Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)
RFC 5269
Network Working Group J. Kempf
Request for Comments: 5269 DoCoMo Labs USA
Category: Standards Track R. Koodli
Starent Networks
June 2008
Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using
SEcure Neighbor Discovery (SEND)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
Fast Mobile IPv6 requires that a Fast Binding Update is secured using
a security association shared between an Access Router and a Mobile
Node in order to avoid certain attacks. In this document, a method
for provisioning a shared key from the Access Router to the Mobile
Node is defined to protect this signaling. The Mobile Node generates
a public/private key pair using the same public key algorithm as for
SEND (RFC 3971). The Mobile Node sends the public key to the Access
Router. The Access Router encrypts a shared handover key using the
public key and sends it back to the Mobile Node. The Mobile Node
decrypts the shared handover key using the matching private key, and
the handover key is then available for generating an authenticator on
a Fast Binding Update. The Mobile Node and Access Router use the
Router Solicitation for Proxy Advertisement and Proxy Router
Advertisement from Fast Mobile IPv6 for the key exchange. The key
exchange messages are required to have SEND security; that is, the
source address is a Cryptographically Generated Address (CGA) and the
messages are signed using the CGA private key of the sending node.
This allows the Access Router, prior to providing the shared handover
key, to verify the authorization of the Mobile Node to claim the
address so that the previous care-of CGA in the Fast Binding Update
can act as the name of the key.
Kempf & Koodli Standards Track [Page 1]
RFC 5269 FMIP Security June 2008
Table of Contents
1. Introduction ....................................................2
1.1. Terminology ................................................3
2. Overview of the Protocol ........................................3
2.1. Brief Review of SEND .......................................3
2.2. Protocol Overview ..........................................4
3. Handover Key Provisioning and Use ...............................4
3.1. Sending Router Solicitations for Proxy Advertisement .......4
3.2. Receiving Router Solicitations for Proxy
Advertisement and Sending Proxy Router Advertisements ......5
3.3. Receiving Proxy Router Advertisements ......................6
3.4. Sending FBUs ...............................................7
3.5. Receiving FBUs .............................................7
3.6. Key Generation and Lifetime ................................7
3.7. Protocol Constants .........................................8
4. Message Formats .................................................8
4.1. Handover Key Request Option ................................8
4.2. Handover Key Reply Option .................................10
5. Security Considerations ........................................11
6. IANA Considerations ............................................11
7. References .....................................................12
7.1. Normative References ......................................12
7.2. Informative References ....................................12
1. Introduction
In Fast Mobile IPv6 (FMIPv6) [FMIP], a Fast Binding Update (FBU) is
sent from a Mobile Node (MN), undergoing IP handover, to the previous
Access Router (AR). The FBU causes a routing change so traffic sent
to the MN's previous Care-of Address on the previous AR's link is
tunneled to the new Care-of Address on the new AR's link. Only an MN
authorized to claim the address should be able to change the routing
for the previous Care-of Address. If such authorization is not
established, an attacker can redirect a victim MN's traffic at will.
In this document, a lightweight mechanism is defined by which a
shared handover key for securing FMIP can be provisioned on the MN by
the AR. The mechanism utilizes SEND [SEND] and an additional
public/private key pair, generated on the MN using the same public
key algorithm as SEND, to encrypt/decrypt a shared handover key sent
Show full document text