Security Threats to Network-Based Localized Mobility Management (NETLMM)
RFC 4832

Document Type RFC - Informational (April 2007; No errata)
Last updated 2013-03-02
Replaces draft-kempf-netlmm-threats
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4832 (Informational)
Telechat date
Responsible AD Jari Arkko
Send notices to netlmm-chairs@ietf.org,chvogt@tm.uka.de
Network Working Group                                            C. Vogt
Request for Comments: 4832                   Universitaet Karlsruhe (TH)
Category: Informational                                         J. Kempf
                                                         DoCoMo USA Labs
                                                              April 2007

              Security Threats to Network-Based Localized
                      Mobility Management (NETLMM)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document discusses security threats to network-based localized
   mobility management.  Threats may occur on two interfaces: the
   interface between a localized mobility anchor and a mobile access
   gateway, as well as the interface between a mobile access gateway and
   a mobile node.  Threats to the former interface impact the localized
   mobility management protocol itself.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Threats to Interface between LMA and MAG . . . . . . . . . . .  3
     2.1.  LMA Compromise or Impersonation  . . . . . . . . . . . . .  3
     2.2.  MAG Compromise or Impersonation  . . . . . . . . . . . . .  4
     2.3.  Man-in-the-Middle Attack . . . . . . . . . . . . . . . . .  6
   3.  Threats to Interface between MAG and Mobile Node . . . . . . .  6
     3.1.  Mobile Node Compromise or Impersonation  . . . . . . . . .  7
     3.2.  Man-in-the-Middle Attack . . . . . . . . . . . . . . . . .  9
   4.  Threats from the Internet  . . . . . . . . . . . . . . . . . .  9
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
   6.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 10
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 10
     7.2.  Informative References . . . . . . . . . . . . . . . . . . 10

Vogt & Kempf                 Informational                      [Page 1]
RFC 4832               Security Threats to NETLMM             April 2007

1.  Introduction

   The network-based localized mobility management (NETLMM) architecture
   [1] supports movement of IPv6 mobile nodes locally within a domain
   without requiring mobility support in the mobile nodes' network
   stacks.  A mobile node can keep its IP address constant as it moves
   from link to link, avoiding the signaling overhead and latency
   associated with changing the IP address.  Software specifically for
   localized mobility management is not required on the mobile node,
   whereas IP-layer movement detection software may be necessary, and
   driver software for link-layer mobility is prerequisite.

   The IP addresses of mobile nodes have a prefix that routes to a
   localized mobility anchor (LMA) [3].  The LMA maintains an individual
   route for each registered mobile node.  Any particular mobile node's
   route terminates at a mobile access gateway (MAG) [3], to which the
   mobile node attaches at its current access link.  MAGs are
   responsible for updating the mobile node's route on the LMA as the
   mobile node moves.  A MAG detects the arrival of a mobile node on its
   local access link based on handoff signaling that the mobile node
   pursues.  The MAG may additionally monitor connectivity of the mobile
   node in order to recognize when the mobile node has left the local
   access link.  The localized mobility management architecture
   therefore has two interfaces:

   1.  The interface between a MAG and an LMA where route update
       signaling occurs.

   2.  The interface between a mobile node and its current MAG where
       handoff signaling and other link maintenance signaling occur.

   The localized mobility management architecture demands no specific
   protocol for a MAG to detect the arrival or departure of mobile nodes
   to and from its local access link and accordingly initiate route
   update signaling with an LMA.  An appropriate mechanism may be
   entirely implemented at the link layer, such as is common for
   cellular networks.  In that case, the IP layer never detects any
   movement, even when a mobile node moves from one link to another
   handled by a different MAG.  If the link layer does not provide the
   necessary functionality, the mobile node must perform IP-layer
   movement detection and auto-configuration signaling, thereby
   providing the trigger for the MAG to update its route on the LMA.  A
   mobile node identity, established by the localized mobility
Show full document text