tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

RFC 4866

 Errata 
Proposed STD
Pages: 54
Top     in Index     Prev     Next
in Group Index     Prev in Group     Next in Group     Group: MIPSHOP

Enhanced Route Optimization for Mobile IPv6

Part 1 of 3, p. 1 to 10
None       Next RFC Part

 


Top       ToC       Page 1 
Network Working Group                                           J. Arkko
Request for Comments: 4866                  Ericsson Research NomadicLab
Category: Standards Track                                        C. Vogt
                                             Universitaet Karlsruhe (TH)
                                                               W. Haddad
                                                       Ericsson Research
                                                                May 2007


              Enhanced Route Optimization for Mobile IPv6

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document specifies an enhanced version of Mobile IPv6 route
   optimization, providing lower handoff delays, increased security, and
   reduced signaling overhead.

Table of Contents

   1. Introduction ....................................................3
   2. Objectives ......................................................4
      2.1. Handoff Latency ............................................5
      2.2. Security ...................................................5
      2.3. Signaling Overhead .........................................7
   3. Protocol Design .................................................7
      3.1. Cryptographically Generated Home Addresses .................7
      3.2. Non-Cryptographic Care-of Addresses ........................8
      3.3. Semi-Permanent Security Associations .......................8
      3.4. Initial Home Address Tests .................................8
      3.5. Concurrent Care-of Address Tests ...........................9
      3.6. Credit-Based Authorization .................................9
      3.7. Parallel Home and Correspondent Registrations .............10
   4. Protocol Operation .............................................10
      4.1. Sending Binding Update Messages ...........................10
      4.2. Receiving Binding Update Messages .........................18
      4.3. Sending Binding Acknowledgment Messages ...................22

Top      ToC       Page 2 
      4.4. Receiving Binding Acknowledgment Messages .................23
      4.5. Sending CGA Parameters ....................................25
      4.6. Receiving CGA Parameters ..................................26
      4.7. Sending Permanent Home Keygen Tokens ......................27
      4.8. Receiving Permanent Home Keygen Tokens ....................28
      4.9. Renewing Permanent Home Keygen Tokens .....................28
      4.10. Handling Payload Packets .................................28
      4.11. Credit Aging .............................................31
      4.12. Simultaneous Movements ...................................32
   5. Option Formats and Status Codes ................................32
      5.1. CGA Parameters Option .....................................32
      5.2. Signature Option ..........................................33
      5.3. Permanent Home Keygen Token Option ........................34
      5.4. Care-of Test Init Option ..................................35
      5.5. Care-of Test Option .......................................35
      5.6. CGA Parameters Request Option .............................36
      5.7. Status Codes ..............................................36
   6. Security Considerations ........................................38
      6.1. Home Address Ownership ....................................39
      6.2. Care-of Address Ownership .................................41
      6.3. Credit-Based Authorization ................................43
      6.4. Time Shifting Attacks .....................................46
      6.5. Replay Attacks ............................................47
      6.6. Resource Exhaustion .......................................47
      6.7. IP Address Ownership of Correspondent Node ................47
   7. Protocol Constants and Configuration Variables .................49
   8. IANA Considerations ............................................50
   9. Acknowledgments ................................................50
   10. References ....................................................51
      10.1. Normative References .....................................51
      10.2. Informative References ...................................51

Top      ToC       Page 3 
1.  Introduction

   Mobile IPv6 route optimization [1] enables mobile and correspondent
   nodes to communicate via a direct routing path despite changes in IP
   connectivity on the mobile node side.  Both end nodes use a stable
   "home address" in identifying the mobile node at stack layers above
   IP, while payload packets are sent or received via a "care-of
   address" that routes to the mobile node's current network attachment.
   Mobile IPv6 swaps the home and care-of addresses when a payload
   packet traverses the IP layer.  The association between a mobile
   node's home address and care-of address is called a "binding" for the
   mobile node.  It is the responsibility of the mobile node to update
   its binding at the correspondent node through a "correspondent
   registration" when it changes IP connectivity.  A correspondent
   registration further involves the mobile node's home agent, which
   proxies the mobile node at the home address and mainly serves as a
   relay for payload packets exchanged with correspondent nodes that do
   not support route optimization.  The mobile node keeps the home agent
   up to date about its current care-of address by means of "home
   registrations".

   From a security perspective, the establishment of a binding during a
   correspondent registration requires the correspondent node to verify
   the mobile node's ownership of both the home address and the care-of
   address.  Unprecedented impersonation and flooding threats [5] would
   arise if correspondent nodes took liberties with respect to these
   obligations.  A correspondent registration hence incorporates a "home
   address test" and a "care-of address test", collectively called the
   "return routability procedure".  These tests allow the correspondent
   node to probe the mobile node's reachability at the home and care-of
   addresses in an ad hoc, non-cryptographic manner.  Successful
   reachability verification at both IP addresses indicates (though it
   does not guarantee) the mobile node's ownership of the IP addresses,
   and hence that a binding between the home address and the care-of
   address is legitimate.

   The advantage of the return routability procedure is that it is
   lightweight and does not depend on a public-key infrastructure or on
   a preexisting relationship between the mobile node and the
   correspondent node.  This facilitates a broad deployment.  On the
   other hand, the procedure has an adverse impact on handoff delays
   since both the home address test and the care-of address test consist
   of an end-to-end message exchange between the mobile node and the
   correspondent node.  The latency of the home address test may be
   particularly high because it routes through the home agent.  The
   return routability procedure is also vulnerable to attackers that are
   in a position where they can interpose in the home or care-of address
   test.  The value of interposing is limited in that the return

Top      ToC       Page 4 
   routability procedure must be repeated in intervals of at most 7
   minutes, even in the absence of changes in IP connectivity on the
   mobile node side.  But this comes at the cost of an increased
   signaling overhead.  Much effort has therefore gone into improvements
   for Mobile IPv6 route optimization [6] that mitigate these
   disadvantages.

   This document specifies Enhanced Route Optimization, an amendment to
   route optimization in base Mobile IPv6.  Enhanced Route Optimization
   secures a mobile node's home address against impersonation through an
   interface identifier that is cryptographically and verifiably bound
   [2] to the public component of the mobile node's public/private-key
   pair.  The mobile node proves ownership of the home address by
   providing evidence that it knows the corresponding private key.  An
   initial home address test validates the home address prefix;
   subsequent home address tests are unnecessary.  Enhanced Route
   Optimization further allows mobile and correspondent nodes to resume
   bidirectional communications in parallel with pursuing a care-of
   address test.  The latency of the home and care-of address tests are
   therefore eliminated in most cases.  The use of cryptographically
   generated home addresses also mitigates the threat of impersonators
   that can interpose on the home address test and thereby facilitate
   longer binding lifetimes.  This leads to increased security and a
   reduction in signaling overhead.  Cryptographically generated home
   addresses and concurrent care-of address tests are preferably applied
   together, but a mobile node may choose to use only one of these
   enhancements.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [3].

2.  Objectives

   The design of route optimization in base Mobile IPv6 is in many ways
   conservative, leaving room to optimize handoff delay, security, and
   signaling overhead.  Enhanced Route Optimization tackles these issues
   and thus constitutes a more progressive variant of Mobile IPv6.

   Despite any Mobile IPv6 optimizations, it is important to take into
   account that mobility-related activities elsewhere in the protocol
   stack may have their own impact.  For example, attachment procedures,
   access control, and authentication at the link layer contribute their
   own handoff delays.  So do IP layer tasks such as router discovery,
   neighbor discovery, movement detection, and IP address configuration.
   The handoff delays and signaling overhead of Mobile IPv6 are

Top      ToC       Page 5 
   typically small compared to the total delay and overhead.  The
   improvements of Enhanced Route Optimization hence ought to be seen in
   view of the entire protocol stack.

2.1.  Handoff Latency

   The typical handoff delay in base Mobile IPv6 route optimization is
   one round-trip time between the mobile node and the home agent for
   the home registration, one round-trip time between the mobile node
   and the home agent plus one round-trip time between the home agent
   and the correspondent node for the return routability procedure, and
   one one-way time from the mobile node to the correspondent node for
   the propagation of the Binding Update message.  (The assumption here
   is that the latency of the return routability procedure is dominated
   by the home address test.)  The first payload packet sent to the new
   care-of address requires one additional one-way time to propagate
   from the correspondent node to the mobile node.  The mobile node can
   resume transmissions right after it has dispatched the Binding Update
   message.  But if it requests a Binding Acknowledgment message from
   the correspondent node, communications are usually delayed until this
   is received.

   Handoff delays in base Mobile IPv6 route optimization are additive to
   other delays at the IP layer or link layer.  They can cause
   perceptible quality degradations for interactive and real-time
   applications.  TCP bulk-data transfers are likewise affected since
   long handoff latencies may lead to successive retransmission timeouts
   and degraded throughput [7].  An objective of Enhanced Route
   Optimization is hence a reduction of the handoff latency.

2.2.  Security

   The return routability procedure was designed with the objective to
   provide a level of security that compares to that of today's non-
   mobile Internet [5].  As such, it protects against impersonation,
   denial-of-service, and flooding threats that do not exist in the non-
   mobile Internet, but that the introduction of mobility would
   introduce in the absence of appropriate countermeasures.  In
   particular, the return routability procedure satisfies the following
   requirements:

   o  An attacker off the path from a correspondent node to a victim
      should not be able to trick a correspondent node into redirecting
      packets, which should normally be delivered to a victim, to
      itself, or to a third IP address.  The attacker could otherwise
      impersonate the victim to the correspondent node or cause denial
      of service against the victim.  The attacker may launch these

Top      ToC       Page 6 
      attacks from an arbitrary position, which would not necessarily
      have to be on the path between the victim and the correspondent
      node.

   o  An attacker off the path from a correspondent node to a victim
      should not be able to trick the correspondent node into
      redirecting packets, which should normally be delivered to the
      attacker itself, to the victim.  The attacker could otherwise
      flood the victim with unrequested packets.  Such "redirection-
      based flooding" may be appealing to the attacker because the
      burden of generating the flooding packets and sending them to the
      victim would be on the correspondent node rather than on the
      attacker.  The attacker could spoof multiple correspondent nodes
      into flooding the same victim.  This would enable the attacker to
      impact the victim much stronger than with a direct flooding
      attack, where the attacker itself would generate and send the
      flooding packets.  Comparable amplification is today only possible
      through an army of compromised nodes [8].  One way to cause
      redirection-based flooding is this: The attacker could accomplish
      the initial TCP handshake for a voluminous file download through
      its own IP address, and subsequently bind the victim's IP address
      (as a care-of address) to the attacker's own IP address (or home
      address).  The correspondent node thereby redirects the download
      to the victim.  The attacker could spoof acknowledgments on behalf
      of the victim based on the sequence numbers it learned during the
      initial handshake in order to maintain or accelerate the download.
      The acknowledgments would be smaller and typically less than the
      full-sized segments that the correspondent node generates, hence
      facilitating the amplification.

   o  Attackers should not be able to cause denial of service against
      mobile or correspondent nodes through exploiting expensive
      computations involved in the mobility protocol.

   The return routability procedure precludes impersonation, denial of
   service, and redirection-based flooding by attackers that are not on
   the path from a correspondent node to a victim, and it is
   sufficiently lightweight not to expose expensive operations.  But the
   return routability procedure fails to protect against attackers that
   are located on the path from the correspondent node to the victim.
   Applications that require a higher security level are generally
   advised to use end-to-end protection such as IP security (IPsec) or
   Transport Layer Security (TLS).  But even then are they vulnerable to
   denial of service or flooding.  Furthermore, end-to-end security
   mechanisms generally require mobile and correspondent nodes to be
   preconfigured with authentication credentials, or they depend on a
   public-key infrastructure.  Both would hinder a wide deployment of
   Mobile IPv6 route optimization if it was a prerequisite for the

Top      ToC       Page 7 
   protocol.  An objective of Enhanced Route Optimization is hence to
   securely authenticate mobile nodes without preconfigured credentials
   or a public-key infrastructure, even in the presence of attackers on
   the path from the correspondent node to the victim.

2.3.  Signaling Overhead

   A complete correspondent registration involves six message
   transmissions at the mobile node, totaling about 376 bytes [9].  This
   signaling overhead may be acceptable if movements are infrequent.
   For example, a mobile node that moves once every 30 minutes generates
   an average of 1.7 bits/s of signaling traffic.  Higher mobility
   causes more substantial overhead, however.  A cell size of 100 meters
   and a speed of 120 km/h yields a change in IP connectivity every 3 s
   and about 1,000 bits/s of signaling traffic.  This is significant
   compared to a highly compressed voice stream with a typical data rate
   of 10,000 to 30,000 bits/s.

   Furthermore, base Mobile IPv6 requires mobile nodes to renew a
   correspondent registration at least every 7 minutes.  The signaling
   overhead amounts to 7.16 bits/s if the mobile node communicates with
   a stationary node [9].  It doubles if both peers are mobile.  This
   overhead may be negligible when the nodes communicate, but it can be
   an issue for mobile nodes that are inactive and stay at the same
   location for a while.  These nodes typically prefer to go to standby
   mode to conserve battery power.  Also, the periodic refreshments
   consume a fraction of the wireless bandwidth that one could use more
   efficiently.  These observations lead to the objective of Enhanced
   Route Optimization to reduce the signaling overhead of a base Mobile
   IPv6 correspondent registrations as much as possible, in particular
   when the mobile node does not move for a while.

3.  Protocol Design

   Enhanced Route Optimization consists of a set of optimizations that
   collectively afford the achievement of the objectives discussed in
   Section 2.  These optimizations are summarized in the following.

3.1.  Cryptographically Generated Home Addresses

   A Mobile IPv6 binding is conceptually a packet redirection from a
   home address to a care-of address.  The home address is the source of
   the redirection and the care-of address is the destination.  The
   packets to be redirected can hence be identified based on the home
   address.  This motivates a cryptographic ownership proof for the home
   address.  Enhanced Route Optimization applies cryptographically
   generated home addresses for this purpose [10][11].  In general, a
   Cryptographically Generated Address (CGA) provides a strong,

Top      ToC       Page 8 
   cryptographic binding between its interface identifier and the CGA
   owner's public key.  This facilitates a cryptographic home address
   ownership proof without a public-key infrastructure, enabling other
   nodes to securely and autonomously authenticate the CGA owner as
   such, modulo the correctness of the CGA's subnet prefix.
   Cryptographically generated home addresses can supersede home address
   tests with the exception of an initial test for validating the home
   address prefix.  This facilitates lower handoff delays and longer
   binding lifetimes, as well as reduced signaling overhead for mobile
   nodes that temporarily do not move.  Enhanced Route Optimization also
   optionally enables the correspondent node to prove ownership of its
   IP address.

3.2.  Non-Cryptographic Care-of Addresses

   In contrast to a home address, a care-of address does not have
   identifying functionality.  There is hence little benefit in a
   cryptographic ownership proof of a care-of address.  Given that the
   care-of address is the destination of a packet redirection, it is
   rather the mobile node's reachability at the care-of address that
   matters.  Enhanced Route Optimization uses care-of address tests for
   this purpose, but allows correspondent nodes to send packets to a new
   care-of address before the mobile node has been found to be reachable
   there.

3.3.  Semi-Permanent Security Associations

   CGA-based authentication involves public-key cryptography and is
   hence computationally much less efficient than authentication through
   a shared secret key.  The technique further requires a substantial
   amount of supplementary CGA parameters to be piggybacked onto
   protected messages.  Enhanced Route Optimization mitigates these
   disadvantages in that it utilizes an initial CGA-based authentication
   to securely exchange a secret permanent home keygen token between a
   mobile node and a correspondent node.  The permanent home keygen
   token is used to authenticate the mobile node more efficiently in
   subsequent correspondent registrations.  Mobile and correspondent
   nodes renew the permanent home keygen token on an infrequent basis.
   The token is therefore neither constant nor short-lived, which is why
   the security association between the mobile node and the
   correspondent node is called "semi-permanent".

3.4.  Initial Home Address Tests

   An initial home address test is necessary despite a cryptographic
   proof of home address ownership to protect against spoofed subnet
   prefixes in home addresses.  In the complete absence of home address
   tests, a malicious node could cryptographically generate a home

Top      ToC       Page 9 
   address with the subnet prefix of a victim network, and request a
   correspondent node to register a binding between this spoofed home
   address and the attacker's own care-of address.  The attacker then
   tricks the correspondent node into sending a stream of packets to the
   care-of address and subsequently deregisters the binding or lets it
   expire.  The consequence is that the correspondent node redirects the
   packet stream "back" to the home address, causing the victim network
   to be flooded with unrequested packets.  To preclude such misuse, an
   initial home address test is required for the mobile node and the
   correspondent node to establish a semi-permanent security
   association.  The home address test is, if possible, executed in
   proactive manner so as to save a potentially costly message exchange
   via the home agent during the critical handoff period.  The home
   address test does not need to be repeated upon subsequent movements.

3.5.  Concurrent Care-of Address Tests

   Enhanced Route Optimization allows a correspondent node to send
   payload packets to a mobile node's new care-of address before the
   mobile node has been found to be reachable at the care-of address.
   When the mobile node changes IP connectivity, it first updates its
   binding at the correspondent node to the new care-of address without
   providing a proof of reachability.  The correspondent node registers
   the new care-of address on a tentative basis and sets it to
   UNVERIFIED state.  Payload packets can then be exchanged
   bidirectionally via the new care-of address, while the mobile node's
   reachability at the new care-of address is verified concurrently.
   The correspondent node moves the care-of address to VERIFIED state
   once reachability verification completes.

3.6.  Credit-Based Authorization

   Concurrent care-of address tests without additional protection would
   enable an attacker to trick a correspondent node into temporarily
   redirecting payload packets, which would otherwise be addressed to
   the attacker itself, to the IP address of a victim.  Such
   "redirection-based flooding" [5] may be appealing to the attacker
   because the correspondent node (not the attacker) generates the
   flooding packets and sends them to the victim.  This enables the
   attacker to amplify the strength of the attack to a significant
   degree compared to a direct flooding attack where the attacker itself
   would generate the flooding packets.

   Enhanced Route Optimization protects against redirection-based
   flooding attacks through the use of Credit-Based Authorization.
   Credit-Based Authorization manages the effort that a correspondent
   node expends in sending payload packets to a care-of address in
   UNVERIFIED state so as to ensure that a redirection-based flooding

Top      ToC       Page 10 
   attack cannot be more effective than direct flooding.  The ability to
   send unrequested packets is an inherent property of packet-oriented
   networks, and direct flooding is a threat that results from this.
   Since direct flooding exists with and without mobility support, and
   redirection-based flooding attacks cannot be any more efficient than
   this, Credit-Based Authorization increases the security level
   provided by Enhanced Route Optimization with respect to flooding to
   that of the non-mobile Internet.  Enhanced Route Optimization
   therefore satisfies the objective to provide a security level
   comparable to that of the non-mobile Internet.

   The measuring and limiting of effort are technically realized through
   the concept of "credit", which a correspondent node maintains to put
   its own effort in relation to the effort that a mobile node expends
   during regular communications with the correspondent node.  The
   correspondent node increases the credit for payload packets it
   receives from a care-of address of the mobile node in VERIFIED state,
   and it reduces the credit in proportion to its own effort for sending
   payload packets to a care-of address of the mobile node in UNVERIFIED
   state.

3.7.  Parallel Home and Correspondent Registrations

   Enhanced Route Optimization enables mobile nodes to pursue a
   correspondent registration in parallel with the respective home
   registration.  This reduces handoff delays compared to base Mobile
   IPv6, which requires mobile nodes to wait for a Binding
   Acknowledgment message indicating a successful home registration
   before they initiate a correspondent registration.



(page 10 continued on part 2)

Next RFC Part