General

Mobile Security Flaws Send
IPv6 Back to the Drawing Board

Just when the bull was about to be released from the chute, someone pulled its tail. After a decade of work, a security flaw in the proposed Mobile IPv6 (MIPv6) protocol has some concerned that its release could be delayed again.

by Jim Thompson [May 9, 2001]

The new found security problem has the Internet Engineering Task Force (IETF) going back to the drawing board to find a new method of authenticating mobile devices that use IPv6 addresses.

MIPv6 is a sub-set or "value-added" feature of IPv6. It's important to note that any problems with MIPv6 will have no direct effect on the functionality of the core IPv6 protocol. However, a delay in MIPv6 could have a definite effect on the acceptance of the protocol, since many view wireless applications as wanton for the "killer app" that will push early adoption of IPv6 out of the chute.

"It would be dangerous to pursue IPv6 mobility with the care of address notification unless some reasonable security mechanism is part of the design," said Stephen Kent, chief scientist, information security for BBN Technologies.

Smoke and mirrors
However, not everyone sees this as a major problem and consider MIPv6 more teapot than tempest. Thomas Narten, board member of the IPv6 Forum, makes the case that such discoveries are normal in the course of rolling out a new protocol.

"It needs to be put into perspective," Narten said. "Is IPv6 critically dependent MIPv6? Absolutely not. MIPv6 is of interest to some communities, but my understanding is that delaying the MIPv6 spec by a few months while the security issues that have been raised are worked out is not a significant issue."

The major selling point for IPv6 is that it opens up a nearly unlimited number of network addresses by replacing the 32-bit addressing scheme of IPv4 with 128-bit addresses. An "unlimited" number of addresses means a nearly "infinite" number of individually identifiable systems on the Net. This is critical when it comes to mobile devices and wireless applications.

Under IPv4, mobile devices are authenticated through their home address. Under this scheme, they must constantly get new local IP addresses as they tell their home address that they have moved to a new location. Any communication to or from the mobile device has to pass through the home address before being sent to the temporary location.

It's a bit like trying to hit a moving target with an arrow using a bank shot off a fixed object. It can be done, but not without a lot of skill, patience and extra time.

Binding updates
Under MIPv6, a new class of messages dubbed binding updates confirm the identity of a device, even if it's moving. This method allows communications to go directly to the mobile device without first passing through the home address, resulting in an increase of both speed and efficiency.

But there's a fly in the ointment. Experts have discovered that IPSec doesn't work properly with binding update messages.

Originally, MIPv6 was to provide an additional layer of security by avoiding attacks at the router. Such "man-in-the-middle" attacks are common under IPv4. Unfortunately, IPSec requires a Public Key Infrastructure (PKI) that has not yet been deployed. Additionally, the key management component of IPSec requires intensive processing by the mobile devices.

"There is no global Public Key Infrastructure, so there is no way to setup a secure IPSec association," said Jeffrey Schiller, co-area director for security at the IETF and network manager at MIT (Massachusetts Institute of Technology). "There needs to be a common authentication infrastructure which is amazingly hard to do. It's not a technical problem, it's a political problem."

After considering these problems, the IETF asked the Mobile IP working group to find an alternative for securing binding updates for IPv6. The result of the new order is a possible delay in the release.

Go to page 2: What Is To Be Done? >