Network Working Group J. Laganier Internet-Draft Qualcomm Inc. Intended status: Experimental October 26, 2010 Expires: April 29, 2011 Authorizing Mobile IPv6 Binding Update with Cryptographically Generated Addresses draft-laganier-mext-cga-01 Abstract The standard RFC 3775 mechanism to secure Mobile IPv6 Binding Updates sent by a Mobile Node to its Home Agent relies on the use of a pair of unidirectional IPsec security associations between these two nodes. The standard mechanism to secure Mobile IPv6 Binding Updates sent by a Mobile Node to one of its Correspondent Nodes relies on the use of a return routability test that involves the Correspondent Node verifying reachability of the Mobile Node at both its Home Address and its Care-of Address. The mechanism also requires the correspondent node to send keying material to both of these addresses. RFC 4866 specifies a standard track mecanism that allows a Mobile Node that has configured a Cryptographically Generated Address (RFC 3972) as its Home Address to secure Mobile IPv6 Binding Updates sent its Correspondent Nodes based on the properties of its Cryptographically Generated Addresses. Note that Cryptographically Generated Addresses have also been used to counter similar security issues in the context of SHIM6 (RFC 5533) and Secure Neighbor Discovery (RFC 3971.) This memo proposes a mechanism that would let a Mobile Node use a similar mechanism to secure Mobile IPv6 Binding Updates its sent to its Home Agent with a similar technique based on the use of Cryptographically Generated Addresses. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months Laganier Expires April 29, 2011 [Page 1] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 29, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Laganier Expires April 29, 2011 [Page 2] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Requirement Levels Key Words . . . . . . . . . . . . . . . . . 6 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Usage Scenario . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Mobile Node Operation . . . . . . . . . . . . . . . . . . . . 9 7. Home Agent Operation . . . . . . . . . . . . . . . . . . . . . 11 8. IPv4 Support . . . . . . . . . . . . . . . . . . . . . . . . . 12 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 10. Security Considerations . . . . . . . . . . . . . . . . . . . 14 11. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 15 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 12.1. Normative References . . . . . . . . . . . . . . . . . . 16 12.2. Informative References . . . . . . . . . . . . . . . . . 16 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17 Laganier Expires April 29, 2011 [Page 3] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 1. Introduction The standard RFC 3775 [RFC3775] mechanism to secure Mobile IPv6 Binding Updates sent by a Mobile Node to its Home Agent relies on the use of a pair of unidirectional IPsec security associations between these two nodes [RFC4877]. The standard mechanism to secure Mobile IPv6 Binding Updates sent by a Mobile Node to one of its Correspondent Nodes relies on the use of a return routability test that involves the Correspondent Node verifying reachability of the Mobile Node at both its Home Address and its Care-of Address. The mechanism also requires the correspondent node to send keying material to both of these addresses. RFC 4866 [RFC4866] specifies a standard track mecanism that allows a Mobile Node that has configured a Cryptographically Generated Address [RFC3972] as its Home Address to secure Mobile IPv6 Binding Updates sent its Correspondent Nodes based on the properties of its Cryptographically Generated Addresses. Note that Cryptographically Generated Addresses have also been used to counter similar security issues in the context of SHIM6 [RFC5533] and Secure Neighbor Discovery [RFC3971]. This memo proposes a mechanism that would let a Mobile Node use a similar mechanism to secure Mobile IPv6 Binding Updates its sent to its Home Agent with a similar technique based on the use of Cryptographically Generated Addresses. Laganier Expires April 29, 2011 [Page 4] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 2. Disclaimer This Internet Draft is still Work in Progress. Laganier Expires April 29, 2011 [Page 5] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 3. Requirement Levels Key Words The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Laganier Expires April 29, 2011 [Page 6] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 4. Terminology Other terms used throughout this document are defined in the relevant documents: [RFC3775], [RFC4866], [RFC3972]. Laganier Expires April 29, 2011 [Page 7] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 5. Usage Scenario The mechanism described herein is useful in situations where there is a desire not to depend on IPsec for protection of the Mobile IPv6 signaling between the Mobile Node and the Home Agent. Laganier Expires April 29, 2011 [Page 8] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 6. Mobile Node Operation A Mobile Node sends a Binding Update message to its Home Agent when any of the following applies: o It is needs to establish a new binding because it is away from the home link and first attaches to a foreign link. o It attaches to a different foreign link and needs to update the binding with its new care-of address. o It needs to refresh a binding because it is about to expire. o It needs to acquire a new permanent home keygen token for the binding, either because it does not have one yet, or because the current permanent home keygen token is going to become unusable due to the sequence number being about to roll over since the token was acquired. o It needs to deregister an existing binding. In any of these cases, the Mobile Node sends a Binding Update message to the home agent. The Binding Update message is authenticated by one of the following two authentication methods: o If the Mobile Node does not have a usable permanent home keygen token in its Binding Update List entry for the home agent, the mobile node MUST authenticate the Binding Update message based on the CGA property of its home address. The Binding Update message MUST omit the Binding Authorization Data option and MUST include the following options: * a CGA Parameters option for the Cryptographically Generated Home Address of the Mobile Node as per [RFC4866]. * a Timestamp option as per [RFC5213]. * a Signature option as per [RFC4866]. o If the Mobile Node has a usable permanent home keygen token in its Binding Update List entry for the home agent, the mobile node MUST authenticate the Binding Update message by a proof of its knowledge of the permanent home keygen token. The Binding Update message MUST omit the CGA Parameters, Timestamp, and Signature options and MUST include the following option: * a Binding Authorization Data option whose authenticator for the Binding Update message is calculated based on the permanent Laganier Expires April 29, 2011 [Page 9] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 home keygen token alone. The care-of keygen token is set to zero while calculating the authenticator. Laganier Expires April 29, 2011 [Page 10] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 7. Home Agent Operation A Home Agent MUST accept a Binding Update message from a Mobile Node and maintain accordingly the corresponding Binding Cache Entry if the Binding Update message can be authenticated as follows: o If the Binding Update message does not contain a Binding Authorization Data option, the Mobile Node does not have a usable permanent home keygen token in its Binding Update List entry for the home agent, and the Home AGent MUST authenticate the Binding Update message based on the CGA property of the Mobile Node home address. The Binding Update message MUST include the following options: * a CGA Parameters option for the Cryptographically Generated Home Address of the Mobile Node as per [RFC4866]. * a valid Timestamp option as per [RFC5213]. That is, if there is no existing Binding Cache Entry, the time offset between the Timestamp and local Home Agent clock is recorded in the Binding Cache Entry. If there exists a Binding Cache Entry, the Timestamp MUST not differ from the local Home Agent clock for more than 1.5 times the time offset recorded in the Binding Cache Entry. * a valid Signature option as per [RFC4866]. o If the Binding Update message contains a Binding Authorization Data option, the Mobile Node has a usable permanent home keygen token in its Binding Update List entry for the home agent, and the Home Agend MUST authenticate the Binding Update message by proof of the Mobile Node's knowledge of the permanent home keygen token by verifying that the authenticator in the Binding Authorization Data option is calculated based on the permanent home keygen token with the care-of keygen token set to zero. If the Binding Update message has been authenticated based on the CGA property of the Mobile Node home address, the Home Agent MUST include a new permanent Home Keygen Token in the Binding Acknowledgment. Laganier Expires April 29, 2011 [Page 11] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 8. IPv4 Support This mechanism can be used when the Mobile Node is attached to an IPv4-only foreign link by leveraging on [I-D.ebalard-mext-m6t]. IPv4 applications can be supported via assigning an IPv4 Home Address as described in [RFC5555]. Laganier Expires April 29, 2011 [Page 12] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 9. IANA Considerations There are no IANA considerations yet for this specification. Laganier Expires April 29, 2011 [Page 13] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 10. Security Considerations There are no security considerations yet for this document. Laganier Expires April 29, 2011 [Page 14] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 11. Acknowledgment The author acknowledge prior work in the area of Mobile IPv6 security based on Cryptographically Generated Addresses, Statistically Unique and Crypgraphically Verifiable Identifiers, and more. Laganier Expires April 29, 2011 [Page 15] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 12. References 12.1. Normative References [I-D.ebalard-mext-m6t] Ebalard, A., "MIPv6 from IPv4-only networks", draft-ebalard-mext-m6t-02 (work in progress), September 2010. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005. [RFC4866] Arkko, J., Vogt, C., and W. Haddad, "Enhanced Route Optimization for Mobile IPv6", RFC 4866, May 2007. [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. [RFC5555] Soliman, H., "Mobile IPv6 Support for Dual Stack Hosts and Routers", RFC 5555, June 2009. 12.2. Informative References [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. [RFC4877] Devarapalli, V. and F. Dupont, "Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture", RFC 4877, April 2007. [RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming Shim Protocol for IPv6", RFC 5533, June 2009. Laganier Expires April 29, 2011 [Page 16] Internet-Draft MIPv6 Binding Updates CGA Authorization October 2010 Author's Address Julien Laganier Qualcomm Incorporated 5775 Morehouse Drive San Diego, CA 92121 USA Phone: +1 858 658 3538 Email: julienl@qualcomm.com Laganier Expires April 29, 2011 [Page 17]