Chapter 6: Mobile IP

• This is an IETF (Internet Engineering Task Force) standard

communications protocol designed to allow mobile devices
users to move from one network to another while maintaining
their permanent IP (Internet Protocol) address.

• mobile IP is an enhancement of the internet protocol (IP)

• It adds mechanisms for forwarding internet traffic to mobile

devices (known as mobile nodes) when they are connecting
through other than their home network.
1
2
 Components of Mobile IP

• The mobile IP has following three components as follows:

• Mobile Node (MN)
• The mobile node is an end system or device whose software
enables network roaming capabilities.
• Home Agent (HA)
• The home agent provides several services for the mobile node
and is located in the home network.
• The tunnel for packets towards the mobile node starts at home
agent.
• The home agent maintains a location registry, i.e. it is informed
of the mobile node's location by the current COA (care of
address).
3
 Components of Mobile IP(cont’d…)

• Foreign Agent (FA)

• The foreign agent can provide several services to the mobile node
during its visit to the foreign network.
• The FA can have the COA (care of address) acting as a tunnel
endpoint and forwarding packets to the MN.
• The foreign agent can be the default router for the MN.
• Foreign agent can also provide security services because they
belong to the foreign network as opposed to the MN which is only
visiting.
• FA is a router that may function as the point of attachment for the
mobile node when it roams to a foreign network delivers packets
from the home agent to the mobile node.
4
 Components of Mobile IP(cont’d…)

• Care of Address (COA)

• The Care- of- address defines the current location of the mobile
node from an IP point of view.

• All IP packets sent to the MN are delivered to the COA, not directly
to the IP address of the MN. Packet delivery toward the mobile
node is done using a tunnel.

• To be more precise, the COA marks the endpoint of the tunnel, i.e.
the address where packets exit the tunnel.
5
 Components of Mobile IP(cont’d…)

• Correspondent Node (CN)

• At least one partner is needed for communication. The correspondent
node represents this partner for the MN.
• The correspondent node can be a fixed or mobile node.
• Home Network
• The home network is the subset the MN belongs to with respect to its IP
address. No mobile IP support is needed within this network.
• Foreign network
• The foreign network is the current subset the MN visits and which is not
the home network.

6
 Process of Mobile IP

• The mobile IP process has following three main phases, which are:
 Agent Discovery
• During the agent discovery phase the HA and FA advertise their
services on the network by using the ICMP router discovery protocol
(IROP).
• Mobile IP defines two methods: agent advertisement and agent
solicitation which are in fact router discovery methods plus
extensions.

7
 Process of Mobile IP(cont’d…)

• Agent advertisement: For the first method, FA and HA advertise their

presence periodically using special agent advertisement messages.

• These messages advertisement can be seen as a beacon broadcast into

the subnet.

• For this advertisement internet control message protocol (ICMP)

messages according to RFC 1256, are used with some mobility
extensions.

• Agent solicitation: If no agent advertisements are present or the inter

arrival time is too high, and an MN has not received a COA, the mobile
node must send agent solicitations. 8
Process of Mobile IP(cont’d…)

 Registration

• The main purpose of the

registration is to inform the
home agent, the current
location to forward packets
correctly.

9
 Process of Mobile IP(cont’d…)

• If the COA is at the FA, the MN sends its registration request containing
the COA to the FA which is forwarding the request to the HA.

• The HA now set up a mobility binding containing the mobile node's

home IP address and the current COA.

• Additionally, the mobility biding contains the lifetime of the registration

which is negotiated during the registration process.

• Registration expires automatically after the lifetime and is deleted; so

a mobile node should register before expiration.

10
 Process of Mobile IP(cont’d…)

• After setting up the mobility binding, the HA send a reply

message back to the FA which forwards it to the MN.

• If the COA is co-located, registration can be very simpler.

• The mobile node may send the request directly to the HA

and vice versa.

11
 Process of Mobile IP(cont’d…)

 Tunneling
• A tunnel is used to establish a virtual pipe for data packets
between a tunnel entry and a tunnel endpoint.
• Packets which are entering in a tunnel are forwarded inside
the tunnel and leave the tunnel unchanged.
• Tunneling, i.e., sending a packet through a tunnel is achieved
with the help of encapsulation.
• Tunneling is also known as "port forwarding" is the
transmission and data intended for use only within a private,
usually corporate network through a public network.

12
 Infrastructure-based wireless networks
g Typical wireless network: Based on infrastructure
i E.g., WLAN, GSM, cellular networks, …
i Base stations connected to a wired backbone network
i Mobile nodes communicate wirelessly to these base stations
i Traffic between different mobile nodes is relayed by base
stations and wired backbone
i Mobility is supported by switching from one base station to
another
i Backbone infrastructure required for administrative tasks

h er Gateways IP backbone
u rt ork
F tw
ne s
Server
Router

13
 Infrastructure-based wireless networks – Limits?

g What if …

i No infrastructure is available?
– E.g., in disaster areas
i It is too expensive/inconvenient to set up?
– E.g., in remote, large construction sites
i There is no time to set it up?
– E.g., in military operations, Battle field

14
 Solution: (Wireless) ad hoc networks
g Try to construct a network without infrastructure, using
networking abilities of the participants
i This is an ad hoc network – a network constructed “for a
special purpose”
g Simplest example: Laptops in a conference room –
a single-hop ad hoc network

15
 Why Ad Hoc Networks ?

g Ease of deployment

g Speed of deployment

g Decreased dependence on infrastructure

16
 What is an Ad hoc Network?

g Collection of mobile wireless nodes forming a

network without the aid of any infrastructure or
centralized administration
g Nodes have limited transmission range
g Nodes act as a routers

17
 MANET: Mobile Ad hoc Networks
A collection of wireless mobile nodes dynamically forming
network topology without any existing infrastructure.

18
 MANET…
 Key features:
– Dynamic network topology
– Distributed network nature
– Multihop communication
– Limited bandwidth
– Energy constrains
– Vulnerability to intruders and
malicious attacks
 Advantages:
– Easy to develop
– No infrastructure required

19
 MANET: Applications
g Personal area networking
i cell phone, laptop, ear phone, wrist watch
g Military environments
i soldiers, tanks, planes
g Civilian environments
i meeting rooms
i sports stadiums
i boats, small aircraft
g Emergency operations
i search-and-rescue
i policing and fire fighting

20
 MANET: Applications…
g Military applications
i Situational Awareness (SA) and Command and
Control (C2) for military.

21
 Applications for infrastructure-less networks
g Disaster recovery g Car-to-car
communication

· Search-and-rescue in an flood, storm, any disaster recovery

· Personal area networking (watch, glasses, PDA, medical
appliance, …)
· …
22
 MANET: Applications…
g Classroom
i Ad hoc network between student PDAs and laptop of the instructor
g Large IT campus
i Employees of a company moving within a large campus with PDAs,
laptops, and cell phones

g Moving soldiers with wearable computers

i Eavesdropping, denial-of-service and impersonation attacks can be
launched

g Shopping mall, restaurant, coffee shops

i Customers spend part of the day in a networked mall of specialty
shops, coffee shops, and restaurants 23
 MANET: Many Variations
g Fully Symmetric Environment
i all nodes have identical capabilities and responsibilities

g Asymmetric Capabilities
i transmission ranges and radios may differ
i battery life at different nodes may differ
i processing capacity may be different at different nodes
i speed of movement

g Asymmetric Responsibilities
i only some nodes may route packets
i some nodes may act as leaders of nearby nodes (e.g., cluster head)
24
 MANET: Many Variations…
g Traffic characteristics may differ in different mobile ad hoc networks
i bit rate (bandwidth fluctuation)
i timeliness constraints (CBR, VBR, FTP)
i reliability requirements (TCP, UDP)
i unicast / multicast / geocast
i host-based addressing / content-based addressing / capability-based addressing

g May co-exist (and co-operate) with an infrastructure-based network

25
 MANET: Many Variations…

g Mobility patterns may be different

i People sitting at an airport lounge, Cafeteria,
Shopping mall,…
i Movement of cars
i Military movements
i Pedestrian or train mobility…

26
MANET: Characteristics, complexities, and
design constraints
g Autonomous and infrastructure-less:
i MANET does not depend on any established infrastructure
or centralized administration, such as base stations, for
their operations.
g Multi-hop routing:
i No default router is available. Every node works as a router
and forwards each others’ packets to provide information
sharing between mobile nodes.
g Dynamically changing network topologies:
i In MANET, nodes can move randomly and arbitrarily. Due to
the random movement of nodes, the network topology
changes frequently and unpredictably, which results in:
1- Route changes
2- Frequent network partitions and possibly
3- Packet losses. 27
MANET: Characteristics, complexities, and design constraints…
g Bandwidth optimization:
i Wireless links have basically lower capacity than the wired links.
g Limited resources:
i Mobile nodes depend on limited battery power, processor speed, and
storage capacity.
g Scalability:
i Mobile network shall be able to provide all the services in the presence of
large number of nodes.

28
 MANET: Characteristics, complexities, and
design constraints…
g Infrastructure-less and self operated:
i There is no fixed infrastructure or base station that
coordinates the operation of mobile nodes.
• Each node should participate, cooperate, and acts as a
router to manage and forward each other’s packet.
g Poor Transmission Quality:
i high bit error rate (BER), which results from signal
attenuation, is a typical characteristic of ad hoc networks.
g Limited physical security:
i In MANET,
• the topology of the network changes dynamically and
• nodes can enter and leave the network without any
authentication
– It is very much vulnerable to different types of
security attack. 29
 Introduction to wireless network security

• When wireless devices in a network are "open" or unsecured, they're

accessible to any Wi-Fi-enabled device, such as a computer or
smartphone, that's within range of their wireless signals.
• Using open or unsecured networks can be risky for users and
organizations.
• Adversaries using internet-connected devices can collect users' personal
information and steal identities, compromise financial and other sensitive
business data, "eavesdrop" on communications, and more.
30
 protecting Wi-Fi network

• One basic best practice for Wi-Fi security is to change default

passwords for network devices.
• Most devices feature default administrator passwords, which are meant
to make setup of the devices easy.
• However, the default passwords created by device manufacturers can
be easy to obtain online.
• Changing the default passwords for network devices to more-complex
passwords—and changing them often—are simple but effective ways to
improve Wi-Fi security
31
 Wi-Fi network security methods
g Media Access Control (MAC) addresses
• Another basic approach to Wi-Fi security is to use MAC addresses,
which restrict access to a Wi-Fi network.
• (A MAC address is a unique code or number used to identify individual
devices on a network.)
• While this tactic provides a higher measure of security than an open
network, it is still susceptible to attack by adversaries using "spoofed" or
modified addresses.

32
 Wi-Fi network security methods(cont’d…)
g Encryption
• A more common method of protecting Wi-Fi networks and devices is the
use of security protocols that utilize encryption.
• Encryption in digital communications encodes data and then decodes it
only for authorized recipients.
• There are several types of encryption standards in use today, including
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2).
• Most newer network devices, such as access points and Wi-Fi routers,
feature built-in wireless-security encryption protocols that provide Wi-Fi
protection.
33
 Wi-Fi network security methods(cont’d…)

g Virtual private networks (VPNs)

• VPNs are another source of Wi-Fi network security.
• They allow users to create secure, identity-protected tunnels between
unprotected Wi-Fi networks and the internet.
• A VPN can encrypt a user's internet connection.
• It also can conceal a user's IP address by using a virtual IP address it
assigns to the user's traffic as it passes through the VPN server.

34
 Wi-Fi security software
• A vast array of security software aimed at the consumer and enterprise
markets can provide protection to wireless networks and Wi-Fi-enabled
devices such as routers, switches, controllers, and access points.
• Many of these solutions are downloadable to wireless LANs (WLANs)
and mobile devices.
• Some newer software solutions designed to secure Wi-Fi are built into
the backbone of the internet and are available via cloud platforms.
• These solutions provide a first line of defense against breaches of
wireless networks by preventing users from accessing malicious sites.
35
 wireless security protocols

• WEP
• The first wireless security protocol was WEP (Wired Equivalent Privacy).
• It was the standard method of providing wireless network security from
the late 1990s until 2004.
• WEP was hard to configure, and it used only basic (64-/128-bit)
encryption.
g WPA
• WPA (Wi-Fi Protected Access) was developed in 2003.
• It delivers stronger (128-/256-bit) encryption than WEP by using a
security protocol known as Temporal Key Integrity Protocol (TKIP).
36
 wireless security protocols(cont’d…)
g WPA2
• WPA2, a later version of WPA, was developed in 2004.
• It's easier to configure and provides even greater network security than WPA by
using a security protocol known as the Advanced Encryption Standard (AES).
g WPA3
• A new generation of WPA, known as WPA3, is designed to deliver simpler
configuration and even stronger (192-/256-/384-bit) encryption and security
than any of its predecessors.
• It is also meant to work across the latest Wi-Fi 6 networks.

37
 Wi-Fi network security devices
g Active device
• There are several types of commercially available devices that can
provide network security by blocking adversarial attacks and unwanted
network traffic.
• One type is known as an "active" device, which is hardware configured
to block surplus network traffic.
• Examples of these devices for Wi-Fi network security include firewalls,
antivirus scanners, and content-filtering devices.

38
 Wi-Fi network security devices(cont’d…)

g Passive device
g Passive Wi-Fi network security devices detect and report on unwanted
network traffic.
g Passive devices use less power than other Wi-Fi devices.
g They also have an extra layer of security because they can
communicate with Wi-Fi routers only when the routers are seeking them.
g That extra layer makes man-in-the-middle (MITM) attacks more difficult.
g In an MITM attack, an adversary attempts to intercept communications
between two parties to "listen in" on their activity or to modify the traffic
traveling between them.

39
 Wi-Fi network security devices(cont’d…)

g Preventive device
• A preventive device, such as a wireless intrusion prevention system
(WIPS), can scan networks to identify potential security issues.
• A WIPS can be integrated into networks or overlaid using standalone
sensors.
• Some WIPSs, however, conduct only intermittent monitoring, leaving
networks occasionally vulnerable.

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 Wi-Fi network security devices(cont’d…)

g Unified threat management (UTM) systems

• UTM systems incorporate vital elements of network security: firewalls,
content filtering, VPN, antivirus detection, and others.
• A UTM system offers a simplified way to integrate multiple security
functions.
• It provides these functions at a single point on the network, eliminating
the need for point solutions from multiple vendors.
• UTM devices can be network hardware appliances, virtual appliances, or
cloud services.
162
 Wi-fi threats
g IP spoofing
• Attackers use IP spoofing to penetrate wireless networks by
impersonating trusted IP addresses.
• This approach may allow attackers to plant malware, initiate distributed-
denial-of-service (DDoS) attacks, or carry out other nefarious acts.
g DNS-cache poisoning
• Wireless networks are also susceptible to a threat known as DNS-cache
poisoning, often called DNS spoofing.
• This tactic involves hacking a network and diverting network traffic to an
attacker's computer or server or to another out-of-network device.
• The risk for users is connecting to a malicious version of a legitimate
network they want to access.

163
 Wi-fi threats(cont’d…)

g Piggybacking
• bad actors can use open or unsecured wireless networks to conduct
illegal activity, monitor web traffic, steal information, and more.
• They can do this by "piggybacking" on the internet service of real
subscribers.
• The bad actors tap into the unsecure service to set up their own internet
connections, without the legitimate users' knowledge.

164