[Mip4] Secure Mobile Networking Deployment

To: mip4@ietf.org, nemo@ietf.org
Subject: [Mip4] Secure Mobile Networking Deployment
From: William D Ivancic <wivancic@grc.nasa.gov>
Date: Thu, 18 Sep 2003 08:29:03 -0400
Cc: sharon Gowan <sgowan@bbn.com>
In-reply-to: <5.1.0.14.2.20030911083507.03b53850@po2.bbn.com>
List-help: <mailto:mip4-request@ietf.org?subject=help>
List-id: Mobility for IPv4 <mip4.ietf.org>
List-post: <mailto:mip4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mip4>,<mailto:mip4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>,<mailto:mip4-request@ietf.org?subject=unsubscribe>
Sender: mip4-admin@ietf.org

We recently / currently have secure mobile networking deployed in and "experimental" operational setting onboard a US Coast Guard Cutter. The system is described in the following paper, "Securing Mobile Networks in an Operational Setting."   This may be of interest to mip4 and nemo regarding multihoming and security issues and actual problems that needed to be solved to deploy this over the Open Internet.

http://roland.grc.nasa.gov/~ivancic/papers_presentations/IEEE_PID24402.pdf

Abstract—This paper describes a network demonstration
three month field trial of mobile networking using
IPv4. The network was implemented as part of the
Guard operational network which is a ".mil" network
requires stringent levels of security. The initial demonstrations
took place in November 2002 and a three month field
place from July through September of 2003. The
network utilized encryptors capable of NSA-approved
algorithms, mobile router from Cisco Systems and 802.11
satellite wireless links. This paper also describes a conceptual
architecture for wide-scale deployment of secure
networking in operational environments where both
and public infrastructure is used. Additional issues
include link costs, placement of encryptors and
routing protocols over layer-3 encryption devices.

We are currently working with T-Mobile and then Verison Wireless in the US to be able to deploy mobile-IPv4 over GPRS (56 kbps) and CDMA (114 kbps).   There appears to be a lot of NAT / PAT and administrative filtering issues that we are trying to resolve. Hopefully, what we learn with IPv4 can be applied to IPv6. We will pass whatever useful information we can on to these groups.

Another area we just completed was deploying and IPv4 mobile network that can move between the NASA Private address space and the public address space. This wasn't terribly difficult, but required a lot of coordination with the security personnel controlling the firewalls. We are trying to understand how the firewall rule impact features like dynamic home agent deployment.   Once completed, we will document this and pass the information on.

Will

Follow-Ups:
- Re: [Mip4] Secure Mobile Networking Deployment
  - From: Henrik Levkowetz

References:
- [Mip4] How widely deployed is MIPv4?
  - From: Sharon Gowan

Prev by Date: RE: PLEASE ignore previous email, was sent accidently [Mip4] New Issue: 3102bis Stale Challenge may cause a DOS
Next by Date: [Mip4] MIP4 Issue Tracker
Previous by thread: [Mip4] How widely deployed is MIPv4?
Next by thread: Re: [Mip4] Secure Mobile Networking Deployment
Index(es):
- Date
- Thread

[Mip4] Secure Mobile Networking Deployment

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.