Mobile IPv6: Mobility in a Wireless Internet

This excerpt is from Chapter 5, Securing Mobile IPv6 Signaling in Mobile IPv6: Mobility in a Wireless Internet written by Hesham Soliman and published by Addison Wesley. You can download the entire chapter here for free.

Mobility adds inherent security risks to those already in the Internet today. Some of these risks are introduced by the specific mobility protocol. Mobile IPv6 is a new protocol that attempts to do something that has not been done before on the Internet: redirect traffic between a mobile node and other correspondent nodes from one address to another. The signaling for such redirection is done between the mobile and correspondent nodes. To be able to design a protocol that avoids some or all of the security risks associated with it, we need to identify the types of threats specific to this protocol. Then we need to place requirements on the protocol to avoid some or all of these threats. In some cases, it is acceptable to have known threats associated with a protocol, provided that they are documented and understood. The output of the requirements study is used to test the protocol and see whether or not it conforms.

In this chapter, we focus on the security threats that result from the introduction of Mobile IPv6. We analyze different Mobile IPv6 messages and show how each one can be used by Bad Guy to produce undesired effects to the mobile node, correspondent node, and home agent. We then present the mechanisms used by Mobile IPv6 to secure its messages.

5.1 Why Do We Need to Secure Mobile IPv6?
Before we analyze the threats of Mobile IPv6's messages, we consider two different communication scenarios that are possible when Mobile IPv6 is used. Figure 5–1 shows the different cases.

A mobile node may tunnel its packets to the home agent, which in turn decapsulates and forwards them to the correspondent node. If route optimization were used (i.e., the mobile node sent a binding update to the correspondent node), the mobile node would send packets directly to the correspondent node after adding a home address option. The correspondent node would also send packets directly to the mobile node using a routing header type 2 that includes the mobile node's home address. We need to analyze the types of attacks that Bad Guy can launch when he is on-path or off-path. An on-path attacker is one that can see packets going through a certain link between two nodes. For instance, an attacker can be on-path between the mobile and correspondent nodes if he is located at the mobile node's link, the correspondent node's link, or any link between the two where packets between the two nodes are routed. On the other hand, an off-path attacker is unable to see packets sent between the two nodes he is trying to attack.

Download the entire chapter here for free.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Wireless Network Security: Setup and Tools,   Wireless Network Protocols and Standards,   Enterprise Network Security,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wireless Network Protocols and Standards Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning A wireless network vulnerability assessment checklist How to configure VLANs with 802.1X for WLAN authorization Risky Business: Understanding WiFi threats Lesson 1 quiz: Risky business RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Wired Equivalent Privacy  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.