Notes for Lecture- 21

MCA 206: Advanced Computer Networks

1.Introduction to Mobile IP

In the present day Internet, the identity of a host and the physical location of the machine are
intertwined (or tightly coupled). Mobile IP tries to decouple this Identity-Location pair by
providing a level of Indirection. There are many other instances in which we see this level of
indirection i.e. situations in which identity is independent of the location.
E.g. a. File System: The filename is independent of it’s location on a Fileserver

b. Mobile Phones: The phone # is independent of the current location of the user (it is the
same wherever the user may be)

Basic Terminology related to Mobile IP

The following terminologies are relevant in the Mobile IP Architecture:

Mobile Host: A host that may connect to the Internet in the networks other than its own home
network, while still using its home address.

Correspondent Host: A host communicating with another host. This term is used when it is not
relevant whether this host is mobile or a stationary host.

Home Address: An address used to identify a mobile host, no matter where it may currently be
located.

Home Network: The (logical) network on which a mobile host’s home address resides.

Care-of Address: An address that defines the location of the mobile host at some particular
instant of time. Packets addressed to the mobile host will arrive at this address.

Foreign agent: An agent that offers a care-of address for visiting mobile hosts, and delivers
arriving packets addressed tone of these mobile hosts locally to the mobile host.

Home agent: An agent that maintains information about the current care-of address of each of
the mobile hosts it configured to serve, and that forwards packets (addressed to any of these
mobile hosts) to the care-of address for that mobile host.

2. Addressing :

Mobile IP has two addresses for a mobile host: one home address and one care-of address. The
home address is permanent; the care-of addresses changes as the mobile host moves from one
network to another.

1
3. Three Phases

3.1 Agent Discovery

Agent Discovery can be done in two ways: Agent Advertisement and Agent Solicitation.

3.1.1 Agent Advertisement

Mobile IP does not use a new packet type for agent advertisement; it uses the router
advertisement packet of ICMP, and appends an agent advertisement message.

3.1.2 Agent Solicitation

Mobile IP does not use a new packet type for agent solicitation; it uses the router solicitation
packet of ICMP.
2
3.2 Registration

A registration request or reply is sent by UDP using the well-known port 434.

3.3 Data Transfer

The movement of the mobile host is transparent to the rest of the Internet.

4. Basic Operation

An inherent feature of a mobile host is that it may move anywhere throughout the IP
internetwork. It is assigned a constant IP address on a home network, known as its home address.
Correspondent hosts may always use the home address to address to address packets to a mobile
host.

3
A mobile host has a home agent, which it is attached to its home network. Each home agent
maintains a list of mobile hosts that it is configured to serve along with their respective current
locations. This list is known as home list.

When a mobile host connects to the network, it must perform a registration process before
packets will be delivered to it. Each foreign agent maintains a list known as visitor list, which
identifies those mobile hosts that are currently registered with it. The address of the foreign
agent, supplied as the mobile host’s care-of address, defines the mobile host’s current location.
The combination of a home address and a care-of address is known as a binding. The
registration protocol ensures that a mobile host’s home agent learns about the new binding of any
mobile host it serves. The registration protocol also notifies the previous foreign agent(s) that the
mobile host has moved.

Any node may cache the current binding of a mobile host in order to be able to forward packets
directly to that mobile host. A mobile host’s previous foreign agent may cache the new binding
of the mobile host form the notification sent during the new registration; this cache entry serves
as the a “forwarding pointer” to allow packets to be forwarded to its new location.

The Mobile IP must direct the packets destined to a mobile host to its current known location
(care-of address). Tunneling technique is employed to send packets to a mobile host’s current
location. Tunneling involves the use of an encapsulation protocol which involves encapsulation
of the data packet to reach the tunnel endpoint, and decapsulation when the packet is delivered at
that endpoint. The default tunnel mode is IP Encapsulation within IP Encapsulation.

5.Handoffs

Handoffs is the phenomena of the Mobile Agent moving from one Foreign Agent to another
.This have a little latency. Here we can have two possibilities.

 Mobile Host can notify previous FA immediately so that further packets coming to the
previous Foreign Agent are forwarded to the new one.
 The Home Agent can hold simultaneous binding .This means for every packet that arrives
at the Home Agent, it will make copies and will send it to all the Foreign Agents, which
are currently in his list.

6. Security Issues in Mobile IP

6.1 Authentication between Mobile Host and Home Agent

 There can be a key sharing between Home Agent and Mobile Host.
While sending the Care Of Address (COA) to the Home Agent it should send encrypted
data using the private key k i.e it should send k (COAnew, HAaddress).
Is this enough........? No... why??Because any other Mobile node can cache this packet
and after the authentic node is gone or is off, this node can use this packet to receive all
the information intended to the real node .This attack is called the Replay Attack. What

4
 can be done to avoid this ?...yes time stamping can be done, This is helpful in
distinguishing the illegal sender. Instead of time stamping we can also have some random
numbers shared between the Home Agent and the Mobile Host. the Mobile Host will also
add a random number in the packet while sending the encrypted packet.
 One more possible way is the "Challenge Response" .But this is not desirable here as this
will create a undue latency which is not acceptable as these COA updates has to fast.

How to avoid the triangular routing?

 Home Agent sends a binding update to the CH as soon as it sees the first redirected
packet, so that further communication can be direct i.e between CH and Mobile Agent
.For this we need a authentication protocol between Home Agent and CH .But the CH are
many ,we don't know before hand about them. So what can be done?...send this
information in a plain text.
 CH can ask Home Agent for binding updates. It can be shown that the security level in
this case is same as the current Internet standards. Lets see how. Here a attacker has to be
in between CH and Home Agent to attack. Also to send spurious binding update to CH ,
It has to be in the same network in which the Home Agent is .This means a node in the
same network can cause problem ,which can also be done in the current standards of the
Internet. An agent can send packets by using any source address as far as the address
belongs to its network , this way the routers (even they have source filtering) will not
reject the packet.

6.2 Security Association between Mobile Host and the Foreign Host

The security association between the mobile host and foreign should be established when Mobile
Host is getting services from Foreign Agent. So that while sending information about a new
Foreign Agent the Mobile Host can use this shared key to update the information at the old
Foreign Agent.