Network Working Group Charles E. Perkins
Internet-Draft Nokia Research Center
Expires: June 2, 2005 Pat R. Calhoun
Black Storm Networks
Jayshree. Bharatia
Nortel Networks
December 2, 2004
Mobile IPv4 Challenge/Response Extensions (revised)
draft-ietf-mip4-rfc3012bis-03.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 2, 2005.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a
mobile node can authenticate itself to a foreign agent.
Unfortunately, that extension does not provide the foreign agent any
Perkins, et al. Expires June 2, 2005 [Page 1]
Internet-Draft December 2004
direct guarantee that the protocol is protected from replays, and
does not allow for the use of existing techniques (such as CHAP) for
authenticating portable computer devices.
In this specification, we define extensions for the Mobile IP Agent
Advertisements and the Registration Request that allow a foreign
agent to use a challenge/response mechanism to authenticate the
mobile node.
Furthermore, this document updates RFC3344 by including new
authentication extension called the Mobile-AAA Authentication
extension. This new extension is provided so that a mobile node can
supply credentials for authorization using commonly available AAA
infrastructure elements. This Authorization-enabling extension MAY
co-exist in the same Registration Request with Authentication
extensions defined for Mobile IP Registration by RFC3344. This
document obsoletes RFC3012.
Perkins, et al. Expires June 2, 2005 [Page 2]
Internet-Draft December 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. Mobile IP Agent Advertisement Challenge Extension . . . . . . 6
2.1 Handling of Solicited Agent Advertisements . . . . . . . . 6
3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1 Mobile Node Processing for Registration Requests . . . . . 8
3.2 Foreign Agent Processing for Registration Requests . . . . 9
3.3 Foreign Agent Processing for Registration Replies . . . . 11
3.4 Home Agent Processing for the Challenge Extensions . . . . 12
3.5 Mobile Node Processing for Registration Replies . . . . . 12
4. Mobile-Foreign Challenge Extension . . . . . . . . . . . . . . 14
5. Generalized Mobile IP Authentication Extension . . . . . . . . 15
6. Mobile-AAA Authentication subtype . . . . . . . . . . . . . . 16
7. Reserved SPIs for Mobile IP . . . . . . . . . . . . . . . . . 17
8. SPIs for RADIUS AAA Servers . . . . . . . . . . . . . . . . . 18
9. Configurable Parameters . . . . . . . . . . . . . . . . . . . 19
10. Error Values . . . . . . . . . . . . . . . . . . . . . . . . 20
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 21
12. Security Considerations . . . . . . . . . . . . . . . . . . 22
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 23
A. Change History . . . . . . . . . . . . . . . . . . . . . . . . 24
B. Verification Infrastructure . . . . . . . . . . . . . . . . . 26
C. Message Flow for FA Challenge Messaging with Mobile-AAA
Extension . . . . . . . . . . . . . . . . . . . . . . . . . . 28
D. Message Flow for FA Challenge Messaging with MN-FA
Authentication . . . . . . . . . . . . . . . . . . . . . . . . 29
E. Foreign Agent Algorithm for Tracking Used Challenges . . . . . 30
14. Normative References . . . . . . . . . . . . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 32
Intellectual Property and Copyright Statements . . . . . . . . 33
Perkins, et al. Expires June 2, 2005 [Page 3]
Internet-Draft December 2004
1. Introduction
Mobile IP defines the Mobile-Foreign Authentication extension to
allow a mobile node to authenticate itself to a foreign agent. Such
authentication mechanisms are mostly external to the principal
operation of Mobile IP, since the foreign agent can easily route
packets to and from a mobile node whether or not the mobile node is
reporting a legitimately owned home address to the foreign agent.
Unfortunately, that extension does not provide the foreign agent any
direct guarantee that the protocol is protected from replays, and
does not allow for the use of CHAP [RFC1994] for authenticating
portable computer devices. In this specification, we define
extensions for the Mobile IP Agent Advertisements and the
Registration Request that allow a foreign agent to a use
challenge/response mechanism to authenticate the mobile node.
Furthermore, an additional authentication extension, the Mobile-AAA
authentication extension, is provided so that a mobile node can
supply credentials for authorization using commonly available AAA
infrastructure elements. The foreign agent may be able to interact
with an AAA infrastructure (using protocols outside the scope of this
document) to obtain a secure indication that the mobile node is
authorized to use the local network resources.
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
This document uses the term Security Parameters Index (SPI) as
defined in the base Mobile IP protocol specification [RFC3344]. All
SPI values defined in this document refer to values for the SPI as
defined in that specification.
The following additional terminology is used in addition to that
defined in [RFC3344]:
previously used challenge:
The challenge is previously used challenge if the mobile node
sent the same challenge to the foreign agent in a previous
Registration Request, and that previous Registration Request
passed all validity checks performed by the foreign agent. The
foreign agent may not be able to keep records for all
previously used challenges, but see Section 3.2 for minimal
requirements.
security association:
A "mobility security association", as defined in [RFC3344].
unknown challenge:
Perkins, et al. Expires June 2, 2005 [Page 4]
Internet-Draft December 2004
Any challenge from a particular mobile node that the foreign
agent has no record of having put either into one of its recent
Agent Advertisements or into a registration reply message to
that mobile node.
unused challenge:
A challenge that has not been already accepted by the foreign
agent from the mobile node in the Registration Request -- i.e.,
a challenge that is neither unknown nor previously used.
Perkins, et al. Expires June 2, 2005 [Page 5]
Internet-Draft December 2004
2. Mobile IP Agent Advertisement Challenge Extension
This section defines a new extension to the Router Discovery Protocol
[RFC1256] for use by foreign agents that need to issue a challenge
for authenticating mobile nodes.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Challenge Extension
Type:
24
Length:
The length of the Challenge value in bytes; SHOULD be at least
4
Challenge:
A random value that SHOULD be at least 32 bits
The Challenge extension, illustrated in Figure 1, is inserted in the
Agent Advertisements by the foreign agent, in order to communicate a
previously unused challenge value that can be used by the mobile node
to compute an authentication for its next registration request
message. The challenge is selected by the foreign agent to provide
local assurance that the mobile node is not replaying any earlier
registration request. Eastlake, et al. [RFC1750] provides more
information on generating pseudo-random numbers suitable for use as
values for the challenge.
Note that the storage of different Challenges received in Agent
Advertisements from multiple foreign agents is implementation
specific and hence, out of scope for this specification.
2.1 Handling of Solicited Agent Advertisements
When a foreign agent generates an Agent Advertisement in response to
a Router Solicitation [RFC1256], some additional considerations come
into play. According to the Mobile IP base specification [RFC3344],
the resulting Agent Advertisement may be either multicast or unicast.
If the solicited Agent Advertisement is multicast, it MUST NOT
generate a new Challenge value and update its window of remembered
advertised Challenges. It must instead re-use the most recent of the
CHALLENGE_WINDOW Advertisement Challenge values.
Perkins, et al. Expires June 2, 2005 [Page 6]
Internet-Draft December 2004
If the agent advertisement is unicast back to the soliciting mobile
node, it MUST be handled as follows: If the challenge most recently
unicast to the soliciting mobile node has not been previously used
(as defined in Section 1.1), it SHOULD be repeated in the newly
issued unicast agent advertisement, otherwise a new challenge MUST be
generated and remembered as the most recent challenge issued to the
mobile node. For further discussion of this, see Section 12.
Perkins, et al. Expires June 2, 2005 [Page 7]
Internet-Draft December 2004
3. Operation
This section describes modifications to the Mobile IP registration
process [RFC3344] which may occur after the foreign agent issues a
Mobile IP Agent Advertisement containing the Challenge on its local
link. See Appendix C for a diagram showing the canonical message
flow for messages related to the processing of the foreign agent
challenge values.
3.1 Mobile Node Processing for Registration Requests
Retransmission behavior for Registration Requests is identical to
that specified in Mobile IP specification [RFC3344]. A retransmitted
Registration Request MAY use the same Challenge value as given in the
original Registration Request.
Whenever the Agent Advertisement contains the Challenge extension, if
the mobile node does not have a security association with the foreign
agent, then it MUST include the Challenge value in a Mobile-Foreign
Challenge extension to the Registration Request message. If, on the
other hand, the mobile node does have a security association with the
foreign agent, it SHOULD include the Challenge value in its
Registration Request message.
If the mobile node has a security association with the Foreign Agent,
it MUST include a Mobile-Foreign Authentication extension in its
Registration Request message, according to the base Mobile IP
specification [RFC3344]. When the Registration Request contains the
Mobile-Foreign Challenge extension specified in Section 4, the
Mobile-Foreign Authentication MUST follow the Challenge extension in
the Registration Request. The mobile node MAY also include the
Mobile-AAA Authentication extension. If both, the Mobile-Foreign
Authentication and the Mobile-AAA Authentication extensions are
present, the Mobile-Foreign Challenge extension MUST precede the
Mobile-AAA Authentication extension and the Mobile-AAA Authentication
extension MUST precede the Mobile-Foreign Authentication extension.
If the mobile node does not have a security association with the
foreign agent, the mobile node MUST include the Mobile-AAA
Authentication extension as defined in Section 6 when it includes the
Mobile-Foreign Challenge extension. In addition, the mobile node
SHOULD include the NAI extension [RFC2794], to enable the foreign
agent to make use of available verification infrastructure which
requires this. The SPI field of the Mobile-AAA Authentication
extension specifies the particular secret and algorithm (shared
between the mobile node and the verification infrastructure) that
must be used to perform the authentication. If the SPI value is
chosen as CHAP_SPI (see Section 9), then the mobile node specifies
Perkins, et al. Expires June 2, 2005 [Page 8]
Internet-Draft December 2004
CHAP-style authentication [RFC1994] using MD5 [RFC1321].
In either case, the Mobile-Foreign Challenge extension followed by
one of the above specified authentication extensions MUST follow the
Mobile-Home Authentication extension, if present.
A mobile node MAY include the Mobile-AAA Authentication extension in
the Registration Request when the mobile node registers directly with
its home agent (using a co-located care-of address). In this case,
if the mobile node uses an SPI value of CHAP_SPI (Section 8) in the
MN-AAA Authentication extension, the mobile node MUST include the
Mobile-Foreign Challenge extension prior to the Mobile-AAA
Authentication extension. The mechanism used by the mobile node to
obtain the Challenge value in this case is outside the scope of this
document.
3.2 Foreign Agent Processing for Registration Requests
Upon receipt of the Registration Request, if the foreign agent has
issued a Challenge as part of its Agent Advertisements, and it does
not have a security association with the mobile node, then the
foreign agent SHOULD check that the Mobile-Foreign Challenge
extension exists, and that it contains a challenge value previously
unused by the mobile node. This ensures that the mobile node is not
attempting to replay a previous advertisement and authentication. In
this case, if the Registration Request does not include a challenge
extension, the foreign agent MUST include FA Error extension (defined
in [FAERR]) in the Registration Reply message with Status code set to
MISSING_CHALLENGE.
A foreign agent that sends Agent Advertisements containing a
Challenge value MAY send a Registration Reply message with a
MISSING_CHALLENGE error if the mobile node sends a Registration
Request with a Mobile-Foreign Authentication extension without
including a Challenge. In other words, such a foreign agent MAY
refuse to process a Registration Request from the mobile node unless
the request contains an unused Challenge.
If a mobile node retransmits a Registration Request with the same
Challenge extension, and the foreign agent still has a pending
Registration Request record in effect for the mobile node, then the
foreign agent forwards the Registration Request to the Home Agent
again. The foreign agent SHOULD check that the mobile node is
actually performing a retransmission, by verifying that the relevant
fields of the retransmitted request (including, if present, the
mobile node NAI Extension [RFC2794]) are the same as represented in
the visitor list entry for the pending Registration Request (section
3.7.1 of [RFC3344]). This verification MUST NOT include the
Perkins, et al. Expires June 2, 2005 [Page 9]
Internet-Draft December 2004
"remaining Lifetime of the pending registration", or the
Identification field since those values are likely to change even for
requests that are merely retransmissions and not new Registration
Requests. In all other circumstances, if the foreign agent receives
a Registration Request with a Challenge extension containing a
Challenge value previously used by that mobile node, the foreign
agent SHOULD send a Registration Reply to the mobile node containing
the Code value STALE_CHALLENGE.
The foreign agent MUST NOT accept any Challenge in the Registration
Request unless it was offered in the last Registration Reply or
unicast Agent Advertisement sent to the mobile node, or else
advertised as one of the last CHALLENGE_WINDOW (see Section 9)
Challenge values inserted into the immediately preceding Agent
advertisements. If the Challenge is not one of the recently
advertised values, the foreign Agent SHOULD send a Registration Reply
with Code value UNKNOWN_CHALLENGE (see Section 10). The foreign
agent MUST maintain the last challenge used by each mobile node that
has registered using any one of the last CHALLENGE_WINDOW challenge
values. This last challenge value can be stored as part of the
mobile node's registration records. Also, see Appendix E for a
possible algorithm that can be used to satisfy this requirement.
Furthermore, the foreign agent MUST check that there is either a
Mobile-Foreign, or a Mobile-AAA Authentication extension after the
Challenge extension. Any registration message containing the
Challenge extension without either of these authentication extensions
MUST be silently discarded. If the registration message contains a
Mobile-Foreign Authentication extension with an incorrect
authenticator that fails verification, the foreign agent MAY send a
Registration Reply to the mobile node with Code value
BAD_AUTHENTICATION (see Section 10).
If the Mobile-AAA Authentication extension (see Section 6) is present
in the message, or if an NAI extension is included indicating that
the mobile node belongs to a different administrative domain, the
foreign agent may take actions outside the scope of this protocol
specification to carry out the authentication of the mobile node. If
the registration message contains a Mobile-AAA Authentication
extension with an incorrect authenticator that fails verification,
the foreign agent MAY send a Registration Reply to the mobile node
with Code value FA_BAD_AAA_AUTH. If the Mobile-AAA Authentication
Extension is present in the Registration Request, the foreign agent
MUST NOT remove the Mobile-AAA Authentication Extension and the
Mobile-Foreign Challenge Extension from the Registration Request.
Appendix C provides an example of an action that could be taken by a
foreign agent.
Perkins, et al. Expires June 2, 2005 [Page 10]
Internet-Draft December 2004
In the event that the Challenge extension is authenticated through
the Mobile-Foreign Authentication extension and the Mobile-AAA
Authentication extension is not present, the foreign agent MAY remove
the Challenge Extension from the Registration Request without
disturbing the authentication value computed by the mobile node for
use by the AAA or the home agent. If the Mobile-AAA Authentication
extension is present and a security association exists between the
foreign agent and the home agent, the Mobile-Foreign Challenge
extension and the Mobile-AAA Authentication extension MUST precede
the Foreign-Home Authentication extension.
If the foreign agent does not remove the Challenge extension, then
the foreign agent SHOULD store the Challenge value as part of the
pending registration request list [RFC3344]. Also, if the
Registration Reply coming from the home agent does not include the
Challenge Extension, the foreign agent SHOULD NOT reject the
Registration Request message. If the Challenge Extension is present
in the Registration Reply, it MUST be the same Challenge value that
was included in the Registration Request. If the Challenge value
differs in the Registration Reply received from the home agent, the
foreign agent MUST insert a rejection Code value MISSING_CHALLENGE in
the Registration Reply sent to the mobile node (see Section 10).
If the foreign agent does remove the Challenge extension and
applicable authentication from the Registration Request message, then
it SHOULD insert the Identification field from the Registration
Request message along with its record-keeping information about the
particular mobile node in order to protect against replays.
3.3 Foreign Agent Processing for Registration Replies
The foreign agent SHOULD include a new Mobile-Foreign Challenge
Extension in any Registration Reply, successful or not. If the
foreign agent includes this extension in a successful Registration
Reply, the extension SHOULD precede a Mobile-Foreign authentication
extension if present. Suppose the Registration Reply includes a
Challenge extension from the home agent, and the foreign agent wishes
to include another Challenge extension with the Registration Reply
for use by the mobile node. In that case, the foreign agent MUST
delete the Challenge extension from the home agent from the
Registration Reply, along with any Foreign-Home authentication
extension, before appending the new Challenge extension to the
Registration Reply.
One example of a situation where the foreign agent MAY omit the
inclusion of a Mobile-Foreign Challenge Extension in the Registration
Reply would be when a new challenge has been multicast recently.
Perkins, et al. Expires June 2, 2005 [Page 11]
Internet-Draft December 2004
If a foreign agent has conditions in which it omits the inclusion of
a Mobile-Foreign Challenge Extension in the Registration Reply, it
still MUST respond with an agent advertisement containing a
previously unused challenge in response to a subsequent agent
solicitation from the same mobile node. Otherwise (when the said
conditions are not met) the foreign agent MUST include a previously
unused challenge in any Registration Reply, successful or not.
A mobile node MUST be prepared to use a challenge from a unicast or
multicast Agent Advertisement in lieu of one returned in a
Registration Reply, and MUST solicit for one if it has not already
received one in a Registration Reply.
If the foreign agent receives a Registration Reply with the Code
value HA_BAD_AAA_AUTH, it MUST be relayed to the mobile node.
3.4 Home Agent Processing for the Challenge Extensions
If the home agent receives a Registration Request with the
Mobile-Foreign Challenge extension, and recognizes the extension, the
home agent MUST include the Challenge extension in the Registration
Reply. The Challenge Extension MUST be placed after the Mobile-Home
authentication extension, and the extension SHOULD be authenticated
by a Foreign-Home Authentication extension.
The home agent MAY receive a Registration Request with the Mobile-AAA
Authentication extension. If the Mobile-AAA Authentication extension
is used by the home agent as an authorization-enabling extension and
the verification fails due to incorrect authenticator, the home agent
MAY reject the Registration Reply with the error code
HA_BAD_AAA_AUTH.
Since the extension type for the Challenge extension is within the
range 128-255, the home agent MUST process such a Registration
Request even if it does not recognize the Challenge extension
[RFC3344]. In this case, the home agent will send a Registration
Reply to the foreign agent that does not include the Challenge
extension.
3.5 Mobile Node Processing for Registration Replies
A mobile node might receive the following error codes in the
Registration Reply from the foreign agent as a response to the
Registration Request. The error codes are defined in Section 10.
UNKNOWN_CHALLENGE: This error code is received by the mobile node in
the case where the mobile node has moved to a new foreign agent that
cannot validate the challenge provided in the Registration Request.
Perkins, et al. Expires June 2, 2005 [Page 12]
Internet-Draft December 2004
In such instances, the mobile node MUST use a new Challenge value in
any new registration, obtained either from an Agent Advertisement, or
from a Challenge extension to the Registration Reply containing the
error.
MISSING_CHALLENGE: A mobile node that does not include a Challenge
when the Mobile-Foreign Authentication extension is present may
receive a MISSING_CHALLENGE error. In this case, the mobile node
SHOULD send a Challenge extension containing an unused challenge in
the next Registration Request.
BAD_AUTHENTICATION: This error is sent by the foreign agent if the
Registration Request contains a Mobile-Foreign Authentication
extension with an incorrect authenticator that fails verification. A
mobile node that receives a BAD_AUTHENTICATION Code value SHOULD
include the Mobile-AAA Authentication Extension in the next
Registration Request. This will make it possible for the Foreign
Agent to use its AAA infrastructure in order to authenticate the
mobile node. In this case, the mobile node MUST use a new Challenge
value in any new registration, obtained either from an Agent
Advertisement, or from a Challenge extension to the Registration
Reply containing the error.
FA_BAD_AAA_AUTH: This error is sent by the foreign agent if the
Registration Request contains a Mobile-AAA Authentication extension
with an incorrect authenticator that fails verification. A mobile
node that receives a FA_BAD_AAA_AUTH MUST use a new Challenge value
in any new registration, obtained either from an Agent Advertisement,
or from a Challenge extension to the Registration Reply containing
the error.
HA_BAD_AAA_AUTH: This error is sent by the home agent if the
Registration Request contains a Mobile-AAA Authentication extension
with an incorrect authenticator that fails verification. A mobile
node that receives a HA_BAD_AAA_AUTH MUST use a new Challenge value
in any new registration, obtained either from an Agent Advertisement,
or from a Challenge extension to the Registration Reply containing
the error.
STALE_CHALLENGE: If the foreign agent receives a Registration Request
with a Challenge extension containing a Challenge value previously
used by that mobile node, the mobile node MAY receive a Registration
Reply to the mobile node containing the Code value STALE_CHALLENGE.
In such instances, the mobile node MUST use a new Challenge value in
next Registration Request, obtained either from an Agent
Advertisement, or from a Challenge extension to the Registration
Reply containing the error.
Perkins, et al. Expires June 2, 2005 [Page 13]
Internet-Draft December 2004
4. Mobile-Foreign Challenge Extension
This section specifies a new Mobile IP Registration extension that is
used to satisfy a Challenge in an Agent Advertisement. The Challenge
extension to the Registration Request message is used to indicate the
challenge that the mobile node is attempting to satisfy.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The Mobile-Foreign Challenge Extension
Type:
132 (skippable) (see [RFC3344])
Length:
Length of the Challenge value
Challenge:
The Challenge field is copied from the Challenge field found in
the Agent Advertisement Challenge extension (see section 2).
Suppose the mobile node has successfully registered using one of the
Challenge Values within the CHALLENGE_WINDOW values advertised by the
foreign agent. In that case, in any new Registration Request the
mobile node MUST NOT use any Challenge Value which was advertised by
the foreign agent before the Challenge Value in the mobile node's
last Registration Request.
Perkins, et al. Expires June 2, 2005 [Page 14]
Internet-Draft December 2004
5. Generalized Mobile IP Authentication Extension
Several new authentication extensions have been designed for various
control messages proposed for extensions to Mobile IP. A new
authentication extension is required for a mobile node to present its
credentials to any other entity other than the ones already defined;
the only entities defined in the base Mobile IP specification
[RFC3344] are the home agent and the foreign agent. It is the
purpose of the generalized authentication extension defined here to
collect together data for all such new authentication applications
into a single extension type with subtypes.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP Authentication Extension
Type:
36 (not skippable) (see [RFC3344])
Subtype:
A number assigned to identify the kind of endpoints or other
characteristics of the particular authentication strategy
Length:
4 plus the number of bytes in the Authenticator; MUST be at
least 20.
SPI:
Security Parameters Index
Authenticator:
The variable length Authenticator field
In this document, only one subtype is defined:
1 Mobile-AAA Authentication subtype (see Section 6)
Perkins, et al. Expires June 2, 2005 [Page 15]
Internet-Draft December 2004
6. Mobile-AAA Authentication subtype
The Generalized Authentication extension with subtype 1 will be
referred to as a Mobile-AAA Authentication extension. The mobile
node MAY include a Mobile-AAA Authentication extension in any
Registration Request. This extension MAY co-exist in the same
Registration Request with Authentication extensions defined for
Mobile IP Registration by [RFC3344]. If the mobile node does not
include a Mobile-Foreign Authentication [RFC3344] extension, then it
MUST include the Mobile-AAA Authentication extension whenever the
Challenge extension is present. If both are present, the Mobile-AAA
Authentication extension MUST precede the Mobile-Foreign
Authentication extension.
If the Mobile-AAA Authentication extension is present, then the
Registration Message sent by the mobile node MUST contain the
Mobile-Home Authentication extension [RFC3344] if it shares a
security association with the home agent. If both are present, the
Mobile-Home Authentication Extension MUST appear prior to the
Mobile-AAA Authentication extension. The corresponding response MUST
include the Mobile-Home Authentication Extension, and MUST NOT
include the Mobile-AAA Authentication Extension.
The default algorithm for computation of the authenticator is
HMAC-MD5 [RFC2104] computed on the following data, in the order
shown:
Preceding Mobile IP data || Type, Subtype, Length, SPI
where the Type, Length, Subtype, and SPI are as shown in Section 5.
The resulting function call, as described in [RFC2104], would be:
hmac_md5(data, datalen, Key, KeyLength, authenticator);
Each mobile node MUST support the ability to produce the
authenticator by using HMAC-MD5 as shown. Just as with Mobile IP, it
must be possible to configure the use of any arbitrary 32-bit SPI
outside of the SPIs in the reserved range 0-255 for selection of this
default algorithm.
Perkins, et al. Expires June 2, 2005 [Page 16]
Internet-Draft December 2004
7. Reserved SPIs for Mobile IP
Mobile IP defines several authentication extensions for use in
Registration Requests and Replies. Each authentication extension
carries a Security Parameters Index (SPI) which should be used to
index a table of security associations. Values in the range 0 - 255
are reserved for special use. A list of reserved SPI numbers is to
be maintained by IANA at the following URL:
http://www.iana.org/numbers.html
Perkins, et al. Expires June 2, 2005 [Page 17]
Internet-Draft December 2004
8. SPIs for RADIUS AAA Servers
Some AAA servers only admit a single security association, and thus
do not use the SPI numbers for Mobile IP authentication extensions
for use when determining the security association that would be
necessary for verifying the authentication information included with
the Authentication extension.
SPI number CHAP_SPI (see Section 9) is reserved for indicating the
following procedure for computing authentication data (called the
"authenticator"), which is used by many RADIUS servers [RFC2138]
today.
To compute the authenticator, apply MD5 [RFC1321] computed on the
following data, in the order shown:
High-order byte from Challenge || Key ||
MD5(Preceding Mobile IP data ||
Type, Subtype (if present), Length, SPI) ||
Least-order 237 bytes from Challenge
where the Type, Length, SPI, and possibly Subtype, are the fields of
the authentication extension in use. For instance, all four of these
fields would be in use when SPI == CHAP_SPI is used with the
Generalized Authentication extension. Since the RADIUS protocol
cannot carry attributes of length greater than 253, the preceding
Mobile IP data, type, subtype (if present), length and SPI are hashed
using MD5. Finally, the least significant 237 bytes of the challenge
are concatenated. If the challenge has fewer than 238 bytes, this
algorithm includes the high-order byte in the computation twice, but
ensures that the challenge is used exactly as is. Additional padding
is never used to increase the length of the challenge; the input data
is allowed to be shorter than 237 bytes long.
Perkins, et al. Expires June 2, 2005 [Page 18]
Internet-Draft December 2004
9. Configurable Parameters
Every Mobile IP agent supporting the extensions defined in this
document SHOULD be able to configure each parameter in the following
table. Each table entry contains the name of the parameter, the
default value, and the section of the document in which the parameter
first appears.
+------------------+---------------+---------------------+
| Parameter Name | Default Value | Section of Document |
+------------------+---------------+---------------------+
| CHALLENGE_WINDOW | 2 | 3.2 |
| | | |
| CHAP_SPI | 2 | 8 |
+------------------+---------------+---------------------+
Table 1: Configurable Parameters
Note that CHALLENGE_WINDOW SHOULD be at least 2. This makes it far
less likely that mobile nodes will register using a Challenge value
that is outside the set of values allowable by the foreign agent.
Perkins, et al. Expires June 2, 2005 [Page 19]
Internet-Draft December 2004
10. Error Values
Each entry in the following table contains the name of the Code
[RFC3344] to be returned in a Registration Reply, the value for the
Code, and the section in which the error is first mentioned in this
specification.
+--------------------+-------+--------------------------+
| Error Name | Value | Section of Document |
+--------------------+-------+--------------------------+
| UNKNOWN_CHALLENGE | 104 | 3.2 |
| | | |
| BAD_AUTHENTICATION | 67 | 3.2 - also see [RFC3344] |
| | | |
| MISSING_CHALLENGE | 105 | 3.1,3.2 |
| | | |
| STALE_CHALLENGE | 106 | 3.2 |
| | | |
| FA_BAD_AAA_AUTH | TBD | 3.2 |
| | | |
| HA_BAD_AAA_AUTH | TBD | 3.4 |
+--------------------+-------+--------------------------+
Table 2: Error Values
Perkins, et al. Expires June 2, 2005 [Page 20]
Internet-Draft December 2004
11. IANA Considerations
All protocol values in this specification are to be the same as
defined in RFC 3012 [RFC3012]. Additionaly, new error codes
FA_BAD_AAA_AUTH and HA_BAD_AAA_AUTH are defined by this document.
The Status code list for the FA Error extension defined in [FAERR] is
extended with the new Status code MISSING_CHALLENGE along with the
new sub-type (TBD) for the protocol extension specified in this
document.
Perkins, et al. Expires June 2, 2005 [Page 21]
Internet-Draft December 2004
12. Security Considerations
In the event that a malicious mobile node attempts to replay the
authenticator for an old Mobile-Foreign Challenge, the foreign agent
would detect it since the agent always checks whether it has recently
advertised the Challenge (see Section 3.2). Allowing mobile nodes
with different IP addresses or NAIs to use the same Challenge value
does not represent a security vulnerability, because the
authentication data provided by the mobile node will be computed over
data that is different (at least by the bytes of the mobile nodes' IP
addresses).
If the foreign agent chooses a Challenge value (see Section 2) with
fewer than 4 bytes, the foreign agent SHOULD include the value of the
Identification field in the records it maintains for the mobile node.
The foreign agent can then determine whether the Registration
messages using the short Challenge value are in fact unique, and thus
assuredly not replayed from any earlier registration.
Section 8 (SPI For RADIUS AAA Servers) defines a method of computing
the Generalized Mobile IP Authentication Extension's authenticator
field using MD5 in a manner that is consistent with RADIUS [RFC2138].
The use of MD5 in the method described in Section 8 is less secure
than HMAC-MD5 [RFC2104], and should be avoided whenever possible.
Note that an active attacker may try to prevent successful
registrations by sending a large number of Agent Solicitations or
bogus Registration Requests, each of which could cause the FA to
respond with a fresh challenge, invalidating the challenge that the
MN is currently trying to use. To prevent such attacks, the FA MUST
NOT invalidate previously unused challenges when responding to
unauthenticated Registration Requests or Agent Solicitations. In
addition, the FA MUST NOT allocate new storage when responding to
such messages, because this would also create the possibility of
denial of service.
Perkins, et al. Expires June 2, 2005 [Page 22]
Internet-Draft December 2004
13. Acknowledgments
The authors would like to thank Tom Hiller, Mark Munson, the TIA
TR45-6 WG, Gabriel Montenegro, Vipul Gupta, Pete McCann, Robert
Marks, Ahmad Muhanna, and Luca Salgarelli for their useful
discussions. A recent draft by Mohamed Khalil, Raja Narayanan, Emad
Qaddoura, and Haseeb Akhtar has also suggested the definition of a
generalized authentication extension similar to the specification
contained in Section 5.
Perkins, et al. Expires June 2, 2005 [Page 23]
Internet-Draft December 2004
Appendix A. Change History
List of the changes for draft-ietf-mobileip-rfc3012bis-03:
o Foreign agent recommended to include a Challenge in every
Registration Reply, so that mobile node can re-register without
waiting for an Advertisement.
o Foreign agent MUST record applicable challenge values used by each
mobile node.
o Mobile node forbidden to use Challenge values which were
advertised previous to the last Challenge value which it had used
for a registration.
o Terminology for stale challenge vs. unused challenge clarified.
o Terminology for "valid" challenge deleted in favor of "unused
challenge".
o Programming suggestion added as an appendix.
List of the changes for draft-ietf-mobileip-rfc3012bis-04:
o The definition of "previously used challenge" is merged with
"stale challenge" definition in section 1.1.
o Reference 7 is updated from RFC 3320 to RFC 3344 and reference 9
is updated from RFC 2138 to RFC 2865 in "Reference" section.
o Reference to RFC 3344 is added in section 3.
o HMAC_CHAP_SPI option is added for Generalized Mobile IP
Authentication extension. Upon receipt of HMAC_CHAP_SPI, HMAC-MD5
is used instead of MD5 for computing the authenticator.
o Clarified processing of error messages at the mobile node (section
3.1).
o Modified text of section 2.1 and 3.2 for further clarity.
List of the changes for draft-ietf-mobileip-rfc3012bis-05:
o Added BAD_AAA_AUTHENTICATION_SET_BY_FA and
BAD_AAA_AUTHENTICATION_SET_BY_HA error codes to report
authentication errors caused while processing Mobile-AAA
Authentication extension.
o Processing of the Mobile-AAA Authentication extension is clarified
for the foreign agent and the home agent.
o Co-existence of the Mobile-AAA Authentication extension in the
same Registration Request is made explicit.
o The situation in which the foreign agent sets MISSING_CHALLENGE is
clarified further.
o The use of Mobile-AAA Authentication Extension is allowed by the
mobile node with co-located care-of-address.
List of the changes for draft-ietf-mip4-rfc3012bis-00:
o Minor editorial changes are made through out the document.
o Added definition of "previously used challenge" and removed
definition of "stale challenge" from section 1.1.
Perkins, et al. Expires June 2, 2005 [Page 24]
Internet-Draft December 2004
o Renamed BAD_AAA_AUTHENTICATION_SET_BY_FA to FA_BAD_AAA_AUTH and
BAD_AAA_AUTHENTICATION_SET_BY_HA to HA_BAD_AAA_AUTH.
o Defined an order of the Mobile-AAA Authentication extension
received with the authentication extension(s) defined in RFC 3344
[RFC3344].
o Added protection against bogus Registration Reply and Agent
Advertisement. Also, the processing of the Challenge is clarified
if it is received in the multicast/unicast Agent Advertisement.
List of the changes for draft-ietf-mip4-rfc3012bis-01:
o Minor editorial changes are made through out the document.
o Added reference of FA Error extension in the References section
and also updated relevant text in section 3.2 and section 11.
List of the changes for draft-ietf-mip4-rfc3012bis-02:
o Minor editorial changes are made in Appendix C and Appendix D.
o Updated Boilerplate.
List of the changes for draft-ietf-mip4-rfc3012bis-03:
o Removed HMAC_MD5_SPI support from section 3.1, 8 and 9.
o Corrected figure titles 1 and 3.
Perkins, et al. Expires June 2, 2005 [Page 25]
Internet-Draft December 2004
Appendix B. Verification Infrastructure
The Challenge extensions in this protocol specification are expected
to be useful to help the foreign agent manage connectivity for
visiting mobile nodes, even in situations where the foreign agent
does not have any security association with the mobile node or the
mobile node's home agent. In order to carry out the necessary
authentication, it is expected that the foreign agent will need the
assistance of external administrative systems, which have come to be
called AAA systems. For the purposes of this document, we call the
external administrative support the "verification infrastructure".
The verification infrastructure is described to motivate the design
of the protocol elements defined in this document, and is not
strictly needed for the protocol to work. The foreign agent is free
to use any means at its disposal to verify the credentials of the
mobile node. This could, for instance, rely on a separate protocol
between the foreign agent and the Mobile IP home agent, and still be
completely invisible to the mobile node.
In order to verify the credentials of the mobile node, we imagine
that the foreign agent has access to a verification infrastructure
that can return a secure notification to the foreign agent that the
authentication has been performed, along with the results of that
authentication. This infrastructure may be visualized as shown in
Figure 4.
+----------------------------------------------------+
| |
| Verification and Key Management Infrastructure |
| |
+----------------------------------------------------+
^ | ^ |
| | | |
| v | v
+---------------+ +---------------+
| | | |
| foreign agent | | home agent |
| | | |
+---------------+ +---------------+
Figure 4: The Verification Infrastructure
After the foreign agent gets the Challenge authentication, it MAY
pass the authentication to the (here unspecified) infrastructure, and
await a Registration Reply. If the Reply has a positive status
(indicating that the registration was accepted), the foreign agent
Perkins, et al. Expires June 2, 2005 [Page 26]
Internet-Draft December 2004
accepts the registration. If the Reply contains the Code value
BAD_AUTHENTICATION (see Section 10), the foreign agent takes actions
indicated for rejected registrations.
Implicit in this picture, is the important observation that the
foreign agent and the home agent have to be equipped to make use of
whatever protocol is made available to them by the challenge
verification and key management infrastructure shown in the figure.
The protocol messages for handling the authentication within the
verification infrastructure, and identity of the agent performing the
verification of the foreign agent challenge, are not specified in
this document, because those operations do not have to be performed
by any Mobile IP entity.
Perkins, et al. Expires June 2, 2005 [Page 27]
Internet-Draft December 2004
Appendix C. Message Flow for FA Challenge Messaging with Mobile-AAA
Extension
MN FA Verification home agent
|<-- Adv+Challenge--| Infrastructure |
| (if needed) | | |
| | | |
|-- RReq+Challenge->| | |
| + Auth.Ext. | | |
| | Auth. Request, incl. | |
| |--- RReq + Challenge --->| |
| | + Auth.Ext | RReq + |
| | |-- Challenge -->|
| | | |
| | | |
| | |<--- RRep ----- |
| | Authorization, incl. | |
| |<-- RRep + Auth.Ext.-----| |
| | | |
|<-- RRep+Auth.Ext--| | |
| + New Challenge | | |
Figure 5: Message Flows for FA Challenge Messaging
In Figure 5, the following informational message flow is illustrated:
1. The foreign agent disseminates a Challenge Value in an Agent
Advertisement if needed. This advertisement MAY have been
produced after receiving an Agent Solicitation from the mobile
node (not shown in the diagram).
2. The mobile node creates a Registration Request including the
advertised Challenge Value in the Challenge Extension, along with
an Mobile-AAA authentication extension.
3. The foreign agent relays the Registration Request either to the
home agent specified by the mobile node, or else to its locally
configured Verification Infrastructure (see Appendix B),
according to local policy.
4. The foreign agent receives a Registration Reply with the
appropriate indications for authorizing connectivity for the
mobile node.
5. The foreign agent relays the Registration Reply to the mobile
node, possibly along with a new Challenge Value to be used by the
mobile node in its next Registration Request message.
Perkins, et al. Expires June 2, 2005 [Page 28]
Internet-Draft December 2004
Appendix D. Message Flow for FA Challenge Messaging with MN-FA
Authentication
MN FA home agent
|<-- Adv+Challenge--| |
| (if needed) | |
| | |
|-- RReq+Challenge->| |
| + Auth.Ext. | |
| |--- RReq + Challenge --->|
| | + HA-FA Auth.Ext |
| | |
| |<-- RRep + Challenge ----|
| | + HA-FA Auth.Ext |
| | |
|<-- RRep+Auth.Ext--| |
| + New Challenge | |
Figure 6: Message Flows for FA Challenge Messaging with MN-FA
Authentication
In Figure 6, the following informational message flow is illustrated:
1. The foreign agent disseminates a Challenge Value in an Agent
Advertisement if needed. This advertisement MAY have been
produced after receiving an Agent Solicitation from the mobile
node (not shown in the diagram).
2. The mobile node creates a Registration Request including the
advertised Challenge Value in the Challenge Extension, along with
an Mobile-Foreign Authentication extension.
3. The foreign agent relays the Registration Request to the home
agent specified by the mobile node.
4. The foreign agent receives a Registration Reply with the
appropriate indications for authorizing connectivity for the
mobile node.
5. The foreign agent relays the Registration Reply to the mobile
node, possibly along with a new Challenge Value to be used by the
mobile node in its next Registration Request message. If the
Reply contains the Code value HA_BAD_AAA_AUTH (see Section 10),
the foreign agent takes actions indicated for rejected
registrations.
Perkins, et al. Expires June 2, 2005 [Page 29]
Internet-Draft December 2004
Appendix E. Foreign Agent Algorithm for Tracking Used Challenges
If the foreign agent maintains a large CHALLENGE_WINDOW, it becomes
more important for scalability purposes to efficiently compare
incoming challenges against the set of Challenge values which have
been advertised recently. This can be done by keeping the Challenge
values in order of advertisement, and by making use of the mandated
behavior that mobile nodes MUST NOT use Challenge values which were
advertised before the last advertised Challenge value that the mobile
node has attempted to use. The following stylized programmatic
algorithm accomplishes this objective. The maximum amount of total
storage required by this algorithm is equal to Size*(CHALLENGE_WINDOW
+ (2*N)), where N is the current number of mobile nodes for which the
foreign agent is storing challenge values. Note that, whenever the
stored challenge value is no longer in the CHALLENGE_WINDOW, it can
be deleted from the foreign agent's records, perhaps along with all
other registration information for the mobile node if it is no longer
registered.
In the program fragment, it is presumed that the foreign agent keeps
an array of advertised Challenges ("VALID_ADV_CHALLENGES"), a record
of the last advertised challenge used by a mobile node, and also a
record of the last challenge provided to a mobile node in a
Registration Reply or unicast Agent Advertisement.
To meet the security obligations outlined in Section 12, the FA
SHOULD use one of the already stored, previously unused challenges
when responding to an unauthenticated Registration Request or Agent
Solicitation. If none of the already stored challenges are
previously unused, the FA SHOULD generate a new challenge, include it
in the response, and store it in the per-Mobile data structure.
Perkins, et al. Expires June 2, 2005 [Page 30]
Internet-Draft December 2004
current_chal := RegistrationRequest.challenge_extension_value
last_chal := mobile_node_record.last_used_adv_chal
if (current_chal == mobile_node_record.RegReply_challenge) {
update (mobile_node_record, current_chal)
return (OK)
}
else if (current_chal "among" VALID_ADV_CHALLENGES[]{
if (last_chal "among" VALID_ADV_CHALLENGES[]) {
if (current_chal is "before" last_chal) {
send_error(STALE_CHALLENGE)
return (FAILURE)
}
else {
update (mobile_node_record, current_chal)
return (OK)
}
}
else {
update (mobile_node_record, current_chal)
return (OK)
}
}
else {
send_error(UNKNOWN_CHALLENGE);
}
14 Normative References
[FAERR] Perkins, C., "Foreign Agent Error Extension for Mobile
IPv4", draft-perkins-mip4-faerr-00.txt (work in progress),
January 2004.
[RFC1256] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
[RFC1994] Simpson, W., "PPP Challenge Handshake Authentication
Protocol (CHAP)", RFC 1994, August 1996.
[RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC:
Keyed-Hashing for Message Authentication", RFC 2104,
Perkins, et al. Expires June 2, 2005 [Page 31]
Internet-Draft December 2004
February 1997.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2138] Rigney, C., Rigney, C., Rubens, A., Simpson, W. and S.
Willens, "Remote Authentication Dial In User Service
(RADIUS)", RFC 2138, April 1997.
[RFC2794] Calhoun, P. and C. Perkins, "Mobile IP Network Access
Identifier Extension for IPv4", RFC 2794, March 2000.
[RFC3012] Perkins, C. and P. Calhoun, "Mobile IPv4
Challenge/Response Extensions", RFC 3012, November 2000.
[RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
August 2002.
Authors' Addresses
Charles E. Perkins
Nokia Research Center
Communications Systems Lab
313 Fairchild Drive
Mountain View, California 94043
Fax: +1 650 625-2502
EMail: charles.perkins@nokia.com
Pat R. Calhoun
Black Storm Networks
110 Nortech Parkway
San Jose, CA 95134
Fax: +1 720-293-7501
EMail: pcalhoun@diameter.org
Jayshree Bharatia
Nortel Networks
2221, Lakeside Blvd
Richardson, TX 75082
Fax: +1 972-684-3775
EMail: jayshree@nortelnetworks.com
Perkins, et al. Expires June 2, 2005 [Page 32]
Internet-Draft December 2004
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Perkins, et al. Expires June 2, 2005 [Page 33]
