Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 4866

Enhanced Route Optimization for Mobile IPv6

Pages: 54
Proposed Standard
Errata
Part 1 of 3 – Pages 1 to 10
None   None   Next

Top   ToC   RFC4866 - Page 1
Network Working Group                                           J. Arkko
Request for Comments: 4866                  Ericsson Research NomadicLab
Category: Standards Track                                        C. Vogt
                                             Universitaet Karlsruhe (TH)
                                                               W. Haddad
                                                       Ericsson Research
                                                                May 2007


              Enhanced Route Optimization for Mobile IPv6

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

This document specifies an enhanced version of Mobile IPv6 route optimization, providing lower handoff delays, increased security, and reduced signaling overhead.

Table of Contents

1. Introduction ....................................................3 2. Objectives ......................................................4 2.1. Handoff Latency ............................................5 2.2. Security ...................................................5 2.3. Signaling Overhead .........................................7 3. Protocol Design .................................................7 3.1. Cryptographically Generated Home Addresses .................7 3.2. Non-Cryptographic Care-of Addresses ........................8 3.3. Semi-Permanent Security Associations .......................8 3.4. Initial Home Address Tests .................................8 3.5. Concurrent Care-of Address Tests ...........................9 3.6. Credit-Based Authorization .................................9 3.7. Parallel Home and Correspondent Registrations .............10 4. Protocol Operation .............................................10 4.1. Sending Binding Update Messages ...........................10 4.2. Receiving Binding Update Messages .........................18 4.3. Sending Binding Acknowledgment Messages ...................22
Top   ToC   RFC4866 - Page 2
      4.4. Receiving Binding Acknowledgment Messages .................23
      4.5. Sending CGA Parameters ....................................25
      4.6. Receiving CGA Parameters ..................................26
      4.7. Sending Permanent Home Keygen Tokens ......................27
      4.8. Receiving Permanent Home Keygen Tokens ....................28
      4.9. Renewing Permanent Home Keygen Tokens .....................28
      4.10. Handling Payload Packets .................................28
      4.11. Credit Aging .............................................31
      4.12. Simultaneous Movements ...................................32
   5. Option Formats and Status Codes ................................32
      5.1. CGA Parameters Option .....................................32
      5.2. Signature Option ..........................................33
      5.3. Permanent Home Keygen Token Option ........................34
      5.4. Care-of Test Init Option ..................................35
      5.5. Care-of Test Option .......................................35
      5.6. CGA Parameters Request Option .............................36
      5.7. Status Codes ..............................................36
   6. Security Considerations ........................................38
      6.1. Home Address Ownership ....................................39
      6.2. Care-of Address Ownership .................................41
      6.3. Credit-Based Authorization ................................43
      6.4. Time Shifting Attacks .....................................46
      6.5. Replay Attacks ............................................47
      6.6. Resource Exhaustion .......................................47
      6.7. IP Address Ownership of Correspondent Node ................47
   7. Protocol Constants and Configuration Variables .................49
   8. IANA Considerations ............................................50
   9. Acknowledgments ................................................50
   10. References ....................................................51
      10.1. Normative References .....................................51
      10.2. Informative References ...................................51
Top   ToC   RFC4866 - Page 3

1. Introduction

Mobile IPv6 route optimization [1] enables mobile and correspondent nodes to communicate via a direct routing path despite changes in IP connectivity on the mobile node side. Both end nodes use a stable "home address" in identifying the mobile node at stack layers above IP, while payload packets are sent or received via a "care-of address" that routes to the mobile node's current network attachment. Mobile IPv6 swaps the home and care-of addresses when a payload packet traverses the IP layer. The association between a mobile node's home address and care-of address is called a "binding" for the mobile node. It is the responsibility of the mobile node to update its binding at the correspondent node through a "correspondent registration" when it changes IP connectivity. A correspondent registration further involves the mobile node's home agent, which proxies the mobile node at the home address and mainly serves as a relay for payload packets exchanged with correspondent nodes that do not support route optimization. The mobile node keeps the home agent up to date about its current care-of address by means of "home registrations". From a security perspective, the establishment of a binding during a correspondent registration requires the correspondent node to verify the mobile node's ownership of both the home address and the care-of address. Unprecedented impersonation and flooding threats [5] would arise if correspondent nodes took liberties with respect to these obligations. A correspondent registration hence incorporates a "home address test" and a "care-of address test", collectively called the "return routability procedure". These tests allow the correspondent node to probe the mobile node's reachability at the home and care-of addresses in an ad hoc, non-cryptographic manner. Successful reachability verification at both IP addresses indicates (though it does not guarantee) the mobile node's ownership of the IP addresses, and hence that a binding between the home address and the care-of address is legitimate. The advantage of the return routability procedure is that it is lightweight and does not depend on a public-key infrastructure or on a preexisting relationship between the mobile node and the correspondent node. This facilitates a broad deployment. On the other hand, the procedure has an adverse impact on handoff delays since both the home address test and the care-of address test consist of an end-to-end message exchange between the mobile node and the correspondent node. The latency of the home address test may be particularly high because it routes through the home agent. The return routability procedure is also vulnerable to attackers that are in a position where they can interpose in the home or care-of address test. The value of interposing is limited in that the return
Top   ToC   RFC4866 - Page 4
   routability procedure must be repeated in intervals of at most 7
   minutes, even in the absence of changes in IP connectivity on the
   mobile node side.  But this comes at the cost of an increased
   signaling overhead.  Much effort has therefore gone into improvements
   for Mobile IPv6 route optimization [6] that mitigate these
   disadvantages.

   This document specifies Enhanced Route Optimization, an amendment to
   route optimization in base Mobile IPv6.  Enhanced Route Optimization
   secures a mobile node's home address against impersonation through an
   interface identifier that is cryptographically and verifiably bound
   [2] to the public component of the mobile node's public/private-key
   pair.  The mobile node proves ownership of the home address by
   providing evidence that it knows the corresponding private key.  An
   initial home address test validates the home address prefix;
   subsequent home address tests are unnecessary.  Enhanced Route
   Optimization further allows mobile and correspondent nodes to resume
   bidirectional communications in parallel with pursuing a care-of
   address test.  The latency of the home and care-of address tests are
   therefore eliminated in most cases.  The use of cryptographically
   generated home addresses also mitigates the threat of impersonators
   that can interpose on the home address test and thereby facilitate
   longer binding lifetimes.  This leads to increased security and a
   reduction in signaling overhead.  Cryptographically generated home
   addresses and concurrent care-of address tests are preferably applied
   together, but a mobile node may choose to use only one of these
   enhancements.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [3].

2. Objectives

The design of route optimization in base Mobile IPv6 is in many ways conservative, leaving room to optimize handoff delay, security, and signaling overhead. Enhanced Route Optimization tackles these issues and thus constitutes a more progressive variant of Mobile IPv6. Despite any Mobile IPv6 optimizations, it is important to take into account that mobility-related activities elsewhere in the protocol stack may have their own impact. For example, attachment procedures, access control, and authentication at the link layer contribute their own handoff delays. So do IP layer tasks such as router discovery, neighbor discovery, movement detection, and IP address configuration. The handoff delays and signaling overhead of Mobile IPv6 are
Top   ToC   RFC4866 - Page 5
   typically small compared to the total delay and overhead.  The
   improvements of Enhanced Route Optimization hence ought to be seen in
   view of the entire protocol stack.

2.1. Handoff Latency

The typical handoff delay in base Mobile IPv6 route optimization is one round-trip time between the mobile node and the home agent for the home registration, one round-trip time between the mobile node and the home agent plus one round-trip time between the home agent and the correspondent node for the return routability procedure, and one one-way time from the mobile node to the correspondent node for the propagation of the Binding Update message. (The assumption here is that the latency of the return routability procedure is dominated by the home address test.) The first payload packet sent to the new care-of address requires one additional one-way time to propagate from the correspondent node to the mobile node. The mobile node can resume transmissions right after it has dispatched the Binding Update message. But if it requests a Binding Acknowledgment message from the correspondent node, communications are usually delayed until this is received. Handoff delays in base Mobile IPv6 route optimization are additive to other delays at the IP layer or link layer. They can cause perceptible quality degradations for interactive and real-time applications. TCP bulk-data transfers are likewise affected since long handoff latencies may lead to successive retransmission timeouts and degraded throughput [7]. An objective of Enhanced Route Optimization is hence a reduction of the handoff latency.

2.2. Security

The return routability procedure was designed with the objective to provide a level of security that compares to that of today's non- mobile Internet [5]. As such, it protects against impersonation, denial-of-service, and flooding threats that do not exist in the non- mobile Internet, but that the introduction of mobility would introduce in the absence of appropriate countermeasures. In particular, the return routability procedure satisfies the following requirements: o An attacker off the path from a correspondent node to a victim should not be able to trick a correspondent node into redirecting packets, which should normally be delivered to a victim, to itself, or to a third IP address. The attacker could otherwise impersonate the victim to the correspondent node or cause denial of service against the victim. The attacker may launch these
Top   ToC   RFC4866 - Page 6
      attacks from an arbitrary position, which would not necessarily
      have to be on the path between the victim and the correspondent
      node.

   o  An attacker off the path from a correspondent node to a victim
      should not be able to trick the correspondent node into
      redirecting packets, which should normally be delivered to the
      attacker itself, to the victim.  The attacker could otherwise
      flood the victim with unrequested packets.  Such "redirection-
      based flooding" may be appealing to the attacker because the
      burden of generating the flooding packets and sending them to the
      victim would be on the correspondent node rather than on the
      attacker.  The attacker could spoof multiple correspondent nodes
      into flooding the same victim.  This would enable the attacker to
      impact the victim much stronger than with a direct flooding
      attack, where the attacker itself would generate and send the
      flooding packets.  Comparable amplification is today only possible
      through an army of compromised nodes [8].  One way to cause
      redirection-based flooding is this: The attacker could accomplish
      the initial TCP handshake for a voluminous file download through
      its own IP address, and subsequently bind the victim's IP address
      (as a care-of address) to the attacker's own IP address (or home
      address).  The correspondent node thereby redirects the download
      to the victim.  The attacker could spoof acknowledgments on behalf
      of the victim based on the sequence numbers it learned during the
      initial handshake in order to maintain or accelerate the download.
      The acknowledgments would be smaller and typically less than the
      full-sized segments that the correspondent node generates, hence
      facilitating the amplification.

   o  Attackers should not be able to cause denial of service against
      mobile or correspondent nodes through exploiting expensive
      computations involved in the mobility protocol.

   The return routability procedure precludes impersonation, denial of
   service, and redirection-based flooding by attackers that are not on
   the path from a correspondent node to a victim, and it is
   sufficiently lightweight not to expose expensive operations.  But the
   return routability procedure fails to protect against attackers that
   are located on the path from the correspondent node to the victim.
   Applications that require a higher security level are generally
   advised to use end-to-end protection such as IP security (IPsec) or
   Transport Layer Security (TLS).  But even then are they vulnerable to
   denial of service or flooding.  Furthermore, end-to-end security
   mechanisms generally require mobile and correspondent nodes to be
   preconfigured with authentication credentials, or they depend on a
   public-key infrastructure.  Both would hinder a wide deployment of
   Mobile IPv6 route optimization if it was a prerequisite for the
Top   ToC   RFC4866 - Page 7
   protocol.  An objective of Enhanced Route Optimization is hence to
   securely authenticate mobile nodes without preconfigured credentials
   or a public-key infrastructure, even in the presence of attackers on
   the path from the correspondent node to the victim.

2.3. Signaling Overhead

A complete correspondent registration involves six message transmissions at the mobile node, totaling about 376 bytes [9]. This signaling overhead may be acceptable if movements are infrequent. For example, a mobile node that moves once every 30 minutes generates an average of 1.7 bits/s of signaling traffic. Higher mobility causes more substantial overhead, however. A cell size of 100 meters and a speed of 120 km/h yields a change in IP connectivity every 3 s and about 1,000 bits/s of signaling traffic. This is significant compared to a highly compressed voice stream with a typical data rate of 10,000 to 30,000 bits/s. Furthermore, base Mobile IPv6 requires mobile nodes to renew a correspondent registration at least every 7 minutes. The signaling overhead amounts to 7.16 bits/s if the mobile node communicates with a stationary node [9]. It doubles if both peers are mobile. This overhead may be negligible when the nodes communicate, but it can be an issue for mobile nodes that are inactive and stay at the same location for a while. These nodes typically prefer to go to standby mode to conserve battery power. Also, the periodic refreshments consume a fraction of the wireless bandwidth that one could use more efficiently. These observations lead to the objective of Enhanced Route Optimization to reduce the signaling overhead of a base Mobile IPv6 correspondent registrations as much as possible, in particular when the mobile node does not move for a while.

3. Protocol Design

Enhanced Route Optimization consists of a set of optimizations that collectively afford the achievement of the objectives discussed in Section 2. These optimizations are summarized in the following.

3.1. Cryptographically Generated Home Addresses

A Mobile IPv6 binding is conceptually a packet redirection from a home address to a care-of address. The home address is the source of the redirection and the care-of address is the destination. The packets to be redirected can hence be identified based on the home address. This motivates a cryptographic ownership proof for the home address. Enhanced Route Optimization applies cryptographically generated home addresses for this purpose [10][11]. In general, a Cryptographically Generated Address (CGA) provides a strong,
Top   ToC   RFC4866 - Page 8
   cryptographic binding between its interface identifier and the CGA
   owner's public key.  This facilitates a cryptographic home address
   ownership proof without a public-key infrastructure, enabling other
   nodes to securely and autonomously authenticate the CGA owner as
   such, modulo the correctness of the CGA's subnet prefix.
   Cryptographically generated home addresses can supersede home address
   tests with the exception of an initial test for validating the home
   address prefix.  This facilitates lower handoff delays and longer
   binding lifetimes, as well as reduced signaling overhead for mobile
   nodes that temporarily do not move.  Enhanced Route Optimization also
   optionally enables the correspondent node to prove ownership of its
   IP address.

3.2. Non-Cryptographic Care-of Addresses

In contrast to a home address, a care-of address does not have identifying functionality. There is hence little benefit in a cryptographic ownership proof of a care-of address. Given that the care-of address is the destination of a packet redirection, it is rather the mobile node's reachability at the care-of address that matters. Enhanced Route Optimization uses care-of address tests for this purpose, but allows correspondent nodes to send packets to a new care-of address before the mobile node has been found to be reachable there.

3.3. Semi-Permanent Security Associations

CGA-based authentication involves public-key cryptography and is hence computationally much less efficient than authentication through a shared secret key. The technique further requires a substantial amount of supplementary CGA parameters to be piggybacked onto protected messages. Enhanced Route Optimization mitigates these disadvantages in that it utilizes an initial CGA-based authentication to securely exchange a secret permanent home keygen token between a mobile node and a correspondent node. The permanent home keygen token is used to authenticate the mobile node more efficiently in subsequent correspondent registrations. Mobile and correspondent nodes renew the permanent home keygen token on an infrequent basis. The token is therefore neither constant nor short-lived, which is why the security association between the mobile node and the correspondent node is called "semi-permanent".

3.4. Initial Home Address Tests

An initial home address test is necessary despite a cryptographic proof of home address ownership to protect against spoofed subnet prefixes in home addresses. In the complete absence of home address tests, a malicious node could cryptographically generate a home
Top   ToC   RFC4866 - Page 9
   address with the subnet prefix of a victim network, and request a
   correspondent node to register a binding between this spoofed home
   address and the attacker's own care-of address.  The attacker then
   tricks the correspondent node into sending a stream of packets to the
   care-of address and subsequently deregisters the binding or lets it
   expire.  The consequence is that the correspondent node redirects the
   packet stream "back" to the home address, causing the victim network
   to be flooded with unrequested packets.  To preclude such misuse, an
   initial home address test is required for the mobile node and the
   correspondent node to establish a semi-permanent security
   association.  The home address test is, if possible, executed in
   proactive manner so as to save a potentially costly message exchange
   via the home agent during the critical handoff period.  The home
   address test does not need to be repeated upon subsequent movements.

3.5. Concurrent Care-of Address Tests

Enhanced Route Optimization allows a correspondent node to send payload packets to a mobile node's new care-of address before the mobile node has been found to be reachable at the care-of address. When the mobile node changes IP connectivity, it first updates its binding at the correspondent node to the new care-of address without providing a proof of reachability. The correspondent node registers the new care-of address on a tentative basis and sets it to UNVERIFIED state. Payload packets can then be exchanged bidirectionally via the new care-of address, while the mobile node's reachability at the new care-of address is verified concurrently. The correspondent node moves the care-of address to VERIFIED state once reachability verification completes.

3.6. Credit-Based Authorization

Concurrent care-of address tests without additional protection would enable an attacker to trick a correspondent node into temporarily redirecting payload packets, which would otherwise be addressed to the attacker itself, to the IP address of a victim. Such "redirection-based flooding" [5] may be appealing to the attacker because the correspondent node (not the attacker) generates the flooding packets and sends them to the victim. This enables the attacker to amplify the strength of the attack to a significant degree compared to a direct flooding attack where the attacker itself would generate the flooding packets. Enhanced Route Optimization protects against redirection-based flooding attacks through the use of Credit-Based Authorization. Credit-Based Authorization manages the effort that a correspondent node expends in sending payload packets to a care-of address in UNVERIFIED state so as to ensure that a redirection-based flooding
Top   ToC   RFC4866 - Page 10
   attack cannot be more effective than direct flooding.  The ability to
   send unrequested packets is an inherent property of packet-oriented
   networks, and direct flooding is a threat that results from this.
   Since direct flooding exists with and without mobility support, and
   redirection-based flooding attacks cannot be any more efficient than
   this, Credit-Based Authorization increases the security level
   provided by Enhanced Route Optimization with respect to flooding to
   that of the non-mobile Internet.  Enhanced Route Optimization
   therefore satisfies the objective to provide a security level
   comparable to that of the non-mobile Internet.

   The measuring and limiting of effort are technically realized through
   the concept of "credit", which a correspondent node maintains to put
   its own effort in relation to the effort that a mobile node expends
   during regular communications with the correspondent node.  The
   correspondent node increases the credit for payload packets it
   receives from a care-of address of the mobile node in VERIFIED state,
   and it reduces the credit in proportion to its own effort for sending
   payload packets to a care-of address of the mobile node in UNVERIFIED
   state.

3.7. Parallel Home and Correspondent Registrations

Enhanced Route Optimization enables mobile nodes to pursue a correspondent registration in parallel with the respective home registration. This reduces handoff delays compared to base Mobile IPv6, which requires mobile nodes to wait for a Binding Acknowledgment message indicating a successful home registration before they initiate a correspondent registration.


(page 10 continued on part 2)

Next Section