datatracker.ietf.org
Sign in
Version 5.13.0, 2015-03-25
Report a bug

Mobile IP Version 6 Route Optimization Security Design Background
RFC 4225

Network Working Group                                        P. Nikander
Request for Comments: 4225                                      J. Arkko
Category: Informational                     Ericsson Research NomadicLab
                                                                 T. Aura
                                                      Microsoft Research
                                                           G. Montenegro
                                                   Microsoft Corporation
                                                             E. Nordmark
                                                        Sun Microsystems
                                                           December 2005

   Mobile IP Version 6 Route Optimization Security Design Background

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document is an account of the rationale behind the Mobile IPv6
   (MIPv6) Route Optimization security design.  The purpose of this
   document is to present the thinking and to preserve the reasoning
   behind the Mobile IPv6 security design in 2001 - 2002.

   The document has two target audiences: (1) helping MIPv6 implementors
   to better understand the design choices in MIPv6 security procedures,
   and (2) allowing people dealing with mobility or multi-homing to
   avoid a number of potential security pitfalls in their designs.

Nikander, et al.             Informational                      [Page 1]
RFC 4225             Mobile IPv6 RO Security Design        December 2005

Table of Contents

   1. Introduction ....................................................3
      1.1. Assumptions about the Existing IP Infrastructure ...........4
      1.2. The Mobility Problem and the Mobile IPv6 Solution ..........6
      1.3. Design Principles and Goals ................................8
         1.3.1. End-to-End Principle ..................................8
         1.3.2. Trust Assumptions .....................................8
         1.3.3. Protection Level ......................................8
      1.4. About Mobile IPv6 Mobility and its Variations ..............9
   2. Avenues of Attack ...............................................9
      2.1. Target ....................................................10
      2.2. Timing ....................................................10
      2.3. Location ..................................................11
   3. Threats and Limitations ........................................11
      3.1. Attacks Against Address 'Owners' ("Address Stealing").. ...12
         3.1.1. Basic Address Stealing ...............................12
         3.1.2. Stealing Addresses of Stationary Nodes ...............13
         3.1.3. Future Address Sealing ...............................14
         3.1.4. Attacks against Secrecy and Integrity ................15
         3.1.5. Basic Denial-of-Service Attacks ......................16
         3.1.6. Replaying and Blocking Binding Updates ...............16
      3.2. Attacks Against Other Nodes and Networks (Flooding) .......16
         3.2.1. Basic Flooding .......................................17
         3.2.2. Return-to-Home Flooding ..............................18
      3.3. Attacks against Binding Update Protocols ..................18
         3.3.1. Inducing Unnecessary Binding Updates .................19
         3.3.2. Forcing Non-Optimized Routing ........................20
         3.3.3. Reflection and Amplification .........................21
      3.4. Classification of Attacks .................................22
      3.5. Problems with Infrastructure-Based Authorization ..........23
   4. Solution Selected for Mobile IPv6 ..............................24
      4.1. Return Routability ........................................24
         4.1.1. Home Address Check ...................................26
         4.1.2. Care-of-Address Check ................................27
         4.1.3. Forming the First Binding Update .....................27
      4.2. Creating State Safely .....................................28
         4.2.1. Retransmissions and State Machine ....................29
      4.3. Quick expiration of the Binding Cache Entries .............29
   5. Security Considerations ........................................30
      5.1. Residual Threats as Compared to IPv4 ......................31
      5.2. Interaction with IPsec ....................................31
      5.3. Pretending to Be One's Neighbor ...........................32
      5.4. Two Mobile Nodes Talking to Each Other ....................33

[include full document text]