security support in mobile ipv6

ETRI

Security Support inMobile IPv6

네트워크보안연구부

김 건 우[email protected]

ETR I Proprietary Network Security Department P.2

IPv6 도입 배경 및 특징▣ IPv6 진화 동기

◈ 인터넷 접속 노드 증가에 따른 주소 영역의 확장 필요 0.0.0.0 ~ 126.0.0.0(A 클래스 ) 대부분을 미국이 독식

◈ 사용자의 다양한 서비스 욕구 실시간 서비스 , 멀티미디어 서비스 등

◈ 보안 및 인증서비스 필요▣ 특징

◈ 확장된 Addressing 능력 Address size : 32bits 128 bits “anycast” 라는 새로운 형태의 address 정의

◈ 헤더 형식의 단순화 및 옵션화◈ QoS 향상 : Flow Labeling 및 Priority◈ Authentication 및 Privacy◈ 향상된 Mobility 지원


IPv4 Format vs. IPv6 Format▣ 14 fields, at least 20 octets▣ 32-bit addresses▣ fragmented packet processing at

every hop▣ header checksum recalculation at

every hop

VersionVersion HLENHLEN Type of Service

Type of Service Total LengthTotal Length

IdentificationIdentification Flags(3)Flags(3) Fragment OffsetFragment Offset

TTLTTL ProtocolProtocolHeader ChecksumHeader Checksum

Source IP AddressSource IP Address

Destination IP AddressDestination IP Address

VersionVersion PriorityPriorityFlow LabelFlow Label

Payload LengthPayload Length Next HeaderNext Header Hop LimitHop Limit

Source AddressSource Address

Destination AddressDestination Address

▣ 8 fields, fixed 40 octet size▣ 128-bit addresses▣ fragmentation only in src and dst

endpoint, or lower layer▣ no checksums▣ new 20-bit flow label field▣ options in Extension Headers


Destination Options HeaderDestination Options Header

6060

No Next HeaderNo Next Header

5959

Authentication HeaderAuthentication Header

5151

Encapsulating Security PayloadEncapsulating Security Payload

5050

Fragmentation HeaderFragmentation Header

4444

Routing HeaderRouting Header

4343

Hop-by-hop Options HeaderHop-by-hop Options Header

00

IPv6 확장 헤더▣ 확장 헤더 (IP Extension Header)

◈ 추가적인 정보를 경로에 따라 목적지나 중간 시스템으로 나르거나 IP 데이터그램에 제공하기 위해 사용

◈ IP datagram 의 기본 헤더 다음에 위치

▣ 확장 헤더 순서◈ 중간 라우터가 효율적으로 데이터그램을 처리하기 위해 확장 헤더 순서를

준수 예 ) 0 -> 43 -> 44 ->51 -> 6


IPv6 주소 체계▣ IPv6 address

◈ 128bits 로 인터페이스들과 인터페이스들의 집합을 지정◈ Subnet Prefix + Interface ID

▣ 주소 유형◈ unicast address

◈ anycast address

◈ multicast address

▣ 표현 방식◈ FEDC : BA98 : 7654 : 3210 : FEDC : BA98 : 7654 : 3210

◈ 1080 : 0 : 0 : 0 : 8 : 800 : 200C : 417A => 1080 : : 8 : 800 : 200C : 417A

◈ 0 : 0 : 0 : 0 : 0 : FFFF : 129.254.12.164 => : : FFFF : 129.254.12.164


인터넷 정보보호 기술 (IPsec)▣ 보안연계성 (SA) 설정 및 안전한 데이터 전송 보장

InternetInternet

인증기관

보안규칙집행 보안규칙집행

협상

보안터널링


개요

Physical

Datalink

Network

Transport

Session

Presentation

Application IKE

IPsec(AH, ESP)

IP 계층에서의 다양한 보호서비스 제공

응용계층과 독립적인 네트워크 보안 가능

IPv6(mandatory), IPv4(optional)

IP 계층에서의 다양한 보호서비스 제공

응용계층과 독립적인 네트워크 보안 가능

IPv6(mandatory), IPv4(optional)

목 적목 적

AH & ESP & IKE 를 이용

Access Control

Connectionless Integrity

Data Origin Authentication

Protection against Replays

Confidentiality

Limited Traffic Flow Confidentiality

Access Control

Connectionless Integrity

Data Origin Authentication

Protection against Replays

Confidentiality

Limited Traffic Flow Confidentiality

제공되는 보안서비스제공되는 보안서비스


IPsec 컴포넌트▣ IPsec 엔진

◈ AH, ESP 구현◈ SP 및 SA 를 통한 헤더 프로세싱◈ 프레그멘테이션 /PMTU 와 같은 네트워크 계층의 이슈 제어

▣ SADB(Security Association Database)◈ 패킷에 적용되는 security 를 결정하는 요소

▣ IKE(Internet Key Exchange)◈ 사용자 레벨의 어플리케이션◈ 새로운 SA 협상 (phase1/phase2)

▣ SPS(Security Policy System)◈ 패킷 액션을 결정 , SA 적용을 위한 selector 제공◈ IKE 협상을 위한 security parameter 제공◈ 도메인 ( 서브 네트워크 ) 간의 security paradigm 결정 및 교환


IPsec 동작 구조

IPsec Engine

Host Sensor

SPDB

SAD

NetworkInterface

IKEServer

IKEServer

CAServer

KeyManagement

System

telnet ftp mail

Application Programs

SPSSPSSPSTransformTransformTransformLibrary

SecurityManagement

Network

CA/KeyManagement

Network

Auditing

PolicyRequest/

Reply

PolicySetting

AuditingReporting

AuditingPolicy Set/Get

Enc/Dec

SARequest/

Reply

SA Negotiation

set SA

get SA

Certificate

KeyStore/

Recovery

Secure Packetsend/receive

SPSSPSSMS


Operation Mode

Internet

IPsec Tunnel or TransportData

Host Host

Internet

IPsec Tunnel

Data

Host HostSecure

GatewaySecure

Gateway

Transport mode Tunnel mode

상위계층 데이터에 보안서비스 제공 전체 IP 패킷에 보안서비스 제공

host 에 적용 host 와 secure gateway 에 적용


Authentication Header(AH)▣ RFC 2402 에 정의▣ 제공되는 서비스

◈ connectionless integrity

◈ data origin authentication for IP datagram

◈ Anti-Replay service

▣ 보호되는 영역◈ IP Header 영역◈ IP 상위 레벨의 data


AH Format

▣ Next Header(8 bits)

◈ Specify the Next Header Type

▣ Payload Length(8 bits)

◈ Length of AH in 4-byte Unit

▣ RESERVED(16 bits)

◈ Set ot All “Zero”

▣ SPI(32 bits)

◈ Identify the Security Association

◈ 1~255 : Reserved by IANA

▣ Sequence Number(32 bits)

◈ Monotonically Increasing Counter Value

◈ For the Anti-Replay Service

▣ Authentication Data(Variable Size)

◈ ICV of the Packet

Next Header Payload Length RESERVED

Security Parameter Index(SPI)

Sequence Number Field

Authentication Data(variable)

0 7 8 15 16 31


AH Location(1) – Transport Mode

Original IP Header(Any options)

TCP Data


TCP DataAH

IPv4

Authenticated except for mutable fields


TCP Data


TCP DataAH

Extension Headersif present

ExtHdr(Hop-by-hop,dest,routing, frag.)

Dest.Options

IPv6

Authenticated except for mutable fields


AH Location(2) – Tunnel Mode


TCP/UDP Data


TCP/UDP DataAH

IPv4

New IP Header(Any options)

Authenticated except for mutable fields in the New IP Header


TCP/UDP Data


TCP/UDP

DataAH


Ext Hdrsif present

IPv6

Ext Hdrsif present


Authenticated except for mutable fields in the New IP Header


Encapsulating Security Payload(ESP)▣ RFC 2406 에 정의▣ 제공되는 서비스

◈ Confidentiality

◈ Data Origin Authentication

◈ Connectionless Integrity

◈ Anti-Replay Service(Option for Receiver)

◈ Limited Traffic Flow Confidentiality


ESP Header Format

Sequence Number Field

Payload Data(variable)

0 15 16 31Security Parameter Index(SPI)

Pad Length

Authentication Data(variable)

Next Header

Padding(0~255 bytes)

AuthenticationCoverage

ConfidentialityCoverage

▣ SPI(32 bits)

◈ Identify the Security Association

◈ 1~255 : Reserved by IANA

▣ Sequence Number(32 bits)

◈ Monotonically Increasing Counter Value

◈ For the Anti-Replay Service

▣ Padding(for Encryption)

◈ For the Block Cipher

▣ Payload Data(variable size)

◈ Upper Layer Data

◈ IV(Initial Vector) Included

▣ Pad Length(8 bits)

▣ Next Header(8 bits)

◈ Specify the Next Header Type

▣ Authentication Data(Variable Size)

◈ ICV of the Packet


ESP Location(1) – Transport Mode


TCP/UDP

Data


ESP Hdr.

IPv4

Before Applying ESP

TCP/UDP

DataESP

TrailerESPAuth.



ESP Hdr.


ExtHdr(Hop-by-hop,dest,routing, frag.)

Dest.Options

IPv6

Before Applying ESPTCP/UDP

Data

TCP/UDP

DataESP

TrailerESPAuth.

EncryptedAuthenticated



ESP Location(2) – Tunnel Mode


TCP Data


ESP Hdr.

IPv4

TCP DataESP

TrailerESPAuth.




ESP Hdr.


Ext Hdrsif present

Orig ExtHeaders

IPv6TCP Data

TCP DataESP

TrailerESPAuth.





AH/ESP Example

IPSECIPSEC

Secure gateway 2

IPSECIPSEC

Secure gateway 1

Encryption and authentication

14 72

Host A14 72

Host B

Authentication only

IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween Host A andSecure gateway 1

New IP headerNew IP header AHAH IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween twoSecure gateways

ESP applied packetAH Added

IP headerIP header ESP headerESP header PayloadPayload ESP trailerESP trailer ESP authESP authBetween Host B andSecure gateway 2

IP headerIP header PayloadPayloadOriginal Packet in Host A

Secure gateway use the AH The ESP is used between End-Hosts

SecurityPolicies


방어 가능한 해킹 기술

Attack 방법Protocols AH

(Authentication Header)

ESP(Encapsulating

Security Payload)

Replay Attack

Packet 위• 변조 공격

IP Spoofing

Packet sniffing

Session Hijacking

DoS(Denial of Service) Attack

SN SN

ICV ICV, Encryption

ICV ICV

Encryption

ICV, Encryption

ICV, Encryption


인터넷 이동성▣ Portability

◈ Application 을 계속 사용하지 않는 상태에서의 이동◈ DHCP(Dynamic Host Configuration Protocol), PPP

인터넷 주소 (IP Address) 할당 , DNS 정보

▣ Mobility◈ Seamless 한 통신 지원◈ MIP(v6), GPRS


Mobile IP 의 기본 개념▣ 우편 시스템과의 비교

◈ 우편 시스템 사람이 자주 이사 다니지 않는다 발신자가 수신자의 현재 거주주소를 직접 알아서 보냄

◈ 이동 인터넷 (MIPv4) 이동 단말은 자주 인터넷을 옮겨 다님 발신자가 수신자의 현재 주소를 모름 본적지로 보냄

– 본적지에서 현주소로 다시 전송– 이동 단말은 네트워크 이동할 때마다 현주소를 본적지에 등록

◈ MIPv6 이동 단말이 네트워크를 이동할 때마다 현주소를 본적지에 등록 상대 노드에 현재 주소를 직접 알려줘서 현주소로 편지 전송 부탁

– 본적지를 통해서 수신한 경우


Operation in MIP

129.254.1.1129.254.2.1

이동

Correspondent Node

Home Network Foreign NetworkMobile Node

Home Agent(HA)Foreign Agent(FA)

터널링

route optimization(optional)

Triangle Routing

129.254.1.100 129.254.2.100


Mobility in IPv6

3ffe:2e01:1::1 3ffe:2e01:2::1

이동

Correspondent Node

Home NetworkForeign Network

Mobile Node

Home Agent Foreign Router

Care-of-Address 할당

(3ffe:2e01:2::100)

Home Address(3ffe:2e01:1::100)


MIPv6 Operation Flow

Mobile Node

Home Agent

Correspondent Node

movement

get care-of addresshome registration

return routability procedure

correspondent binding procedure

Mobile Node


Binding Authorization Data optionBinding Authorization Data option

Binding Refresh Advice OptionBinding Refresh Advice Option

Binding Authorization Data optionBinding Authorization Data option

Nonce Indices optionNonce Indices option

Alternate Care-of Address optionAlternate Care-of Address option

LifetimeLifetime

ReservedReserved

Sequence #Sequence #

KKL

LH

HA

AChecksum

ChecksumReserved

ReservedMH Type = 5

MH Type = 5Header Len

Header LenPayload proto

Payload protoESP

ESPMN’ home address

MN’ home address

source : care-of addressdestination : HA’s address

source : care-of addressdestination : HA’s address IPv6 Header

Home Address Destination Option

IPsec Header

Mobile Node Home Agent

AH or ESPAH or ESP

IPv6 Header

Type 2 Routing Header

IPsec Header

LifetimeLifetime

Sequence #Sequence #

ReservedReserved

KK

StatusStatusChecksum

ChecksumReserved

ReservedMH Type = 6

MH Type = 6Header Len

Header LenPayload proto

Payload protoESP

ESPMN’s home address

MN’s home address

source : HA’ addressdestination : care-of address

source : HA’ addressdestination : care-of address

Home Registration Message Format

BU

BA


Return Routability Procedure

Mobile Node

Home Agent

Correspondent Node

HoTI

HoTI

HoT

HoT CoTCoTI


HoTI & HoThome keygen token = First(64, HMAC_SHA1(Kcn, (home address | nonce | 0)))

home keygen token = First(64, HMAC_SHA1(Kcn, (home address | nonce | 0)))

home init cookiehome init cookie

CN’s addressCN’s address

home addresshome address

HA’s addressHA’s addresscare-of address

care-of address

home init cookiehome init cookie



home init cookiehome keygen tokenhome nonce index







CN’s addressCN’s addresscare-of address

care-of addressHA’s address

HA’s address

HoTI

HoT

CN

HA

MN


CoTI & CoT

CN

HA

MN

care-of init cookiecare-of init cookie

CN’s addressCN’s addresscare-of address

care-of addresscare-of init cookie

care-of keygen tokencare-of nonce index

care-of init cookiecare-of keygen tokencare-of nonce index

care-of addresscare-of address


CoTI

CoT

care-of keygen token = First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1)))care-of keygen token = First(64, HMAC_SHA1(Kcn, (care-of address | nonce | 1)))


Authorizing BU

MAC_mnMAC_mn

seq #seq #

Mobile Node

Correspondent Node

nonce indicesnonce indicescare-of address

care-of address

Binding UpdateBinding Update

MAC_cnMAC_cn

seq #seq #

statusstatus

Binding AcknowledgementBinding Acknowledgement(if sent)(if sent)

Kbm(160 비트 ) = SHA1(home keygen token | care-of keygen token) orKbm(160 비트 ) = SHA1(home keygen token)

Kbm(160 비트 ) = SHA1(home keygen token | care-of keygen token) orKbm(160 비트 ) = SHA1(home keygen token)

MAC_mn = HMAC_SHA1(Kbm, (care-of address | CN address | BU)) orMAC_cn = HMAC_SHA1(Kbm, (care-of address | CN address | BA))

MAC_mn = HMAC_SHA1(Kbm, (care-of address | CN address | BU)) orMAC_cn = HMAC_SHA1(Kbm, (care-of address | CN address | BA))


MIPv6 구현 사례 (1)▣ Lancaster

◈ Computer lab of Lancaster Univ.

◈ 1998.6.3

◈ Linux (kernel 2.1.90)

◈ Draft-ietf-mobileip-ipv6-05.txt

▣ National Univ. of Singapore(NUT)◈ NUS mobile IP research group

◈ 1997.10 : version 1.0 Alpha

◈ Linux(kernel 2.1.59)


◈ 1999.12 : version 1.1


MIPv6 구현 사례 (2)▣ Helsinki Univ. of Technology(HUT)

◈ Telecommunication & multimedia lab. of HUT

◈ Linux(kernel 2.3)

◈ 2001.9 : version 0.9


▣ MS◈ LandMARC project 의 한 부분으로 수행◈ Version 1.4

◈ 2000.11

◈ Window 2000, NT


Security Problems in MIPv6▣ Is IPsec adequate ?

◈ Global Key distribution mechanism ?

◈ Burden on the terminal of limited capacity?

◈ Other possibilities ?

▣ IPv6 problem vs. MIPv6 inherent problem vs. problem from wireless


Mobile IPv6 공격 패턴 (1)▣ DoS 공격

◈ 이미 MN 의 home address 와 CN 의 address 습득◈ CN 에 BU 전송

attacker

MN

CN

Divert(DoS)

BU


Mobile IPv6 공격 패턴 (2)▣ MITM 공격

BUBU

attacker

MN CN

MITM


Mobile IPv6 공격 패턴 (3)▣ Attacker sends ICMP unreachable for MN’s CoA

▣ Effect◈ Packets from CN will go through HA

ICMP unreachable for MN’s CoACN

HA MN


Mobile IPv6 공격 패턴 (4)▣ BU flooding

◈ attacker 는 BU 를 계속 빠르게 전송◈ Exhausts Binding Cache of MIPv6 node

BU BU

attacker

MN CN


Mobile IPv6 공격 패턴 (5)▣ Packet Reflecting Threats

▣ HA as packet reflector

▣ DDos Attacker is easy to hide

HA1 believes that one of its’ MNs CoA(MN1) is the address DDos target

victim host

attacker



Sends packets to MN1



Tunneling Packets to MN?


Mobile IPv6 공격 패턴 (6)▣ Packet Reflecting Threats

▣ CN as packet reflector

▣ DDos Attacker is easy to hide

Reply to MN CN1 believes that MN is DDoS target

CN2 believes that MN is DDoS target

CN3 believes that MN is DDoS target

victim host

attacker


Mobile IPv6 공격 패턴 (7)▣ Disclosure of Sensitive Information

◈ Send ICMP Home Agent Address Discovery Request to MN’s home network

attacker CN

MNHA

ICMP Haad Request


Security Solutions in MIPv6▣ IPsec 과 RR 을 통한 Binding Update 보호

◈ DoS, MITM 공격 방지▣ BU replay attack

◈ 예전에 사용하던 BU 를 통해서 MN 으로 향하는 패킷이 현재 care-of address 가 아닌 old care-of address 로 전송 DoS 공격

◈ IPsec 을 사용할 경우 SN 과 ICV 를 통해서 replay attack 방지

◈ RR 을 사용할 경우 Kbm 을 통한 해쉬를 통해서 replay attack 방지

▣ Security Hole 존재◈ attacker 가 CN 의 network 에 위치해서 Kbm 을 알게 되면 BU 를

이용한 공격 가능◈ victim node 로 하여금 과도한 암호학적 연산을 요구하거나 상태를

유지하기 위해서 많은 메모리 할당을 요구

security support in mobile ipv6

Documents