IETF Mobile IP Working Group                          Charles E. Perkins
INTERNET-DRAFT                                     Nokia Research Center
                                                            5 April 2004

         Preconfigured Binding Management Keys for Mobile IPv6

Status of This Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC 2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note
   that other groups may also distribute working documents as

   Internet-Drafts are draft documents, valid for a maximum of six
   months, and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at


   A mobile node and a correspondent node may preconfigure a Binding
   Management Key for authorizing Binding Updates.

Perkins                 Expires 5 October 2004                  [Page i]

INTERNET-DRAFT              Preconfigured Kbm               5 April 2004

1. Preconfiguring a Binding Management Key (Kbm)

   A mobile node and a correspondent node may preconfigure a Binding
   Management Key (Kbm) for authorizing binding management messages,
   especially Binding Update and Binding Acknowledgement messages.  The
   key MUST be the same length as that configured using inputs from
   Mobile IPv6 [1] return routability.  The key is associated to the
   mobile node's home address.

   Replay protection for Binding Update messages using the preconfigured
   Kbm depends upon the value of the sequence number field in the
   Binding Update.  If the correspondent node does not maintain
   information about the recently used values of that field, then there
   may be an opportunity for a malicious node to replay old Binding
   Update messages and fool the correspondent node into routing towards
   an old care-of address.  For this reason, a correspondent node that
   uses a preconfigured Kbm also MUST keep track of the most recent
   value of the Sequence Number field of Binding Update messages using
   the preconfigured Kbm value.

   When a Binding Update is to be authenticated using such a
   preconfigured binding key (Kbm), the Binding Authorization Data
   suboption MUST be present.  The Nonce Indices option SHOULD NOT
   be present.  If it is present, the nonce indices supplied MAY be
   ignored and are not included as part of the calculation for the
   authentication data, which is to be carried exactly as specified
   in [1].

2. Applicability Statement

   Preconfigured keys between a mobile node and a correspondent node are
   useful in several specific scenarios:

    -  mobile node and correspondent node are administered within the
       same domain, and the correspondent node has good reason to trust
       the actions of the mobile node

    -  the correspondent node has some guarantee that the mobile node
       will behave properly (perhaps by contractual agreement)

    -  the method of assignment for keys between the correspondent node
       and mobile node results in a stronger security association than
       what can be provided by the Return Routability procedure.

    -  diagnostic procedures

    -  software development and testing

   Generally speaking, the required level of trust that the
   correspondent node needs for enabling a preconfigured Kbm with a

Perkins                 Expires 5 October 2004                  [Page 1]

INTERNET-DRAFT              Preconfigured Kbm               5 April 2004

   mobile node is more often found within relatively small, closed
   groups of users who are personally familiar with each other, or who
   have some external basis for establishing trustworthy interactions.

3. Security Considerations

   A correspondent node and a mobile node MAY use a preconfigured
   binding management key (Kbm) to manage the authentication
   requirements for binding cache management messages.  Such keys must
   be handled carefully to avoid inadvertent exposure to the threats
   outlined in [2].

   A mobile node MUST use a different binding management key (Kbm)
   for each node in its Binding Update List.  This ensures that the
   sender of a Binding Update can always be uniquely determined.  This
   is necessary, as this authorization method does not provide any
   guarantee that the given care-of address is legitimate.  For the same
   reason, this method SHOULD only be applied between nodes that are
   under the same administration.  The return routability procedure is
   RECOMMENDED for all general use and MUST be the default, unless the
   user explicitly overrides this by entering a key for a particular

   Replay protection for the Binding Authorization Data option
   authentication mechanism is provided by the Sequence Number field
   of the Binding Update.  This method of providing replay protection
   fails when the Binding Update sequence numbers cycle through the
   16 bit counter (i.e., not more than 65,536 distinct uses of Kbm),
   or if the sequence numbers are not protected against reboots.  If
   the mobile node were to move every hour, 24 hours a day, every day
   of the year, this would require changing keys every 7 years.  Even
   if the mobile node were to move every minute, this would provide
   protection for over a month.  Given typical mobility patterns, there
   is little danger of replay problems; nodes for which problems might
   arise are expected to use methods other than manual configuration for
   Kbm anyway.  When the sequence number field rolls over, the parties
   SHOULD configure another value for Kbm.

   If a correspondent node does NOT keep track of the Sequence Number
   for Binding Update messages from a particular mobile node, then the
   correspondent node could be fooled into accepting an old value for
   the mobile node's care-of address.  In the unlikely event that this
   address was reallocated to another IPv6 node in the meantime, that
   IPv6 node would then be vulnerable to unwanted traffic emanating from
   the correspondent node.  In order to circumvent this possibility,
   correspondent nodes are mandated to keep track of the most recent
   Sequence Number value in a Binding Update message from the mobile

Perkins                 Expires 5 October 2004                  [Page 2]

INTERNET-DRAFT              Preconfigured Kbm               5 April 2004

   There is no upper bound on the lifetime defined for the preconfigured
   Kbm.  As noted, the key is very, very likely to be quite secure
   over the lifetime of the security association and usefulness of
   applications between a mobile node and correspondent node that fit
   the terms specified in section 2.

4. IANA Considerations

   No new protocol numbers are required.

5. Acknowledgement

   Thanks are due to everyone who reviewed the discussion of issue #146.


   [1] D. Johnson, C. Perkins, and J. Arkko.  Mobility support in IPv6
       (work in progress).  Internet Draft, Internet Engineering Task
       Force, May 2003.

   [2] P. Nikander, T. Aura, J. Arkko, G. Montenegro, and E. Nordmark.
       Mobile IP version 6 Route Optimization Security Design
       Background.  Internet Draft, Internet Engineering Task Force,
       June 2003.

   The first citation is normative, and the second citation is
   informative only.

Perkins                 Expires 5 October 2004                  [Page 3]

INTERNET-DRAFT              Preconfigured Kbm               5 April 2004

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on
   the IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances
   of licenses to be made available, or the result of an attempt
   made to obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive

Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph
   are included on all such copies and derivative works.  However,
   this document itself may not be modified in any way, such as by
   removing the copyright notice or references to the Internet Society
   or other Internet organizations, except as needed for the purpose
   of developing Internet standards in which case the procedures
   for copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.  This
   document and the information contained herein is provided on an "AS

Perkins                 Expires 5 October 2004                  [Page 4]

INTERNET-DRAFT              Preconfigured Kbm               5 April 2004


Author's Address

   Questions about this document can also be directed to the author:

     Charles E. Perkins
     Nokia Research Center
     313 Fairchild Drive
     Mountain View, CA 94043

     Phone:  +1 650 625-2986
     Fax:  +1 650 625-2502

Perkins                 Expires 5 October 2004                  [Page 5]