A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Mobile IPv6 Home Link Detection Mechanism Security considerations
Author(s) : A. Ebalard
Filename : draft-ebalard-mext-hld-security-00.txt
Pages : 32
Date : 2009-04-30
MIPv6 defines the concept of Home Network for a MN, in opposition to
the foreign network where this entity may find itself. A ``Home Link
Detection'' mechanism is also specified to allow the MN to detect
when it is at home.
MIPv6 specification mandates the use of IPsec for protecting main
signaling traffic and also defines how IPsec can be used to protect
data traffic between the MN and its HA. Even if optional, it is
expected that many deployments of MIPv6 will use it by default for MN
which may roam outside a trusted infrastructure (e.g. outside a
mobile operator network).
When a MN detects it is at home, it is expected to stop IPsec
protection for data traffic exchanged with its Home Agent. That
event is the result of the Home Return procedure, triggered by the
Home Link Detection mechanism.
This document discusses the possible threats and security impacts
associated with the use of this insecure NDP-based mechanism as a
trigger to drop IPsec protection of data traffic for the MN. It also
provides some results on the implementation of the attacks against an
existing MIPv6 module. Possible solutions are suggested.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ebalard-mext-hld-security-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-ebalard-mext-hld-security-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt