentication Header)
ESP(Encapsulating
Security Payload)
Replay Attack
Packet 위• 변조 공격
IP Spoofing
Packet sniffing
Session Hijacking
DoS(Denial of Service) Attack
SN SN
ICV ICV, Encryption
ICV ICV
Encryption
ICV, Encryption
ICV, Encryption
ETR I Proprietary Network Security Department P.21
인터넷 이동성▣ Portability
◈ Application 을 계속 사용하지 않는 상태에서의 이동◈ DHCP(Dynamic Host Configuration Protocol), PPP
인터넷 주소 (IP Address) 할당 , DNS 정보
▣ Mobility◈ Seamless 한 통신 지원◈ MIP(v6), GPRS
ETR I Proprietary Network Security Department P.22
Mobile IP 의 기본 개념▣ 우편 시스템과의 비교
◈ 우편 시스템 사람이 자주 이사 다니지 않는다 발신자가 수신자의 현재 거주주소를 직접 알아서 보냄
◈ 이동 인터넷 (MIPv4) 이동 단말은 자주 인터넷을 옮겨 다님 발신자가 수신자의 현재 주소를 모름 본적지로 보냄
– 본적지에서 현주소로 다시 전송– 이동 단말은 네트워크 이동할 때마다 현주소를 본적지에 등록
◈ MIPv6 이동 단말이 네트워크를 이동할 때마다 현주소를 본적지에 등록 상대 노드에 현재 주소를 직접 알려줘서 현주소로 편지 전송 부탁
– 본적지를 통해서 수신한 경우
ETR I Proprietary Network Security Department P.23
Operation in MIP
129.254.1.1129.254.2.1
이동
Correspondent Node
Home Network Foreign NetworkMobile Node
Home Agent(HA)Foreign Agent(FA)
터널링
route optimization(optional)
Triangle Routing
129.254.1.100 129.254.2.100
ETR I Proprietary Network Security Department P.24
Mobility in IPv6
3ffe:2e01:1::1 3ffe:2e01:2::1
이동
Correspondent Node
Home NetworkForeign Network
Mobile Node
Home Agent Foreign Router
Care-of-Address 할당
(3ffe:2e01:2::100)
Home Address(3ffe:2e01:1::100)
ETR I Proprietary Network Security Department P.25
MIPv6 Operation Flow
Mobile Node
Home Agent
Correspondent Node
movement
get care-of addresshome registration
return routability procedure
correspondent binding procedure
Mobile Node
ETR I Proprietary Network Security Department P.26
Binding Authorization Data optionBinding Authorization Data option
Binding Refresh Advice OptionBinding Refresh Advice Option
Binding Authorization Data optionBinding Authorization Data option
Nonce Indices optionNonce Indices option
Alternate Care-of Address optionAlternate Care-of Address option
LifetimeLifetime
ReservedReserved
Sequence #Sequence #
KKL
LH
HA
AChecksum
ChecksumReserved
ReservedMH Type = 5
MH Type = 5Header Len
Header LenPayload proto
Payload protoESP
ESPMN’ home address
MN’ home address
source : care-of addressdestination : HA’s address
source : care-of addressdestination : HA’s address IPv6 Header
Home Address Destination Option
IPsec Header
Mobile Node Home Agent
AH or ESPAH or ESP
IPv6 Header
Type 2 Routing Header
IPsec Header
LifetimeLifetime
Sequence #Sequence #
ReservedReserved
KK
StatusStatusChecksum
ChecksumReserved
ReservedMH Type = 6
MH Type = 6Header Len
Header LenPayload proto
Payload protoESP
ESPMN’s home address
MN’s home address
source : HA’ addressdestination : care-of address
source : HA’ addressdestination : care-of address
Home Registration Message Format
BU
BA
ETR I Proprietary Network Security Department P.27
Return Routability Procedure
Mobile Node
Home Agent
Correspondent Node
HoTI
HoTI
HoT
HoT CoTCoTI
ETR I Proprietary Network Security Department P.28
HoTI & HoThome keygen token = First(64, HMAC_SHA1(Kcn, (home address | nonce | 0)))
home keygen token = First(64, HMAC_SHA1(Kcn, (home address | nonce | 0)))
home init cookiehome init cookie
CN’s addressCN’s address
home addresshome address
HA’s addressHA’s addresscare-of address
care-of address
home init cookiehome init cookie
CN’s addressCN’s address
home addresshome address
home init cookiehome keygen tokenhome nonce index
home init cookiehome keygen tokenhome nonce index
home addresshome address
CN’s addressCN’s address
home init cookiehome keygen tokenhome nonce index
home init cookiehome keygen tokenhome nonce index
home addresshome address
CN’s addressCN’s addresscare-of address
care-of addressHA’s address
HA’s address
HoTI
HoT
CN
HA
MN
ETR I Proprietary Network Security Department P.29
CoTI & CoT
CN
HA
MN
care-of init cookiecare-of init cookie
CN’s addressCN’s addresscare-of address
care-of addresscare-of init cookie
care-of keygen tokencare-of nonce index
care-of init cookiecare-of keygen tokencare-of nonce index
care-of addresscare-of address
CN’s addressCN’s address
CoTI
CoT
care-of keygen token = First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1)))care-of keygen token = First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1)))
ETR I Proprietary Network Security Department P.30
Authorizing BU
MAC_mnMAC_mn
seq #seq #
Mobile Node
Correspondent Node
nonce indicesnonce indicescare-of address
care-of address
Binding UpdateBinding Update
MAC_cnMAC_cn
seq #seq #
statusstatus
Binding AcknowledgementBinding Acknowledgement(if sent)(if sent)
Kbm(160 비트 ) = SHA1(home keygen token | care-of keygen token) orKbm(160 비트 ) = SHA1(home keygen token)
Kbm(160 비트 ) = SHA1(home keygen token | care-of keygen token) orKbm(160 비트 ) = SHA1(home keygen token)
MAC_mn = HMAC_SHA1(Kbm, (care-of address | CN address | BU)) orMAC_cn = HMAC_SHA1(Kbm, (care-of address | CN address | BA))
MAC_mn = HMAC_SHA1(Kbm, (care-of address | CN address | BU)) orMAC_cn = HMAC_SHA1(Kbm, (care-of address | CN address | BA))
ETR I Proprietary Network Security Department P.31
MIPv6 구현 사례 (1)▣ Lancaster
◈ Computer lab of Lancaster Univ.
◈ 1998.6.3
◈ Linux (kernel 2.1.90)
◈ Draft-ietf-mobileip-ipv6-05.txt
▣ National Univ. of Singapore(NUT)◈ NUS mobile IP research group
◈ 1997.10 : version 1.0 Alpha
◈ Linux(kernel 2.1.59)
◈ Draft-ietf-mobileip-ipv6-05.txt
◈ 1999.12 : version 1.1
ETR I Proprietary Network Security Department P.32
MIPv6 구현 사례 (2)▣ Helsinki Univ. of Technology(HUT)
◈ Telecommunication & multimedia lab. of HUT
◈ Linux(kernel 2.3)
◈ 2001.9 : version 0.9
◈ Draft-ietf-mobileip-ipv6-14.txt
▣ MS◈ LandMARC project 의 한 부분으로 수행◈ Version 1.4
◈ 2000.11
◈ Window 2000, NT
ETR I Proprietary Network Security Department P.33
Security Problems in MIPv6▣ Is IPsec adequate ?
◈ Global Key distribution mechanism ?
◈ Burden on the terminal of limited capacity?
◈ Other possibilities ?
▣ IPv6 problem vs. MIPv6 inherent problem vs. problem from wireless
ETR I Proprietary Network Security Department P.34
Mobile IPv6 공격 패턴 (1)▣ DoS 공격
◈ 이미 MN 의 home address 와 CN 의 address 습득◈ CN 에 BU 전송
attacker
MN
CN
Divert(DoS)
BU
ETR I Proprietary Network Security Department P.35
Mobile IPv6 공격 패턴 (2)▣ MITM 공격
BUBU
attacker
MN CN
MITM
ETR I Proprietary Network Security Department P.36
Mobile IPv6 공격 패턴 (3)▣ Attacker sends ICMP unreachable for MN’s CoA
▣ Effect◈ Packets from CN will go through HA
ICMP unreachable for MN’s CoACN
HA MN
ETR I Proprietary Network Security Department P.37
Mobile IPv6 공격 패턴 (4)▣ BU flooding
◈ attacker 는 BU 를 계속 빠르게 전송◈ Exhausts Binding Cache of MIPv6 node
BU BU
attacker
MN CN
ETR I Proprietary Network Security Department P.38
Mobile IPv6 공격 패턴 (5)▣ Packet Reflecting Threats
▣ HA as packet reflector
▣ DDos Attacker is easy to hide
HA1 believes that one of its’ MNs CoA(MN1) is the address DDos target
victim host
attacker
HA2 believes that one of its’ MNs CoA(MN2) is the address DDos target
HA3 believes that one of its’ MNs CoA(MN3) is the address DDos target
Sends packets to MN1
Sends packets to MN2
Sends packets to MN3
Tunneling Packets to MN?
ETR I Proprietary Network Security Department P.39
Mobile IPv6 공격 패턴 (6)▣ Packet Reflecting Threats
▣ CN as packet reflector
▣ DDos Attacker is easy to hide
Reply to MN CN1 believes that MN is DDoS target
CN2 believes that MN is DDoS target
CN3 believes that MN is DDoS target
victim host
attacker
ETR I Proprietary Network Security Department P.40
Mobile IPv6 공격 패턴 (7)▣ Disclosure of Sensitive Information
◈ Send ICMP Home Agent Address Discovery Request to MN’s home network
attacker CN
MNHA
ICMP Haad Request
ETR I Proprietary Network Security Department P.41
Security Solutions in MIPv6▣ IPsec 과 RR 을 통한 Binding Update 보호
◈ DoS, MITM 공격 방지▣ BU replay attack
◈ 예전에 사용하던 BU 를 통해서 MN 으로 향하는 패킷이 현재 care-of address 가 아닌 old care-of address 로 전송 DoS 공격
◈ IPsec 을 사용할 경우 SN 과 ICV 를 통해서 replay attack 방지
◈ RR 을 사용할 경우 Kbm 을 통한 해쉬를 통해서 replay attack 방지
▣ Security Hole 존재◈ attacker 가 CN 의 network 에 위치해서 Kbm 을 알게 되면 BU 를
이용한 공격 가능◈ victim node 로 하여금 과도한 암호학적 연산을 요구하거나 상태를
유지하기 위해서 많은 메모리 할당을 요구