rfc3012.txt   draft-ietf-mip4-rfc3012bis-00.txt 
Network Working Group C. Perkins Mobile IP Working Group Charles E. Perkins
Request for Comments: 3012 Nokia Research Center INTERNET DRAFT Nokia Research Center
Category: Standards Track P. Calhoun 17 October 2003 Pat R. Calhoun
Sun Microsystems Laboratories Black Storm Networks
November 2000 Jayshree Bharatia
Nortel Networks
Mobile IPv4 Challenge/Response Extensions Mobile IPv4 Challenge/Response Extensions (revised)
draft-ietf-mip4-rfc3012bis-00.txt
Status of this Memo Status of This Memo
This document specifies an Internet standards track protocol for the This document is a submission by the mobile-ip Working Group of the
Internet community, and requests discussion and suggestions for Internet Engineering Task Force (IETF). Comments should be submitted
improvements. Please refer to the current edition of the "Internet to the mobile-ip@sunroof.eng.sun.com mailing list.
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2000). All Rights Reserved. This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Abstract Abstract
Mobile IP, as originally specified, defines an authentication Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a extension (the Mobile-Foreign Authentication extension) by
mobile node can authenticate itself to a foreign agent. which a mobile node can authenticate itself to a foreign agent.
Unfortunately, this extension does not provide ironclad replay Unfortunately, that extension does not provide the foreign agent any
protection for the foreign agent, and does not allow for the use of direct guarantee that the protocol is protected from replays, and
existing techniques (such as CHAP) for authenticating portable does not allow for the use of existing techniques (such as CHAP [10])
computer devices. In this specification, we define extensions for for authenticating portable computer devices.
the Mobile IP Agent Advertisements and the Registration Request that
allow a foreign agent to use a challenge/response mechanism to
authenticate the mobile node.
Table of Contents In this specification, we define extensions for the Mobile IP Agent
Advertisements and the Registration Request that allow a foreign
agent to use a challenge/response mechanism to authenticate the
mobile node.
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 Furthermore, this document updates RFC 3344 [7] by including new
2. Mobile IP Agent Advertisement Challenge Extension . . . . . 3 authentication extension called the Mobile-AAA Authentication
3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . 3 extension. This new extension is provided so that a mobile node
3.1. Mobile Node Processing for Registration Requests . . . 3 can supply credentials for authorization using commonly available
3.2. Foreign Agent Processing for Registration Requests . . 5 AAA infrastructure elements. This Authorization-enabling extension
3.3. Foreign Agent Processing for Registration Replies . . 7 MAY co-exist in the same Registration Request with Authentication
3.4. Home Agent Processing for the Challenge Extensions . . 7 extensions defined for Mobile IP Registration by [7]. This document
4. MN-FA Challenge Extension . . . . . . . . . . . . . . . . . 7 obsoletes RFC 3012.
5. Generalized Mobile IP Authentication Extension . . . . . . . 8
6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . . 9 Contents
7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . . 9
8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10 Status of This Memo i
9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10
10. Error Values . . . . . . . . . . . . . . . . .. . . . . . . 10 Abstract i
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11
12. Security Considerations . . . . . . . . . . . . . . . . . . 12 1. Introduction 1
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 1
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
A. Verification Infrastructure . . . . . . . . . . . . . . . . 14 2. Mobile IP Agent Advertisement Challenge Extension 3
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.1. Handling of Solicited Agent Advertisements . . . . . . . 3
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17
3. Operation 4
3.1. Mobile Node Processing for Registration Requests . . . . 4
3.2. Foreign Agent Processing for Registration Requests . . . 5
3.3. Foreign Agent Processing for Registration Replies . . . . 7
3.4. Home Agent Processing for the Challenge Extensions . . . 8
3.5. Mobile Node Processing for Registration Replies . . . . . 9
4. Mobile-Foreign Challenge Extension 11
5. Generalized Mobile IP Authentication Extension 11
6. Mobile-AAA Authentication subtype 12
7. Reserved SPIs for Mobile IP 13
8. SPIs for RADIUS AAA Servers 13
9. Configurable Parameters 15
10. Error Values 15
11. IANA Considerations 15
12. Security Considerations 16
13. Acknowledgments 16
A. Change History 18
B. Verification Infrastructure 19
C. Message Flow for FA Challenge Messaging with Mobile-AAA Extension 21
D. Message Flow for FA Challenge Messaging with MN-FA Authentication 22
E. Foreign Agent Algorithm for Tracking Used Challenges 23
Addresses 25
1. Introduction 1. Introduction
Mobile IP, as originally specified, defines an authentication Mobile IP defines the Mobile-Foreign Authentication extension to
extension (the Mobile-Foreign Authentication extension) by which a allow a mobile node to authenticate itself to a foreign agent. Such
mobile node can authenticate itself to a foreign agent. authentication mechanisms are mostly external to the principal
operation of Mobile IP, since the foreign agent can easily route
packets to and from a mobile node whether or not the mobile node is
reporting a legitimately owned home address to the foreign agent.
Unfortunately, that extension does not provide the foreign agent any
direct guarantee that the protocol is protected from replays, and
does not allow for the use of CHAP [10] for authenticating portable
computer devices. In this specification, we define extensions for
the Mobile IP Agent Advertisements and the Registration Request
that allow a foreign agent to a use challenge/response mechanism
to authenticate the mobile node. Furthermore, an additional
authentication extension, the Mobile-AAA authentication extension,
is provided so that a mobile node can supply credentials for
authorization using commonly available AAA infrastructure elements.
The foreign agent may be able to interact with an AAA infrastructure
(using protocols outside the scope of this document) to obtain a
secure indication that the mobile node is authorized to use the local
network resources.
Unfortunately, this extension does not provide ironclad replay 1.1. Terminology
protection, from the point of view of the foreign agent, and does not
allow for the use of existing techniques (such as CHAP [12]) for
authenticating portable computer devices. In this specification, we
define extensions for the Mobile IP Agent Advertisements and the
Registration Request that allow a foreign agent to a use
challenge/response mechanism to authenticate the mobile node.
All SPI values defined in this document refer to values for the The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
Security Parameter Index, as defined in RFC 2002 [8]. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", document are to be interpreted as described in RFC 2119 [1].
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in [1]. This document uses the term Security Parameters Index (SPI) as
defined in the base Mobile IP protocol specification [7]. All SPI
values defined in this document refer to values for the SPI as
defined in that specification.
The following additional terminology is used in addition to that
defined in [7]:
previously used challenge
The challenge is previously used challenge if the mobile
node sent the same challenge to the foreign agent in
a previous Registration Request, and that previous
Registration Request passed all validity checks performed
by the foreign agent. The Foreign Agent may not be able
to keep records for all previously used challenges, but
see section 3.2 for minimal requirements.
security association
A "mobility security association", as defined in [7].
unknown challenge
Any challenge from a particular mobile node that the
foreign agent has no record of having put either into one
of its recent Agent Advertisements or into a registration
reply message to that mobile node.
unused challenge
A challenge that has not been already accepted by the
Foreign Agent from the mobile node in the Registration
Request -- i.e., a challenge that is neither unknown nor
previously used.
2. Mobile IP Agent Advertisement Challenge Extension 2. Mobile IP Agent Advertisement Challenge Extension
This section defines a new extension to the Router Discovery Protocol This section defines a new extension to the Router Discovery
[3] for use by foreign agents that need to issue a challenge for Protocol [4] for use by foreign agents that need to issue a challenge
authenticating mobile nodes. for authenticating mobile nodes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge ... | Type | Length | Challenge ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Challenge Extension Figure 1: The Challenge Extension
Type 24 Type 24
Length The length of the Challenge value in bytes; SHOULD be Length The length of the Challenge value in bytes; SHOULD be
at least 4 at least 4
Challenge A random value that SHOULD be at least 32 bits. Challenge A random value that SHOULD be at least 32 bits.
The Challenge extension, illustrated in figure 1, is inserted in the The Challenge extension, illustrated in figure 1, is inserted in the
Agent Advertisements by the Foreign Agent, in order to communicate Agent Advertisements by the foreign agent, in order to communicate
the latest challenge value that can be used by the mobile node to a previously unused challenge value that can be used by the mobile
compute an authentication for its registration request message. The node to compute an authentication for its next registration request
challenge is selected by the foreign agent to provide local assurance message. The challenge is selected by the foreign agent to provide
that the mobile node is not replaying any earlier registration local assurance that the mobile node is not replaying any earlier
request. Eastlake, et al. [4] provides more information on registration request. Eastlake, et al. [5] provides more information
generating pseudo-random numbers suitable for use as values for the on generating pseudo-random numbers suitable for use as values for
challenge. the challenge.
Note that the storage of different Challenges received in Agent
Advertisements from multiple foreign agents is implementation
specific and hence, out of scope for this specification.
2.1. Handling of Solicited Agent Advertisements
When a foreign agent generates an Agent Advertisement in response
to a Router Solicitation [4], some additional considerations come
into play. According to the Mobile IP base specification [7], the
resulting Agent Advertisement may be either multicast or unicast.
If the solicited Agent Advertisement is multicast, it MUST NOT
generate a new Challenge value and update its window of remembered
advertised Challenges. It must instead re-use the most recent of the
CHALLENGE_WINDOW Advertisement Challenge values.
If the agent advertisement is unicast back to the soliciting mobile
node, it MUST be handled as follows: If the challenge most recently
unicast to the soliciting mobile node has not been previously used
(as defined in Section 1.1), it SHOULD be repeated in the newly
issued unicast agent advertisement, otherwise a new challenge MUST be
generated and remembered as the most recent challenge issued to the
mobile node. (For further discussion of this, see Section 12.)
3. Operation 3. Operation
This section describes modifications to the Mobile IP registration This section describes modifications to the Mobile IP registration
process which may occur after the Foreign Agent issues a Mobile IP process [7] which may occur after the foreign agent issues a Mobile
Agent Advertisement containing the Challenge on its local link. IP Agent Advertisement containing the Challenge on its local link.
See appendix C for a diagram showing the canonical message flow for
messages related to the processing of the foreign agent challenge
values.
3.1. Mobile Node Processing for Registration Requests 3.1. Mobile Node Processing for Registration Requests
Retransmission behavior for Registration Requests is identical to
that specified in Mobile IP specification [7]. A retransmitted
Registration Request MAY use the same Challenge value as given in the
original Registration Request.
Whenever the Agent Advertisement contains the Challenge extension, if Whenever the Agent Advertisement contains the Challenge extension, if
the mobile node does not have a security association with the Foreign the mobile node does not have a security association with the foreign
Agent, then it MUST include the Challenge value in a MN-FA Challenge agent, then it MUST include the Challenge value in a Mobile-Foreign
extension to the Registration Request message. If, on the other Challenge extension to the Registration Request message. If, on
hand, the mobile node does have a security association with the the other hand, the mobile node does have a security association
foreign agent, it SHOULD include the Challenge value in its with the foreign agent, it SHOULD include the Challenge value in its
Registration Request message. Registration Request message.
If the Mobile Node has a security association with the Foreign Agent, If the mobile node has a security association with the Foreign
it MUST include a Mobile-Foreign Authentication extension in its Agent, it MUST include a Mobile-Foreign Authentication extension
Registration Request message, according to the base Mobile IP in its Registration Request message, according to the base Mobile
specification [8]. When the Registration Request contains the MN-FA IP specification [7]. When the Registration Request contains the
Challenge extension specified in section 4, the Mobile-Foreign Mobile-Foreign Challenge extension specified in section 4, the
Authentication MUST follow the Challenge extension in the Mobile-Foreign Authentication MUST follow the Challenge extension
Registration Request. in the Registration Request. The mobile node MAY also include the
Mobile-AAA Authentication extension. If both, the Mobile-Foreign
If the Mobile Node does not have a security association with the Authentication and the Mobile-AAA Authentication extensions are
Foreign Agent, the Mobile Node MUST include the MN-AAA Authentication present, the Mobile-Foreign Challenge extension MUST precede the
extension as defined in section 6. In addition, the Mobile Node Mobile-AAA Authentication extension and the Mobile-AAA Authentication
SHOULD include the NAI extension [2], to enable the foreign agent to extension MUST precede the Mobile-Foreign Authentication extension.
make use of any available verification infrastructure. The SPI field
of the MN-AAA Authentication extension specifies the particular
secret and algorithm (shared between the Mobile Node and the
verification infrastructure) that must be used to perform the
authentication. If the SPI value is chosen as CHAP_SPI (see section
9), then the mobile node specifies CHAP-style authentication [12]
using MD5 [11].
In either case, the MN-FA Challenge extension and one of the above
specified authentication extensions MUST follow the Mobile-Home
Authentication extension, if present.
A successful Registration Reply from the Foreign Agent MAY include a
new Challenge value (see section 3.3). The Mobile Node MAY use
either the value found in the latest Advertisement, or the one found
in the last Registration Reply from the Foreign Agent. This approach
enables the Mobile Node to make use of the challenge without having
to wait for advertisements.
A Mobile Node might receive an UNKNOWN_CHALLENGE error (see section If the mobile node does not have a security association with
9) if it moves to a new Foreign Agent that cannot validate the the foreign agent, the mobile node MUST include the Mobile-AAA
challenge provided in the Registration Request. In such instances, Authentication extension as defined in section 6 when it includes the
the Mobile Node MUST use a new Challenge value in any new Mobile-Foreign Challenge extension. In addition, the mobile node
registration, obtained either from an Agent Advertisement, or from a SHOULD include the NAI extension [2], to enable the foreign agent
Challenge extension to the Registration Reply containing the error. to make use of available verification infrastructure which requires
this. The SPI field of the Mobile-AAA Authentication extension
specifies the particular secret and algorithm (shared between
the mobile node and the verification infrastructure) that must be
used to perform the authentication. If the SPI value is chosen as
CHAP_SPI or HMAC_CHAP_SPI (see section 9), then the mobile node
specifies CHAP-style authentication [10] using MD5 [9] or HMAC_MD5,
respectively.
A Mobile Node that does not include a Challenge when the Mobile- In either case, the Mobile-Foreign Challenge extension followed by
Foreign Authentication extension is present may receive a one of the above specified authentication extensions MUST follow the
MISSING_CHALLENGE (see section 10) error. In this case, the foreign Mobile-Home Authentication extension, if present.
agent will not process the request from the mobile node unless the
request contains a valid Challenge.
A Mobile Node that receives a BAD_AUTHENTICATION error code (see A mobile node MAY include the Mobile-AAA Authentication extension in
section 10) SHOULD include the MN-AAA Authentication Extension in the the Registration Request when the mobile node registers directly with
next Registration Request. This will make it possible for the its Home Agent (using a co-located care-of address). In this case,
Foreign Agent to use its AAA infrastructure in order to authenticate if the mobile node uses an SPI value of CHAP_SPI or HMAC_CHAP_SPI
the Mobile Node. (section 8) in the MN-AAA Authentication extension, the mobile node
MUST include the Mobile-Foreign Challenge extension prior to the
Mobile-AAA Authentication extension. The mechanism used by the
mobile node to obtain the Challenge value in this case is outside the
scope of this document.
3.2. Foreign Agent Processing for Registration Requests 3.2. Foreign Agent Processing for Registration Requests
Upon receipt of the Registration Request, if the Foreign Agent has Upon receipt of the Registration Request, if the foreign agent has
issued a Challenge as part of its Agent Advertisements, and it does issued a Challenge as part of its Agent Advertisements, and it
not have a security association with the mobile node, then the does not have a security association with the mobile node, then
Foreign Agent MUST check that the MN-FA Challenge extension exists, the Foreign Agent SHOULD check that the Mobile-Foreign Challenge
and that it contains a challenge value previously unused by the extension exists, and that it contains a challenge value previously
Mobile Node. This ensures that the mobile node is not attempting to unused by the Mobile Node. This ensures that the mobile node is not
replay a previous advertisement and authentication. If the challenge attempting to replay a previous advertisement and authentication. In
extension is needed and does not exist, the Foreign Agent MUST send a this case, if the Registration Request does not include a challenge
Registration Reply to the mobile node with the error code extension, the Foreign Agent MUST send a Registration Reply to the
MISSING_CHALLENGE. mobile node with the Code value MISSING_CHALLENGE.
A foreign agent that sends Agent Advertisements containing a A foreign agent that sends Agent Advertisements containing a
Challenge value MAY send a Registration Reply message with a Challenge value MAY send a Registration Reply message with a
MISSING_CHALLENGE error if the mobile node sends a Registration MISSING_CHALLENGE error if the mobile node sends a Registration
Request with a Mobile-Foreign Authentication extension without Request with a Mobile-Foreign Authentication extension without
including a Challenge. In other words, such a foreign agent MAY including a Challenge. In other words, such a foreign agent MAY
refuse to process a Registration Request request from the mobile node refuse to process a Registration Request from the mobile node unless
unless the request contains a valid Challenge. the request contains an unused Challenge.
If a mobile node retransmits a Registration Request with the same If a mobile node retransmits a Registration Request with the same
Identification field and the same Challenge extension, and the Challenge extension, and the foreign agent still has a pending
Foreign Agent still has a pending Registration Request record in Registration Request record in effect for the mobile node, then
effect for the mobile node, then the Foreign Agent forwards the the foreign agent forwards the Registration Request to the Home
Registration Request to the Home Agent again. In all other Agent again. The foreign agent SHOULD check that the mobile node is
circumstances, if the Foreign Agent receives a Registration Request actually performing a retransmission, by verifying that the relevant
with a Challenge extension containing a Challenge value previously fields of the retransmitted request (including, if present, the
used by that mobile node, the Foreign Agent SHOULD send a mobile node NAI Extension [2]) are the same as represented in the
Registration Reply to the mobile node containing the Code value visitor list entry for the pending Registration Request (section
3.7.1 of [7]). This verification MUST NOT include the "remaining
Lifetime of the pending registration", or the Identification field
since those values are likely to change even for requests that are
merely retransmissions and not new Registration Requests. In all
other circumstances, if the foreign agent receives a Registration
Request with a Challenge extension containing a Challenge value
previously used by that mobile node, the Foreign Agent SHOULD send
a Registration Reply to the mobile node containing the Code value
STALE_CHALLENGE. STALE_CHALLENGE.
The Foreign Agent MUST NOT accept any Challenge in the Registration The foreign agent MUST NOT accept any Challenge in the Registration
Request unless it was offered in last successful Registration Reply Request unless it was offered in the last Registration Reply
issued to the Mobile Node, or else advertised as one of the last or unicast Agent Advertisement sent to the mobile node, or else
CHALLENGE_WINDOW (see section 9) Challenge values inserted into the advertised as one of the last CHALLENGE_WINDOW (see section 9)
immediately preceding Agent advertisements. If the Challenge is not Challenge values inserted into the immediately preceding Agent
one of the recently advertised values, the foreign Agent SHOULD send advertisements. If the Challenge is not one of the recently
a Registration Reply with Code UNKNOWN_CHALLENGE (see section 10). advertised values, the foreign Agent SHOULD send a Registration Reply
with Code value UNKNOWN_CHALLENGE (see section 10). The foreign
agent MUST maintain the last challenge used by each Mobile Node that
has registered using any one of the last CHALLENGE_WINDOW challenge
values. This last challenge value can be stored as part of the
mobile node's registration records. Also, see appendix E for a
possible algorithm that can be used to satisfy this requirement.
Furthermore, the Foreign Agent MUST check that there is either a Furthermore, the foreign agent MUST check that there is either a
Mobile-Foreign, or a MN-AAA Authentication extension after the Mobile-Foreign, or a Mobile-AAA Authentication extension after
Challenge extension. Any registration message containing the the Challenge extension. Any registration message containing
Challenge extension without either of these authentication extensions the Challenge extension without either of these authentication
MUST be silently discarded. If the registration message contains a extensions MUST be silently discarded. If the registration
Mobile-Foreign Authentication extension with an incorrect message contains a Mobile-Foreign Authentication extension with an
authenticator that fails verification, the Foreign Agent MAY send a incorrect authenticator that fails verification, the foreign agent
Registration Reply to the mobile node with Code value MAY send a Registration Reply to the mobile node with Code value
BAD_AUTHENTICATION (see Section 10). BAD_AUTHENTICATION (see Section 10).
If the MN-AAA Authentication extension (see Section 6) is present in If the Mobile-AAA Authentication extension (see Section 6) is present
the message, or if an NAI extension is included indicating that the in the message, or if an NAI extension is included indicating that
mobile node belongs to a different administrative domain, the foreign the mobile node belongs to a different administrative domain, the
agent may take actions outside the scope of this protocol foreign agent may take actions outside the scope of this protocol
specification to carry out the authentication of the mobile node. specification to carry out the authentication of the mobile node.
The Foreign Agent MUST NOT remove the MN-AAA Authentication Extension If the registration message contains a Mobile-AAA Authentication
from the Registration Request prior to the completion of the extension with an incorrect authenticator that fails verification,
authentication performed by the AAA infrastructure. The appendix the foreign agent MAY send a Registration Reply to the mobile node
provides an example of an action that could be taken by a foreign with Code value FA_BAD_AAA_AUTH. If the Mobile-AAA Authentication
agent. Extension is present in the Registration Request, the foreign agent
MUST NOT remove the Mobile-AAA Authentication Extension and the
Mobile-Foreign Challenge Extension from the Registration Request.
Appendix C provides an example of an action that could be taken by a
foreign agent.
In the event that the Challenge extension is authenticated through In the event that the Challenge extension is authenticated through
the Mobile-Foreign Authentication Extension, the Foreign Agent MAY the Mobile-Foreign Authentication extension and the Mobile-AAA
Authentication extension is not present, the foreign agent MAY
remove the Challenge Extension from the Registration Request without remove the Challenge Extension from the Registration Request without
disturbing the authentication value computed by the Mobile Node for disturbing the authentication value computed by the mobile node for
use by the AAA or the Home Agent. If the Challenge extension is not use by the AAA or the home agent. If the Mobile-AAA Authentication
removed, it MUST precede the Foreign-Home Authentication extension. extension is present and a security association exists between the
foreign agent and the home agent, the Mobile-Foreign Challenge
extension and the Mobile-AAA Authentication extension MUST precede
the Foreign-Home Authentication extension.
If the Foreign Agent does not remove the Challenge extension, then If the foreign agent does not remove the Challenge extension, then
the Foreign Agent SHOULD store the Challenge value as part of the the foreign agent SHOULD store the Challenge value as part of the
pending registration request list [8]. Also in this case, the pending registration request list [7]. Also, if the Registration
Foreign Agent MUST reject any Registration Reply message coming from Reply coming from the home agent does not include the Challenge
the Home Agent that does not also include the Challenge Extension Extension, the foreign agent SHOULD NOT reject the Registration
with the same Challenge Value that was included in the Registration Request message. If the Challenge Extension is present in the
Request. The Foreign Agent MUST send the rejected Registration Registration Reply, it MUST be the same Challenge value that was
message to the mobile node, and change the status in the Registration included in the Registration Request. If the Challenge value differs
Reply to the value MISSING_CHALLENGE (see section 10). in the Registration Reply received from the home agent, the foreign
agent MUST reject the Registration Request and change the status
in the Registration Reply to the Code value MISSING_CHALLENGE (see
section 10).
If the Foreign Agent does remove the Challenge extension and If the foreign agent does remove the Challenge extension and
applicable authentication from the Registration Request message, then applicable authentication from the Registration Request message,
it SHOULD insert the Identification field from the Registration then it SHOULD insert the Identification field from the Registration
Request message along with its record-keeping information about the Request message along with its record-keeping information about the
particular Mobile Node in order to protect against replays. particular mobile node in order to protect against replays.
3.3. Foreign Agent Processing for Registration Replies 3.3. Foreign Agent Processing for Registration Replies
The Foreign Agent MAY include a new Challenge extension in any The foreign agent SHOULD include a new Mobile-Foreign Challenge
Registration Reply, successful or not. If the foreign agent includes Extension in any Registration Reply, successful or not. If the
this extension in a successful Registration Reply, the extension foreign agent includes this extension in a successful Registration
SHOULD precede a MN-FA authentication extension. Reply, the extension SHOULD precede a Mobile-Foreign authentication
extension if present. Suppose the Registration Reply includes a
Challenge extension from the home agent, and the foreign agent
wishes to include another Challenge extension with the Registration
Reply for use by the mobile node. In that case, the foreign agent
MUST delete the Challenge extension from the home agent from the
Registration Reply, along with any Foreign-Home authentication
extension, before appending the new Challenge extension to the
Registration Reply.
Suppose the Registration Reply includes a Challenge extension from One example of a situation where the foreign agent MAY omit the
the Home Agent, and the foreign agent wishes to include another inclusion of a Mobile-Foreign Challenge Extension in the Registration
Challenge extension with the Registration Reply for use by the mobile Reply would be when a new challenge has been multicast recently.
node. In that case, the foreign agent MUST delete the Challenge
extension from the Home Agent from the Registration Reply, along with If a foreign agent has conditions in which it omits the inclusion
any FA-HA authentication extension, before appending the new of a Mobile-Foreign Challenge Extension in the Registration Reply,
Challenge extension to the Registration Reply. it still MUST respond with an agent advertisement containing a
previously unused challenge in response to a subsequent agent
solicitation from the same mobile node. Otherwise (when the said
conditions are not met) the foreign agent MUST include a previously
unused challenge in any Registration Reply, successful or not.
A mobile node MUST be prepared to use a challenge from a unicast
or multicast Agent Advertisement in lieu of one returned in a
Registration Reply, and MUST solicit for one if it has not already
received one in a Registration Reply.
If the foreign agent receives a Registration Reply with the Code
value HA_BAD_AAA_AUTH, it MUST be relayed to the mobile node.
3.4. Home Agent Processing for the Challenge Extensions 3.4. Home Agent Processing for the Challenge Extensions
If the Home Agent receives a Registration Request with the MN-FA If the home agent receives a Registration Request with the
Challenge extension, and recognizes the extension, the Home Agent Mobile-Foreign Challenge extension, and recognizes the extension, the
MUST include the Challenge extension in the Registration Reply. The home agent MUST include the Challenge extension in the Registration
Challenge Extension MUST be placed after the Mobile-Home Reply. The Challenge Extension MUST be placed after the Mobile-Home
authentication extension, and the extension SHOULD be authenticated authentication extension, and the extension SHOULD be authenticated
by a Foreign-Home Authentication extension. by a Foreign-Home Authentication extension.
The home agent MAY receive a Registration Request with the Mobile-AAA
Authentication extension. If the Mobile-AAA Authentication extension
is used by the home agent as an authorization-enabling extension
and the verification fails due to incorrect authenticator, the
home agent MAY reject the Registration Reply with the error code
HA_BAD_AAA_AUTH.
Since the extension type for the Challenge extension is within the Since the extension type for the Challenge extension is within the
range 128-255, the Home Agent MUST process such a Registration range 128-255, the home agent MUST process such a Registration
Request even if it does not recognize the Challenge extension [8]. Request even if it does not recognize the Challenge extension [7].
In this case, the Home Agent will send a Registration Reply to the In this case, the home agent will send a Registration Reply to the
Foreign Agent that does not include the Challenge extension. foreign agent that does not include the Challenge extension.
4. MN-FA Challenge Extension 3.5. Mobile Node Processing for Registration Replies
A mobile node might receive the following error codes in the
Registration Reply from the foreign agent as a response to the
Registration Request. The error codes are defined in section 10.
UNKNOWN_CHALLENGE: This error code is received by the mobile node in
the case where the mobile node has moved to a new foreign agent that
cannot validate the challenge provided in the Registration Request.
In such instances, the mobile node MUST use a new Challenge value in
any new registration, obtained either from an Agent Advertisement, or
from a Challenge extension to the Registration Reply containing the
error.
MISSING_CHALLENGE: A mobile node that does not include a Challenge
when the Mobile-Foreign Authentication extension is present may
receive a MISSING_CHALLENGE error. In this case, the mobile node
SHOULD send a Challenge extension containing an unused challenge in
the next Registration Request.
BAD_AUTHENTICATION: This error is sent by the foreign agent if
the Registration Request contains a Mobile-Foreign Authentication
extension with an incorrect authenticator that fails verification.
A mobile node that receives a BAD_AUTHENTICATION Code value
SHOULD include the Mobile-AAA Authentication Extension in the next
Registration Request. This will make it possible for the Foreign
Agent to use its AAA infrastructure in order to authenticate the
Mobile Node. In this case, the mobile node MUST use a new Challenge
value in any new registration, obtained either from an Agent
Advertisement, or from a Challenge extension to the Registration
Reply containing the error.
FA_BAD_AAA_AUTH: This error is sent by the Foreign Agent if the
Registration Request contains a Mobile-AAA Authentication extension
with an incorrect authenticator that fails verification. A mobile
node that receives a FA_BAD_AAA_AUTH MUST use a new Challenge value
in any new registration, obtained either from an Agent Advertisement,
or from a Challenge extension to the Registration Reply containing
the error.
HA_BAD_AAA_AUTH: This error is sent by the Home Agent if the
Registration Request contains a Mobile-AAA Authentication extension
with an incorrect authenticator that fails verification. A mobile
node that receives a HA_BAD_AAA_AUTH MUST use a new Challenge value
in any new registration, obtained either from an Agent Advertisement,
or from a Challenge extension to the Registration Reply containing
the error.
STALE_CHALLENGE: If the foreign agent receives a Registration
Request with a Challenge extension containing a Challenge value
previously used by that mobile node, the mobile node MAY receive
a Registration Reply to the mobile node containing the Code value
STALE_CHALLENGE. In such instances, the mobile node MUST use a
new Challenge value in next Registration Request, obtained either
from an Agent Advertisement, or from a Challenge extension to the
Registration Reply containing the error.
4. Mobile-Foreign Challenge Extension
This section specifies a new Mobile IP Registration extension that is This section specifies a new Mobile IP Registration extension that is
used to satisfy a Challenge in an Agent Advertisement. The Challenge used to satisfy a Challenge in an Agent Advertisement. The Challenge
extension to the Registration Request message is used to indicate the extension to the Registration Request message is used to indicate the
challenge that the mobile node is attempting to satisfy. challenge that the mobile node is attempting to satisfy.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge... | Type | Length | Challenge...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The MN-FA Challenge Extension Figure 2: The Mobile-Foreign Challenge Extension
Type 132 (skippable) (see [8]) Type 132 (skippable) (see [7])
Length Length of the Challenge value Length Length of the Challenge value
Challenge The Challenge field is copied from the Challenge field Challenge The Challenge field is copied from the Challenge field
found in the Agent Advertisement Challenge extension found in the Agent Advertisement Challenge extension
(see section 2). (see section 2).
Suppose the mobile node has successfully registered using one of the
Challenge Values within the CHALLENGE_WINDOW values advertised by the
foreign agent. In that case, in any new Registration Request the
mobile node MUST NOT use any Challenge Value which was advertised by
the foreign agent before the Challenge Value in the mobile node's
last Registration Request.
5. Generalized Mobile IP Authentication Extension 5. Generalized Mobile IP Authentication Extension
Several new authentication extensions have been designed for various Several new authentication extensions have been designed for
control messages proposed for extensions to Mobile IP (see, for various control messages proposed for extensions to Mobile IP. A new
example, [9]). A new authentication extension is required for a authentication extension is required for a mobile node to present its
mobile node to present its credentials to any other entity other than credentials to any other entity other than the ones already defined;
the ones already defined; the only entities defined in the base the only entities defined in the base Mobile IP specification [7]
Mobile IP specification [8] are the home agent and the foreign agent. are the home agent and the foreign agent. It is the purpose of the
It is the purpose of the generalized authentication extension defined generalized authentication extension defined here to collect together
here to collect together data for all such new authentication data for all such new authentication applications into a single
applications into a single extension type with subtypes. extension type with subtypes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI | | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator ... | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP Authentication Extension Figure 3: The Generalized Mobile IP Authentication Extension
Type 36 (not skippable) (see [8]) Type 36 (not skippable) (see [7])
Subtype a number assigned to identify the kind of Subtype a number assigned to identify the kind of
endpoints or characteristics of the particular endpoints or other characteristics of the
authentication strategy particular authentication strategy
Length 4 plus the number of bytes in the Authenticator; Length 4 plus the number of bytes in the Authenticator;
MUST be at least 20. MUST be at least 20.
SPI Security Parameters Index SPI Security Parameters Index
Authenticator The variable length Authenticator field Authenticator The variable length Authenticator field
In this document, only one subtype is defined: In this document, only one subtype is defined:
1 MN-AAA Authentication subtype (see section 6) 1 Mobile-AAA Authentication subtype (see section 6)
6. MN-AAA Authentication subtype 6. Mobile-AAA Authentication subtype
The Generalized Authentication extension with subtype 1 will be The Generalized Authentication extension with subtype 1 will be
referred to as a MN-AAA Authentication extension. If the mobile node referred to as a Mobile-AAA Authentication extension. The mobile
does not include a Mobile-Foreign Authentication [8] extension, then node MAY include a Mobile-AAA Authentication extension in any
it MUST include the MN-AAA Authentication extension whenever the Registration Request. This extension MAY co-exist in the same
Challenge extension is present. If the MN-AAA Authentication Registration Request with Authentication extensions defined for
extension is present, then the Registration Message sent by the Mobile IP Registration by [7]. If the mobile node does not include a
mobile node MUST contain the Mobile-HA Authentication extension [8] Mobile-Foreign Authentication [7] extension, then it MUST include the
if it shares a security association with the Home Agent. If present, Mobile-AAA Authentication extension whenever the Challenge extension
the Mobile-HA Authentication Extension MUST appear prior to the MN- is present. If both are present, the Mobile-AAA Authentication
AAA Authentication extension. The mobile node MAY include a MN-AAA extension MUST precede the Mobile-Foreign Authentication extension.
Authentication extension in any Registration Request. The
corresponding response MUST include the MN-HA Authentication
Extension, and MUST NOT include the MN-AAA Authentication Extension.
The default algorithm for computation of the authenticator is HMAC- If the Mobile-AAA Authentication extension is present, then the
MD5 [5] computed on the following data, in the order shown: Registration Message sent by the mobile node MUST contain the
Mobile-Home Authentication extension [7] if it shares a security
association with the home agent. If both are present, the
Mobile-Home Authentication Extension MUST appear prior to the
Mobile-AAA Authentication extension. The corresponding response
MUST include the Mobile-Home Authentication Extension, and MUST NOT
include the Mobile-AAA Authentication Extension.
The default algorithm for computation of the authenticator is
HMAC-MD5 [6] computed on the following data, in the order shown:
Preceding Mobile IP data || Type, Subtype, Length, SPI Preceding Mobile IP data || Type, Subtype, Length, SPI
where the Type, Length, Subtype, and SPI are as shown in section 5. where the Type, Length, Subtype, and SPI are as shown in section 5.
The resulting function call, as described in [5], would be: The resulting function call, as described in [6], would be:
hmac_md5(data, datalen, Key, KeyLength, authenticator); hmac_md5(data, datalen, Key, KeyLength, authenticator);
Each mobile node MUST support the ability to produce the Each mobile node MUST support the ability to produce the
authenticator by using HMAC-MD5 as shown. Just as with Mobile IP, authenticator by using HMAC-MD5 as shown. Just as with Mobile IP,
this default algorithm MUST be able to be configured for selection at it must be possible to configure the use of any arbitrary 32-bit SPI
any arbitrary 32-bit SPI outside of the SPIs in the reserved range outside of the SPIs in the reserved range 0-255 for selection of this
0-255. default algorithm.
7. Reserved SPIs for Mobile IP 7. Reserved SPIs for Mobile IP
Mobile IP defines several authentication extensions for use in Mobile IP defines several authentication extensions for use in
Registration Requests and Replies. Each authentication extension Registration Requests and Replies. Each authentication extension
carries a Security Parameters Index (SPI) which should be used to carries a Security Parameters Index (SPI) which should be used to
index a table of security associations. Values in the range 0 - 255 index a table of security associations. Values in the range 0 - 255
are reserved for special use. A list of reserved SPI numbers is to are reserved for special use. A list of reserved SPI numbers is to
be maintained by IANA at the following URL: be maintained by IANA at the following URL:
http://www.iana.org/numbers.html http://www.iana.org/numbers.html
8. SPI For RADIUS AAA Servers 8. SPIs for RADIUS AAA Servers
Some AAA servers only admit a single security association, and thus Some AAA servers only admit a single security association, and thus
do not use the SPI numbers for Mobile IP authentication extensions do not use the SPI numbers for Mobile IP authentication extensions
for use when determining the security association that would be for use when determining the security association that would be
necessary for verifying the authentication information included with necessary for verifying the authentication information included with
the Authentication extension. the Authentication extension.
SPI number CHAP_SPI (see section 9) is reserved (see section 7) for SPI numbers CHAP_SPI and HMAC_CHAP_SPI (see section 9) are reserved
indicating the following procedure for computing authentication data for indicating the following procedure for computing authentication
(called the "authenticator"), which is used by many RADIUS servers data (called the "authenticator"), which is used by many RADIUS
[10] today. servers [8] today.
To compute the authenticator, apply MD5 [11] computed on the To compute the authenticator, apply MD5 [9] computed on the following
following data, in the order shown: data, in the order shown:
High-order byte from Challenge || Key || High-order byte from Challenge || Key ||
MD5(Preceding Mobile IP data || MD5(Preceding Mobile IP data ||
Type, Subtype (if present), Length, SPI) || Type, Subtype (if present), Length, SPI) ||
Least-order 237 bytes from Challenge Least-order 237 bytes from Challenge
where the Type, Length, SPI, and possibly Subtype, are the fields of where the Type, Length, SPI, and possibly Subtype, are the fields
the authentication extension in use. For instance, all four of these of the authentication extension in use. For instance, all four of
fields would be in use when SPI == CHAP_SPI is used with the these fields would be in use when SPI == (CHAP_SPI or HMAC_CHAP_SPI)
Generalized Authentication extension. Since the RADIUS protocol is used with the Generalized Authentication extension. The use
cannot carry attributes greater than 253 in size, the preceding of SPI number HMAC_CHAP_SPI indicates the use of HMAC_MD5 instead
Mobile IP data, type, subtype (if present), length and SPI are hashed of MD5 in the above procedure. Since the RADIUS protocol cannot
using MD5. Finally, the least significant 237 bytes of the challenge carry attributes of length greater than 253, the preceding Mobile IP
are concatenated. data, type, subtype (if present), length and SPI are hashed using
MD5. Finally, the least significant 237 bytes of the challenge
are concatenated. If the challenge has fewer than 238 bytes, this
algorithm includes the high-order byte in the computation twice, but
ensures that the challenge is used exactly as is. Additional padding
is never used to increase the length of the challenge; the input data
is allowed to be shorter than 237 bytes long.
9. Configurable Parameters 9. Configurable Parameters
Every Mobile IP agent supporting the extensions defined in this Every Mobile IP agent supporting the extensions defined in this
document SHOULD be able to configure each parameter in the following document SHOULD be able to configure each parameter in the following
table. Each table entry contains the name of the parameter, the table. Each table entry contains the name of the parameter, the
default value, and the section of the document in which the parameter default value, and the section of the document in which the parameter
first appears. first appears.
Parameter Name Default Value Section(s) of Document Parameter Name Default Value Section(s) of Document
-------------- ------------- ---------------------- -------------- ------------- ----------------------
CHALLENGE_WINDOW 2 3.2 CHALLENGE_WINDOW 2 3.2
CHAP_SPI 2 8 CHAP_SPI 2 8
HMAC_CHAP_SPI 3 8
10. Error Values Note that CHALLENGE_WINDOW SHOULD be at least 2. This makes it far
less likely that mobile nodes will register using a Challenge value
that is outside the set of values allowable by the foreign agent.
Each entry in the following table contains the name of Code [8] to be 10. Error Values
returned in a Registration Reply, the value for the Code, and the
section in which the error is first mentioned in this specification.
Each entry in the following table contains the name of the Code [7]
to be returned in a Registration Reply, the value for the Code,
and the section in which the error is first mentioned in this
specification.
Error Name Value Section of Document Error Name Value Section of Document
---------------------- ----- ------------------- ---------------------- ----- -------------------
UNKNOWN_CHALLENGE 104 3.2 UNKNOWN_CHALLENGE 104 3.2
BAD_AUTHENTICATION 67 3.2 - also see [8] BAD_AUTHENTICATION67 3.2 - also see [7]
MISSING_CHALLENGE 105 3.1,3.2 MISSING_CHALLENGE 105 3.1,3.2
STALE_CHALLENGE 106 3.2 STALE_CHALLENGE 106 3.2
FA_BAD_AAA_AUTH TBD 3.2
HA_BAD_AAA_AUTH TBD 3.4
11. IANA Considerations 11. IANA Considerations
The Generalized Mobile IP Authentication extension defined in Section All protocol values in this specification are to be the same as
5 is a Mobile IP registration extension as defined in RFC 2002 [8] defined in RFC 3012 [3]. Additionaly, new Code values are defined by
and extended in RFC 2356 [7]. IANA should assign a value of 36 for this document for FA_BAD_AAA_AUTH
this extension. and HA_BAD_AAA_AUTH.
A new number space is to be created for enumerating subtypes of the
Generalized Authentication extension (see section 5). New subtypes
of the Generalized Authentication extension, other than the number
(1) for the MN-AAA authentication extension specified in section 6,
must be specified and approved by a designated expert.
The MN-FA Challenge Extension defined in Section 4 is a router
advertisement extension as defined in RFC 1256 [3] and extended in
RFC 2002 [8]. IANA should assign a value of 132 for this purpose.
The Code values defined in Section 10 are error codes as defined in
RFC 2002 [8] and extended in RFC 2344 [6] and RFC 2356 [7]. They
correspond to error values conventionally associated with rejection
by the foreign agent (i.e., values from the range 64-127). The Code
value 67 is a pre-existing value which is to be used in some cases
with the extension defined in this specification. IANA should record
the values as defined in Section 10.
A new section for enumerating algorithms identified by specific SPIs
within the range 0-255 is to be added to
http://www.isi.edu/in-notes/iana/assignments/mobileip-numbers.
The CHAP_SPI number (2) discussed in section 8 is to be assigned from
this range of reserved SPI numbers. New assignments from this
reserved range must be specified and approved by the Mobile IP
working group. SPI number 1 should not be assigned unless in the
future the Mobile IP working group decides that SKIP is not important
for enumeration in the list of reserved numbers. SPI number 0 should
not be assigned.
12. Security Considerations 12. Security Considerations
In the event that a malicious mobile node attempts to replay the In the event that a malicious mobile node attempts to replay the
authenticator for an old MN-FA Challenge, the Foreign Agent would authenticator for an old Mobile-Foreign Challenge, the Foreign
detect it since the agent always checks whether it has recently Agent would detect it since the agent always checks whether it has
advertised the Challenge (see section 3.2). Allowing mobile nodes recently advertised the Challenge (see section 3.2). Allowing mobile
with different IP addresses or NAIs to use the same Challenge value nodes with different IP addresses or NAIs to use the same Challenge
does not represent a security vulnerability, because the value does not represent a security vulnerability, because the
authentication data provided by the mobile node will be computed over authentication data provided by the mobile node will be computed over
data that is different (at least by the bytes of the mobile nodes' IP data that is different (at least by the bytes of the mobile nodes' IP
addresses). addresses).
Whenever a Foreign Agent updates a field of the Registration Reply
(as suggested in section 3.2), it invalidates the authentication data
supplied by the Home Agent in the MN-HA Authentication extension to
the Registration Reply. Thus, this opens up a security exposure
whereby a node might try to supply a bogus Registration Reply to a
mobile node that causes the mobile node to act as if its Registration
Reply were rejected. This might happen when, in fact, a Registration
Reply showing acceptance of the registration might soon be received
by the mobile node.
If the foreign agent chooses a Challenge value (see section 2) with If the foreign agent chooses a Challenge value (see section 2) with
fewer than 4 bytes, the foreign agent SHOULD maintain records that fewer than 4 bytes, the foreign agent SHOULD include the value of
also the Identification field for the mobile node. The foreign agent the Identification field in the records it maintains for the mobile
can then find assurance that the Registration messages using the node. The foreign agent can then determine whether the Registration
short Challenge value are in fact unique, and thus assuredly not messages using the short Challenge value are in fact unique, and thus
replayed from any earlier registration. assuredly not replayed from any earlier registration.
Section 8 (SPI For RADIUS AAA Servers) defines a method of computing Section 8 (SPI For RADIUS AAA Servers) defines a method of computing
the Generalized Mobile IP Authentication Extension's authenticator the Generalized Mobile IP Authentication Extension's authenticator
field using MD5 in a manner that is consistent with RADIUS [10]. The field using MD5 in a manner that is consistent with RADIUS [8]. The
use of MD5 in the method described in Section 8 is less secure than use of MD5 in the method described in Section 8 is less secure than
HMAC-MD5 [5], and should be avoided whenever possible. HMAC-MD5 [6], and should be avoided whenever possible.
13. Acknowledgements Note that an active attacker may try to prevent successful
registrations by sending a large number of Agent Solicitations or
bogus Registration Requests, each of which could cause the FA to
respond with a fresh challenge, invalidating the challenge that the
MN is currently trying to use. To prevent such attacks, the FA
MUST NOT invalidate previously unused challenges when responding to
unauthenticated Registration Requests or Agent Solicitations. In
addition, the FA MUST NOT allocate new storage when responding to
such messages, because this would also create the possibility of
denial of service.
The authors would like to thank Tom Hiller, Mark Munson, the TIA 13. Acknowledgments
TR45-6 WG, Gabriel Montenegro, Vipul Gupta, and Pete McCann for their
useful discussions. A recent draft by Mohamed Khalil, Raja The authors would like to thank Tom Hiller, Mark Munson, the
Narayanan, Emad Qaddoura, and Haseeb Akhtar has also suggested the TIA TR45-6 WG, Gabriel Montenegro, Vipul Gupta, Pete McCann,
definition of a generalized authentication extension similar to the Robert Marks, Ahmad Muhanna, and Luca Salgarelli for their useful
specification contained in section 5. discussions. A recent draft by Mohamed Khalil, Raja Narayanan, Emad
Qaddoura, and Haseeb Akhtar has also suggested the definition of a
generalized authentication extension similar to the specification
contained in section 5.
References References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] S. Bradner. Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels. Request for Comments (Best Current Practice) 2119,
Internet Engineering Task Force, March 1997.
[2] Calhoun, P. and C. Perkins. "Mobile IP Network Access Identifier [2] P. Calhoun and C. Perkins. Mobile IP Network Access Identifier
Extension for IPv4", RFC 2794, January 2000. Extension for IPv4. Request for Comments (Proposed Standard)
2794, Internet Engineering Task Force, January 2000.
[3] Deering, S., "ICMP Router Discovery Messages", RFC 1256, [3] P. Calhoun and C. E. Perkins. Mobile IP Foreign Agent
September 1991. Challenge/Response Extension. Request for Comments (Proposed
Standard) 3012, Internet Engineering Task Force, December 2000.
[4] Eastlake, D., Crocker, S. and J. Schiller, "Randomness [4] S. Deering. ICMP Router Discovery Messages. Request for
Recommendations for Security", RFC 1750, December 1994. Comments (Proposed Standard) 1256, Internet Engineering Task
Force, September 1991.
[5] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing [5] D. Eastlake, 3rd, S. Crocker, and J. Schiller. Randomness
for Message Authentication", RFC 2104, February 1997. Recommendations for Security. Request for Comments
(Informational) 1750, Internet Engineering Task Force, December
1994.
[6] Montenegro, G., "Reverse Tunneling for Mobile IP", RFC 2344, May [6] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing
1998. for Message Authentication. Request for Comments
(Informational) 2104, Internet Engineering Task Force,
February 1997.
[7] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for [7] C. Perkins. IP Mobility Support. Request for Comments
Mobile IP", RFC 2356, June 1998. (Proposed Standard) 3344, Internet Engineering Task Force,
August 2002.
[8] Perkins, C., "IP Mobility Support", RFC 2002, October 1996. [8] C. Rigney, A. Rubens, W. Simpson, and S. Willens. Remote
Authentication Dial In User Service (RADIUS). Request for
Comments (Proposed Standard) 2138, Internet Engineering Task
Force, April 1997.
[9] Perkins, C. and D. Johnson, "Route Optimization in Mobile IP", [9] R. Rivest. The MD5 Message-Digest Algorithm. Request for
Work in Progress. Comments (Informational) 1321, Internet Engineering Task Force,
April 1992.
[10] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote [10] W. Simpson. PPP Challenge Handshake Authentication Protocol
Authentication Dial In User Service (RADIUS)", RFC 2138, April (CHAP). Request for Comments (Draft Standard) 1994, Internet
1997. Engineering Task Force, August 1996.
[11] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April All references are normative.
1992.
[12] Simpson, W., "PPP Challenge Handshake Authentication Protocol A. Change History
(CHAP)", RFC 1994, August 1996.
A. Verification Infrastructure List of the important changes for version 03.
- Foreign agent recommended to include a Challenge in every
Registration Reply, so that mobile node can re-register without
waiting for an Advertisement.
- Foreign agent MUST record applicable challenge values used by
each mobile node
- Mobile node forbidden to use Challenge values which were
advertised previous to the last Challenge value which it had used
for a registration.
- terminology for stale challenge vs. unused challenge clarified
- terminology for "valid" challenge deleted in favor of "unused
challenge"
- Programming suggestion added as an appendix
List of the important changes for version 04.
- The definition of "previously used challenge" is merged with
"stale challenge" definition in section 1.1.
- Reference 7 is updated from RFC 3320 to RFC 3344 and reference 9
is updated from RFC 2138 to RFC 2865 in "Reference" section.
- Reference to RFC 3344 is added in section 3.
- HMAC_CHAP_SPI option is added for Generalized Mobile IP
Authentication extension. Upon receipt of HMAC_CHAP_SPI,
HMAC-MD5 is used instead of MD5 for computing the authenticator.
- Clarified processing of error messages at the mobile node
(section 3.1).
- Modified text of section 2.1 and 3.2 for further clarity.
List of the important changes for version 05.
- Added BAD_AAA_AUTHENTICATION_SET_BY_FA and
BAD_AAA_AUTHENTICATION_SET_BY_HA error codes to report
authentication errors caused while processing Mobile-AAA
Authentication extension.
- Processing of the Mobile-AAA Authentication extension is
clarified for the foreign agent and the Home Agent.
- Co-existence of the Mobile-AAA Authentication extension in the
same Registration Request is made explicit.
- The situation in which the foreign agent sets MISSING_CHALLENGE
is clarified further.
- The use of Mobile-AAA Authentication Extension is allowed by the
Mobile Node with co-located care-of-address.
List of the important changes for version 06.
- Minor editorial changes are made through out the document.
- Added definition of "previously used challenge" and removed
definition of "stale challenge" from section 1.1.
- Renamed BAD_AAA_AUTHENTICATION_SET_BY_FA to FA_BAD_AAA_AUTH and
BAD_AAA_AUTHENTICATION_SET_BY_HA to HA_BAD_AAA_AUTH.
- Defined an order of the Mobile-AAA Authentication extension
received with the authentication extension(s) defined in RFC
3344 [7].
- Added protection against bogus Registration Reply and Agent
Advertisement. Also, the processing of the Challenge is
clarified if it is received in the multicast/unicast Agent
Advertisement.
B. Verification Infrastructure
The Challenge extensions in this protocol specification are expected The Challenge extensions in this protocol specification are expected
to be useful to help the Foreign Agent manage connectivity for to be useful to help the foreign agent manage connectivity for
visiting mobile nodes, even in situations where the foreign agent visiting mobile nodes, even in situations where the foreign agent
does not have any security association with the mobile node or the does not have any security association with the mobile node or the
mobile node's home agent. In order to carry out the necessary mobile node's home agent. In order to carry out the necessary
authentication, it is expected that the foreign agent will need the authentication, it is expected that the foreign agent will need the
assistance of external administrative systems, which have come to be assistance of external administrative systems, which have come to be
called AAA systems. For the purposes of this document, we call the called AAA systems. For the purposes of this document, we call the
external administrative support the "verification infrastructure". external administrative support the "verification infrastructure".
The verification infrastructure is described to motivate the design The verification infrastructure is described to motivate the design
of the protocol elements defined in this document, and is not of the protocol elements defined in this document, and is not
strictly needed for the protocol to work. The foreign agent is free strictly needed for the protocol to work. The foreign agent is free
skipping to change at page 14, line 41 skipping to change at page 20, line 24
+----------------------------------------------------+ +----------------------------------------------------+
| | | |
| Verification and Key Management Infrastructure | | Verification and Key Management Infrastructure |
| | | |
+----------------------------------------------------+ +----------------------------------------------------+
^ | ^ | ^ | ^ |
| | | | | | | |
| v | v | v | v
+---------------+ +---------------+ +---------------+ +---------------+
| | | | | | | |
| Foreign Agent | | Home Agent | | foreign agent | | home agent |
| | | | | | | |
+---------------+ +---------------+ +---------------+ +---------------+
Figure 4: The Verification Infrastructure Figure 4: The Verification Infrastructure
After the foreign agent gets the Challenge authentication, it MAY After the foreign agent gets the Challenge authentication, it MAY
pass the authentication to the (here unspecified) infrastructure, and pass the authentication to the (here unspecified) infrastructure,
await a Registration Reply. If the Reply has a positive status and await a Registration Reply. If the Reply has a positive status
(indicating that the registration was accepted), the foreign agent (indicating that the registration was accepted), the foreign agent
accepts the registration. If the Reply contains the Code value accepts the registration. If the Reply contains the Code value
BAD_AUTHENTICATION (see Section 10), the foreign agent takes actions BAD_AUTHENTICATION (see Section 10), the foreign agent takes actions
indicated for rejected registrations. indicated for rejected registrations.
Implicit in this picture, is the important observation that the Implicit in this picture, is the important observation that the
Foreign Agent and the Home Agent have to be equipped to make use of foreign agent and the home agent have to be equipped to make use
whatever protocol is made available to them by the challenge of whatever protocol is made available to them by the challenge
verification and key management infrastructure shown in the figure. verification and key management infrastructure shown in the figure.
The protocol messages for handling the authentication within the The protocol messages for handling the authentication within the
verification infrastructure, and identity of the agent performing the verification infrastructure, and identity of the agent performing the
verification of the Foreign Agent challenge, are not specified in verification of the foreign agent challenge, are not specified in
this document, because those operations do not have to be performed this document, because those operations do not have to be performed
by any Mobile IP entity. by any Mobile IP entity.
Addresses C. Message Flow for FA Challenge Messaging with Mobile-AAA Extension
The working group can be contacted via the current chairs: MN FA Verification home agent
|<-- Adv+Challenge--| Infrastructure |
| (if needed) | | |
| | | |
|-- RReq+Challenge->| | |
| + Auth.Ext. | | |
| | Auth. Request, incl. | |
| |--- RReq + Challenge --->| |
| | + Auth.Ext | RReq + |
| | |-- Challenge -->|
| | | |
| | | |
| | |<--- RRep ----- |
| | Authorization, incl. | |
| |<-- RRep + Auth.Ext.-----| |
| | | |
|<-- RRep+Auth.Ext--| | |
| + New Challenge | | |
Basavaraj Patil Figure 5: Message Flows for FA Challenge Messaging
Nokia Corporation
6000 Connection Drive
M/S M8-540
Irving, Texas 75039
USA
Phone: +1 972-894-6709 In figure 5, the following informational message flow is illustrated:
Fax : +1 972-894-5349
EMail: Basavaraj.Patil@nokia.com
Phil Roberts 1. The foreign agent disseminates a Challenge Value in an Agent
Motorola Advertisement if needed. This advertisement MAY have been
1501 West Shure Drive produced after receiving an Agent Solicitation from the mobile
Arlington Heights, IL 60004 node (not shown in the diagram).
USA
Phone:+1 847-632-3148 2. The mobile node creates a Registration Request including the
EMail: QA3445@email.mot.com advertised Challenge Value in the Challenge Extension, along with
Questions about this memo can also be directed to the authors: an Mobile-AAA authentication extension.
Charles E. Perkins 3. The foreign agent relays the Registration Request either to
Communications Systems Lab the home agent specified by the mobile node, or else to its
Nokia Research Center locally configured Verification Infrastructure (see appendix B),
313 Fairchild Drive according to local policy.
Mountain View, California 94043
USA
Phone: +1-650 625-2986 4. The foreign agent receives a Registration Reply with the
Fax: +1 650 625-2502 appropriate indications for authorizing connectivity for the
EMail: charliep@iprg.nokia.com mobile node.
Pat R. Calhoun 5. The foreign agent relays the Registration Reply to the mobile
Network & Security Center node, possibly along with a new Challenge Value to be used by the
Sun Microsystems Laboratories mobile node in its next Registration Reply message.
15 Network Circle
Menlo Park, California 94025
USA
Phone: +1 650-786-7733 D. Message Flow for FA Challenge Messaging with MN-FA Authentication
Fax: +1 650-786-6445
EMail: pcalhoun@eng.sun.com
Full Copyright Statement MN FA home agent
|<-- Adv+Challenge--| |
| (if needed) | |
| | |
|-- RReq+Challenge->| |
| + Auth.Ext. | |
| |--- RReq + Challenge --->|
| | + HA-FA Auth.Ext |
| | |
| |<-- RRep + Challenge ----|
| | + HA-FA Auth.Ext |
| | |
|<-- RRep+Auth.Ext--| |
| + New Challenge | |
Copyright (C) The Internet Society (2000). All Rights Reserved. Figure 6: Message Flows for FA Challenge Messaging
with MN-FA Authentication
This document and translations of it may be copied and furnished to In figure 6, the following informational message flow is illustrated:
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be 1. The foreign agent disseminates a Challenge Value in an Agent
revoked by the Internet Society or its successors or assigns. Advertisement if needed. This advertisement MAY have been
produced after receiving an Agent Solicitation from the mobile
node (not shown in the diagram).
This document and the information contained herein is provided on an 2. The mobile node creates a Registration Request including the
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING advertised Challenge Value in the Challenge Extension, along with
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING an Mobile-Foreign Authentication extension.
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement 3. The foreign agent relays the Registration Request to the home
agent specified by the mobile node.
Funding for the RFC Editor function is currently provided by the 4. The foreign agent receives a Registration Reply with the
Internet Society. appropriate indications for authorizing connectivity for the
mobile node.
5. The foreign agent relays the Registration Reply to the mobile
node, possibly along with a new Challenge Value to be used by the
mobile node in its next Registration Reply message. If the Reply
contains the Code value HA_BAD_AAA_AUTH (see Section 10), the
foreign agent takes actions indicated for rejected registrations.
E. Foreign Agent Algorithm for Tracking Used Challenges
If the foreign agent maintains a large CHALLENGE_WINDOW, it becomes
more important for scalability purposes to efficiently compare
incoming challenges against the set of Challenge values which have
been advertised recently. This can be done by keeping the Challenge
values in order of advertisement, and by making use of the mandated
behavior that mobile nodes MUST NOT use Challenge values which were
advertised before the last advertised Challenge value that the mobile
node has attempted to use. The following stylized programmatic
algorithm accomplishes this objective. The maximum amount of total
storage required by this algorithm is equal to Size*(CHALLENGE_WINDOW
+ (2*N)), where N is the current number of mobile nodes for which the
foreign agent is storing challenge values. Note that, whenever the
stored challenge value is no longer in the CHALLENGE_WINDOW, it can
be deleted from the foreign agent's records, perhaps along with all
other registration information for the mobile node if it is no longer
registered.
In the program fragment, it is presumed that the foreign agent
keeps an array of advertised Challenges ("VALID_ADV_CHALLENGES"), a
record of the last advertised challenge used by a mobile node, and
also a record of the last challenge provided to a mobile node in a
Registration Reply or unicast Agent Advertisement.
To meet the security obligations outlined in Section 12, the FA
SHOULD use one of the already stored, previously unused challenges
when responding to an unauthenticated Registration Request or
Agent Solicitation. If none of the already stored challenges are
previously unused, the FA SHOULD generate a new challenge, include it
in the response, and store it in the per-Mobile data structure.
current_chal := RegistrationRequest.challenge_extension_value
last_chal := mobile_node_record.last_used_adv_chal
if (current_chal == mobile_node_record.RegReply_challenge) {
update (mobile_node_record, current_chal)
return (OK)
}
else if (current_chal "among" VALID_ADV_CHALLENGES[]{
if (last_chal "among" VALID_ADV_CHALLENGES[]) {
if (current_chal is "before" last_chal) {
send_error(STALE_CHALLENGE)
return (FAILURE)
}
else {
update (mobile_node_record, current_chal)
return (OK)
}
}
else {
update (mobile_node_record, current_chal)
return (OK)
}
}
else {
send_error(UNKNOWN_CHALLENGE);
}
Addresses
Questions about this memo can be directed to the authors:
Charles E. Perkins Pat R. Calhoun
Communications Systems Lab
Nokia Research Center Airespace Networks
313 Fairchild Drive 110 Nortech Parkway
Mountain View, California 94043 San Jose, CA 95134
USA USA
Phone: +1-650 625-2986 Phone: +1 408 635 2000
EMail: charles.perkins@nokia.com Email: pcalhoun@diameter.org
Fax: +1 650 625-2502 Fax: +1 720-293-7501
Jayshree Bharatia
Nortel Networks
2221, Lakeside Blvd.
Richardson, TX, 75082
USA
Phone: +1 972-684-5767
Email: jayshree@nortelnetworks.com
Fax: +1 972-684-3775
 End of changes. 105 change blocks. 
416 lines changed or deleted 730 lines changed or added

This html diff was produced by rfcdiff 1.27, available from http://www.levkowetz.com/ietf/tools/rfcdiff/