Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)
RFC 5269
Document Type RFC - Proposed Standard (June 2008; No errata)
Authors Rajeev Koodli  , James Kempf 
Last updated 2015-10-14
Replaces draft-kempf-mipshop-handover-key
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Early Review (of draft-kempf-mipshop-handover-key-)
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5269 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Jari Arkko
Send notices to (None)
Email authors Email WG IPR 1 References Referenced by Nits 
Network Working Group                                           J. Kempf
Request for Comments: 5269                               DoCoMo Labs USA
Category: Standards Track                                      R. Koodli
                                                        Starent Networks
                                                               June 2008

 Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using
                   SEcure Neighbor Discovery (SEND)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   Fast Mobile IPv6 requires that a Fast Binding Update is secured using
   a security association shared between an Access Router and a Mobile
   Node in order to avoid certain attacks.  In this document, a method
   for provisioning a shared key from the Access Router to the Mobile
   Node is defined to protect this signaling.  The Mobile Node generates
   a public/private key pair using the same public key algorithm as for
   SEND (RFC 3971).  The Mobile Node sends the public key to the Access
   Router.  The Access Router encrypts a shared handover key using the
   public key and sends it back to the Mobile Node.  The Mobile Node
   decrypts the shared handover key using the matching private key, and
   the handover key is then available for generating an authenticator on
   a Fast Binding Update.  The Mobile Node and Access Router use the
   Router Solicitation for Proxy Advertisement and Proxy Router
   Advertisement from Fast Mobile IPv6 for the key exchange.  The key
   exchange messages are required to have SEND security; that is, the
   source address is a Cryptographically Generated Address (CGA) and the
   messages are signed using the CGA private key of the sending node.
   This allows the Access Router, prior to providing the shared handover
   key, to verify the authorization of the Mobile Node to claim the
   address so that the previous care-of CGA in the Fast Binding Update
   can act as the name of the key.

Kempf & Koodli              Standards Track                     [Page 1]
RFC 5269                     FMIP Security                     June 2008

Table of Contents

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. Overview of the Protocol ........................................3
      2.1. Brief Review of SEND .......................................3
      2.2. Protocol Overview ..........................................4
   3. Handover Key Provisioning and Use ...............................4
      3.1. Sending Router Solicitations for Proxy Advertisement .......4
      3.2. Receiving Router Solicitations for Proxy
           Advertisement and Sending Proxy Router Advertisements ......5
      3.3. Receiving Proxy Router Advertisements ......................6
      3.4. Sending FBUs ...............................................7
      3.5. Receiving FBUs .............................................7
      3.6. Key Generation and Lifetime ................................7
      3.7. Protocol Constants .........................................8
   4. Message Formats .................................................8
      4.1. Handover Key Request Option ................................8
      4.2. Handover Key Reply Option .................................10
   5. Security Considerations ........................................11
   6. IANA Considerations ............................................11
   7. References .....................................................12
      7.1. Normative References ......................................12
      7.2. Informative References ....................................12

1.  Introduction

   In Fast Mobile IPv6 (FMIPv6) [FMIP], a Fast Binding Update (FBU) is
   sent from a Mobile Node (MN), undergoing IP handover, to the previous
   Access Router (AR).  The FBU causes a routing change so traffic sent
   to the MN's previous Care-of Address on the previous AR's link is
   tunneled to the new Care-of Address on the new AR's link.  Only an MN
   authorized to claim the address should be able to change the routing
   for the previous Care-of Address.  If such authorization is not
   established, an attacker can redirect a victim MN's traffic at will.

   In this document, a lightweight mechanism is defined by which a
   shared handover key for securing FMIP can be provisioned on the MN by
   the AR.  The mechanism utilizes SEND [SEND] and an additional
   public/private key pair, generated on the MN using the same public
   key algorithm as SEND, to encrypt/decrypt a shared handover key sent
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools