Mobile IP
By
 Team: MIRAGE
  Amit Singh
 Waymon Short
Sumanth Ghanta
Arshad Mushrif
               Outline
• Technology
• Issues
• Commercial presence
                Introduction
• Mobile IP is a standard approved by the Internet
  Engineering Steering Group (IESG) in June 1996
  and published as a proposed standard by the
  Internet Engineering Tasks force (IETF) in
  November 1996 in order to support mobility.
• Developed in order to cope with the increasing
  popularity of PDA’s and Laptop’s.
• As the demand grew, connectivity became a
  significant issue for users with such mobile
  devices.
           Need for Mobile IP
• Datagram moved from one network to the other
  by routers, which use IP addresses.
• IP address is divided into two parts:
  1. network id
  2. host id
• Most applications over the Internet are
  supported by TCP connections.
          Need for Mobile IP
• TCP uses IP address and port number for
  routing and delivery.
• As a mobile user moves from one network to the
  other, his IP address changes dynamically.
• As a result, any application that uses network
  connectivity needs to restart any ongoing
  communications each time it moves
          Need for Mobile IP
• Mobile IP was developed to deal with the
  problem of dynamically varying IP addresses.
                    Entities
• Mobile Node: A host or router that may change
  its point of attachment from one network to the
  other across the Internet is called a mobile node.
• Correspondent Node: A node that sends a
  packet addressed to a mobile node is called a
  correspondent node.
• Home Agent: A home agent is a node on the
  home network that maintains a list of registered
  mobile nodes in a visitor list.
                    Entities
• Foreign Agent: A foreign agent is a router on a
  foreign network that assists a locally reachable
  mobile node in delivering datagrams between
  the mobile node and the home agent.
Mobile Devices
  slide by Konidala M. Divyan [3]
                      Example
                                                      Network B
                                                  R
Home
network A
                R        Internet
Home Agent                                            Network C
                                                  R
                                                      Corresp.
   R   Router
                                                      Node C
                    slide by Konidala M. Divyan [3]
   Triangle Routing (Mobile IPv4)
                                                                      Network B
                                                        R
Network A    
                    R              Internet
                                                                      Mobile Node
Home Agent                                                           Network C
                                                        R
                                                              
    Corresp. Node C initiates communication with Mobile
      Node and sends packets to MN‘s home address                     Corresp.
                                                                      Node C
    Home Agent intercepts packets and forward them to
      the Mobile Node (proxy functionality)
    Mobile Node replies directly to Corresp. Node C
                            slide by Konidala M. Divyan [3]
 Mobile Node registers at its Home Agent
                                                            Network B
                                                    R
                                                        
Network A    
                 R          Internet                        Mobile Node
Home Agent
                                                            Network C
                                                    R
    Mobile Node sends Binding Update
    Home Agent replies with Binding Acknowledgement        Corresp.
                                                            Node C
                      slide by Konidala M. Divyan [3]
 Mobile IPv6 Roaming
                                                                Network B
                                                       R
Network A                                                       Network D
                                                        R
                  R            Internet                     
Home Agent                                                      Network C
                                                       R
  Mobile Node sends Binding Updates to Home Agent and          Corresp.
    all Corresp. Nodes, which already received a previous       Node C
    Binding Update from this Mobile Node
                          slide by Konidala M. Divyan [3]
                    Protocol
• In order to support mobility, Mobile IP includes
  three capabilities:
  1. Discovery
  2. Registration
  3. Tunneling
                 Discovery
• Mobile Agents send ICMP router advertisements
  with mobility agent advertisement extension
  periodically informing mobile nodes of its
  presence.
• Mobile node is responsible for the discovery
  process.
• In order to receive an advertisement, the mobile
  node may optionally request one from an agent
  or simply wait for the next advertisement.
                Registration
• Mobile node recognizes that it is on a foreign
  network, acquires a Care-of-Address and
  requests its home agent to forward its data
  packets to the foreign agent.
• The process of registration requires 4 steps:
  1. Mobile node request forwarding service by
     sending registration request to the foreign
     agent.
              Registration
2. Foreign agent relays this request to the
home agent.
3. Home agent accepts or denies the
request and sends registration reply to       the
   foreign agent.
4. Foreign agent relays this reply to Mobile
   node.
                  Tunneling
• After registration, an IP tunnel is set up between
  the home agent and care-of-address of the
  mobile node.
• Home agent broadcasts gratuitous ARP request
  which causes all nodes in the subnet to update
  their ARP caches to map the mobile nodes IP
  address to the home agents link level address.
• Thus home agent receives packets destined to
  the mobile node, and forwards the packets to the
  foreign agent through the IP tunnel.
                 Tunneling
• In the foreign network, decapsulation is done by
  the foreign agent or by the mobile node itself.
• A correspondent node assumes that the reply
  from the mobile node is coming from its home
  network and continues to send the packet to the
  home agent.
           Issues in Mobile IP
1. Handoff:
• When mobile node changes its point of
  attachment, a handoff sequence is initiated.
• During or immediately after the handoff , packet
  losses may occur due to delayed propagation of
  new location information which degrades the
  quality of service.
• Solved by introducing access point probing
  functionality in the mobile node to identify the
  current access point it is attached with.
          Issues in Mobile IP
2. Replay attacks:
• A Bad Guy could obtain a copy of a valid
  Registration Request, store it, and then “replay”
  it at a later time, thereby registering a bogus
  care-of address for the mobile node
• To prevent that the Identification field is
  generated is a such a way as to allow the home
  agent to determine what the next value should
  be
                     Mobile IP: Security Issues [4]
           Issues in Mobile IP
• In this way, the Bad Guy is thwarted because
  the Identification field in his stored Registration
  Request will be recognized as being out of date
  by the home agent (timestamps or nonces are
  used for Identification field)
                   Mobile IP: Security Issues [4]
 Business
Perspective
Show me the $$$!!!!!!!
                   Outline
• The Edge
• Impact on Employees and Business Processes
• Mobile IP as a Battleground
• Famous Quotes
• References
                   The Edge
• Consistent Services
• Meet the needs of corporate users
• Least-cost traffic routing
• Protect Proprietary Services
• Roaming across technologies
     Impact on Employees and
       Business Processes
• Increase in work output by 13% [15]
• 50 % of organization (with over $200million
  revenue) have wireless LAN capabilities [15]
• Use of wireless WANs and LANs is expected to
  double by 2006 [15]
• WWAN and WLAN will lead to 10% cost savings
  and 8% saving of network staff time [15]
     Impact on Employees and
       Business Processes
• Mobility enables more freedom and flexibility [15]
• Notebook users experience 27% to 30%
  improvement in time savings, efficiency, and
  effectiveness [15]
• Impact on independence of work, flexibility for
  group activities, face-face meetings, remote
  meetings and e-mail communication [15]
    Mobile IP as a Battleground
• Its not what it seems!!!!!!!!
• Mobile IP as a natural extension
• Cisco’s competitive advantage
• How will it help Wireless Service providers?
                                                 [13]
    Mobile IP as a Battleground
Three main approaches:
• The Cisco Approach [13]
• The key joint venture [13]
• The raft of partnerships [13]
Expert's Quotes
• "The marriage of these two networks can greatly increase
  applications and the productivity to the end user," said Ali
  Tabissi, chief technology and development officer at
  Mobilestar Network Corp.
• "Mobility, along with security, is becoming a key requirement
  for many of our customers," said Johan Fornaeus, CEO,
  Interpeak.
• “Despite the recent downturn in technology stocks, mobile
  data services and wireless computing still hold the
  imagination of the public, the allure of investors, and the
  promise of value-added applications for service providers.
  “Gerry Christensen, Contributing Editor,
  Searchnetworking.com
           Major Competitors in MIP
•   Cisco
•   ipunplugged
•   Secgo
•   Netmotionwireless
•   Giga-wave
•   Intel
•   Columbitech
•   Lucent
•   Nokia
(for more information please go to http://www.dpo.uab.edu/~amit81/index2.htm )
                 Conclusion
“Wireless internet is the next big revolution being
driven by growing maturity of 3G networks and
rapidly increasing convergence of voice and data.
Mobile IP is the key technology in the evolution of
internet protocol from fixed line, fixed host routing
model to a nomadic wireless model [19].”
                               References
[1] William Stallings, Wireless Communication and Networks, Pearson education Inc,   2002.
[2] http://www.hut.fi/~sponkane/tlark/10/MIP.html#luku3
[3] http://caislab.icu.ac.kr/course/2002/autumn/ice615/project/inter_DIV.ppt
[4] http://cs.engr.uky.edu/~singhal/CS685-papers/46
[5] http://www.cs.uky.edu/~singhal/term-papers/mobileIP.doc
[6]http://www.cisco.com/en/US/products/hw/routers/ps272/
   products_configuratio_guide_chapter09186a0080186ffd.html
[7] http://www.cs.uky.edu/~singhal/CS685-papers/Mobile-IP.ppt
[8] http://www.secgo.com/docs/secgo_mip_whitepaper.pdf
[9] http://www.ipunplugged.com/products.asp?mi=2.3
[10] http://www.ipunplugged.com/pdf/imos_41_IPU-20040059_B.pdf
[11] http://www.birdstep.com/collaterals/mip_certification.pdf
[12] http://searchnetworking.techtarget.com
[13] http://www.thefeature.com
[14] http://www.bridgewatersystems.com
[15] http://intel.com
[16] http://www.wi-fiplanet.com/tutorials/article.php/2205821
[17] http://ctd.grc.nasa.gov/5610/publications/E-12548_pp1-7.pdf
[18] http://net.pku.edu.cn/mobile/reference7.pdf
[19] http://www.tcs.com/0_service_practices/ATC_new/Assets/downloads/Mobile_IP.pdf
Thank You.
Questions
   ?
Mobile IP Security
  Security issues in designing a
       Mobile IP system.
• “Ingress Filtering: The mobile node uses its home
  address in the packets it is sending to a corresponding
  node.”[5]
• “Minimize the number of required trusted entities:
  Security may be enhanced, if the number of the required
  trusted entities, i.e., Home Agent, is decreased.”[5]
• “Authentication: Is the process of verifying a claimed
  identity of a node as the originator of a message or the
  identity of a node as the end point of a channel.”[5]
   Security issues in designing a
         Mobile IP system.
• “Authorization: An organization that owns or operates a
  network would need to decide who may attach to this
  network and what network resources may be used by the
  attaching node.”[5]
• “Non-repudiation: In the future wireless Internet, the sender
  of a message should not be able to falsely deny that it
  originated a message at a later time.”[5]
• “Encryption key distribution: The authentication, integrity
  and non-repudiation can only be accurately provided by
  using some form of cryptography which requires the
  distribution/exchange of encryption key information
  amongst message senders and receivers.”[5]
  Security issues in designing a
        Mobile IP system.
• “Location privacy: A sender of a message should be able
  to control which receivers know the location of the
  sender’s current physical attachment to the network.”[5]
• “Firewall support in Mobile IP: If a Mobile Node has to
  enter a private Internet network that is securely protected
  by a firewall, then Mobile IP aware support at this firewall
  is required. In Mobile IP this support is not provided.”[5]
         Security Associations.
• “Security associations establish trust between devices in
  a peer-to-peer relationship.”[6]
• Here are two types of security associations: IPsec and
  IKE.
         Security Associations.
• “IPsec Security Association (IPsec SA): requires that
  separate IPsec SAs be established in each direction to
  provide non-repudiation, data integrity, and payload
  confidentiality.”[6]
• “Internet Key Exchange (IKE): provides negotiation, peer
  authentication, key management, and key exchange.”[6]
                      Summary
• “Mobile IP registration has built-in prevention of denial-
  of-service attacks. Specifically, it is impossible for a Bad
  Guy to lie to a mobile node’s home agent about that
  mobile node’s current care-of address, because all
  registration messages provide authentication of the
  message’s source, integrity checking and replay
  protection.”[7]
  Mobile IP
Business Sector
          Business Sector
Keywords
• IPsec
• AAA
    Factors considered to meet
           Competition
General Aspects
• Interoperability
• ready to meet future changes
• compatible with Existing architecture
• Scalability
• more supporting platforms
• Cost Efficiency
    Factors considered to meet
           Competition
Technical Aspects
• Failover
• Load Balancing
• Server Pools
  Major Companies in the game
• Cisco
• Hewlett Packard
• SunMicrosystems
• Secgo
• Interpeak
• ipUnplugged
• Birdstep (technology)
 Secgo Mobile Solution Features
• No dependence on Media Type
• Flexible Security
• Total Transparency to Applications
• NAT/NAPT Transversal
• Constant Reachability
                 Secgo Products
• Mobile IP Server
Table 1: Snapshot of Secgo Mobile IP Server Features [8]
                Secgo Products
• Mobile IP Client
Table 2: Snapshot of Secgo Mobile IP Client Features [8]
       ipUnplugged Products              [2]
• Roaming Gateway
• Roaming Client
• Roaming Server
Roaming Gateway and Roaming Server act together
         ipUnplugged Products
• Roaming Gateway
Model    Max number      Max encrypted
         of concurrent    throughput
         connections
RGW 50        50           8/21 Mbit/s
                                            Figure 1: RGW 50 [9]
RGW310        1000         44/91 Mbit/s     Figure 2: RGW 310/380 [9]
RGW380        5000         300/324 Mbit/s
    ipUnplugged Mobile Solution
             Features
• Mobile IP Support
• Dynamic Home IP Address Assignment
• Dynamic Home Agent Assignment
• Dynamic Provisioning of MIP/IKE keys to HA
• Mobile IP Tunneling
• Reverse Tunneling
• Triangular Routing [11]
 Birdstep Mobile IP Certification
• Mobile IP e-Learning Certification
  Program Course [12]
• Price for the complete e-learning
  course: USD 740