11.5. SecurityIf the data flow between home agent and mobile node is not secured, there are many possibilities for attacksfor example, Man-in-the-Middle attacks, Hijacking, or Denial of Service attacks. To secure the tunnel between home agent and mobile node, an IPsec tunnel is configured. IPsec ESP is required for Mobile IPv6 messages. The Mobile IPv6 specification details this. The following data flows have to be secured:
All control messages between mobile node and home agent need authentication, integrity, proper sequencing, and anti-replay protection. This protection requires a Security Association between home agent and mobile node. IPsec does not provide any means to control the sequence of messages. A correct sequence is given by the Sequence number in Binding Update and Acknowledgement messages. Higher protection from replay attacks can be provided only when Internet Key Exchange (IKE) is used.
Binding Updates between the mobile node and correspondent node are protected by the SA established during the Return Routability procedure. Binding Updates between the mobile node and correspondent node must also be protected by the Binding Authorization Data option. This option includes a Binding Management Key, which is generated during the Return Routability procedure. A more detailed discussion of Security aspects and mechanisms with Mobile IPv6 can be found in RFC 3775 ("Mobility Support in IPv6") and RFC 3776 ("Using IPsec to Protect Mobile IPv6 Signaling between mobile nodes and home agents"), as well as in general security RFCs. RFC 4285, "Authentication Protocol for Mobile IPv6," specifies an alternate mechanism to secure MIPv6 messages in 3GPP2 networks. It is an informational RFC not reviewed by the IETF and consists of a MIPv6-specific mobility message authentication option that can be added to MIPv6 signaling messages. |