1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
|
Network Working Group C. Perkins
Request for Comments: 3012 Nokia Research Center
Category: Standards Track P. Calhoun
Sun Microsystems Laboratories
November 2000
Mobile IPv4 Challenge/Response Extensions
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a
mobile node can authenticate itself to a foreign agent.
Unfortunately, this extension does not provide ironclad replay
protection for the foreign agent, and does not allow for the use of
existing techniques (such as CHAP) for authenticating portable
computer devices. In this specification, we define extensions for
the Mobile IP Agent Advertisements and the Registration Request that
allow a foreign agent to use a challenge/response mechanism to
authenticate the mobile node.
Perkins & Calhoun Standards Track [Page 1]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Mobile IP Agent Advertisement Challenge Extension . . . . . 3
3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Mobile Node Processing for Registration Requests . . . 3
3.2. Foreign Agent Processing for Registration Requests . . 5
3.3. Foreign Agent Processing for Registration Replies . . 7
3.4. Home Agent Processing for the Challenge Extensions . . 7
4. MN-FA Challenge Extension . . . . . . . . . . . . . . . . . 7
5. Generalized Mobile IP Authentication Extension . . . . . . . 8
6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . . 9
7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . . 9
8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10
9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10
10. Error Values . . . . . . . . . . . . . . . . .. . . . . . . 10
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11
12. Security Considerations . . . . . . . . . . . . . . . . . . 12
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
A. Verification Infrastructure . . . . . . . . . . . . . . . . 14
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17
1. Introduction
Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a
mobile node can authenticate itself to a foreign agent.
Unfortunately, this extension does not provide ironclad replay
protection, from the point of view of the foreign agent, and does not
allow for the use of existing techniques (such as CHAP [12]) for
authenticating portable computer devices. In this specification, we
define extensions for the Mobile IP Agent Advertisements and the
Registration Request that allow a foreign agent to a use
challenge/response mechanism to authenticate the mobile node.
All SPI values defined in this document refer to values for the
Security Parameter Index, as defined in RFC 2002 [8]. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in [1].
Perkins & Calhoun Standards Track [Page 2]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
2. Mobile IP Agent Advertisement Challenge Extension
This section defines a new extension to the Router Discovery Protocol
[3] for use by foreign agents that need to issue a challenge for
authenticating mobile nodes.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Challenge Extension
Type 24
Length The length of the Challenge value in bytes; SHOULD be
at least 4
Challenge A random value that SHOULD be at least 32 bits.
The Challenge extension, illustrated in figure 1, is inserted in the
Agent Advertisements by the Foreign Agent, in order to communicate
the latest challenge value that can be used by the mobile node to
compute an authentication for its registration request message. The
challenge is selected by the foreign agent to provide local assurance
that the mobile node is not replaying any earlier registration
request. Eastlake, et al. [4] provides more information on
generating pseudo-random numbers suitable for use as values for the
challenge.
3. Operation
This section describes modifications to the Mobile IP registration
process which may occur after the Foreign Agent issues a Mobile IP
Agent Advertisement containing the Challenge on its local link.
3.1. Mobile Node Processing for Registration Requests
Whenever the Agent Advertisement contains the Challenge extension, if
the mobile node does not have a security association with the Foreign
Agent, then it MUST include the Challenge value in a MN-FA Challenge
extension to the Registration Request message. If, on the other
hand, the mobile node does have a security association with the
foreign agent, it SHOULD include the Challenge value in its
Registration Request message.
Perkins & Calhoun Standards Track [Page 3]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
If the Mobile Node has a security association with the Foreign Agent,
it MUST include a Mobile-Foreign Authentication extension in its
Registration Request message, according to the base Mobile IP
specification [8]. When the Registration Request contains the MN-FA
Challenge extension specified in section 4, the Mobile-Foreign
Authentication MUST follow the Challenge extension in the
Registration Request.
If the Mobile Node does not have a security association with the
Foreign Agent, the Mobile Node MUST include the MN-AAA Authentication
extension as defined in section 6. In addition, the Mobile Node
SHOULD include the NAI extension [2], to enable the foreign agent to
make use of any available verification infrastructure. The SPI field
of the MN-AAA Authentication extension specifies the particular
secret and algorithm (shared between the Mobile Node and the
verification infrastructure) that must be used to perform the
authentication. If the SPI value is chosen as CHAP_SPI (see section
9), then the mobile node specifies CHAP-style authentication [12]
using MD5 [11].
In either case, the MN-FA Challenge extension and one of the above
specified authentication extensions MUST follow the Mobile-Home
Authentication extension, if present.
A successful Registration Reply from the Foreign Agent MAY include a
new Challenge value (see section 3.3). The Mobile Node MAY use
either the value found in the latest Advertisement, or the one found
in the last Registration Reply from the Foreign Agent. This approach
enables the Mobile Node to make use of the challenge without having
to wait for advertisements.
A Mobile Node might receive an UNKNOWN_CHALLENGE error (see section
9) if it moves to a new Foreign Agent that cannot validate the
challenge provided in the Registration Request. In such instances,
the Mobile Node MUST use a new Challenge value in any new
registration, obtained either from an Agent Advertisement, or from a
Challenge extension to the Registration Reply containing the error.
A Mobile Node that does not include a Challenge when the Mobile-
Foreign Authentication extension is present may receive a
MISSING_CHALLENGE (see section 10) error. In this case, the foreign
agent will not process the request from the mobile node unless the
request contains a valid Challenge.
Perkins & Calhoun Standards Track [Page 4]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
A Mobile Node that receives a BAD_AUTHENTICATION error code (see
section 10) SHOULD include the MN-AAA Authentication Extension in the
next Registration Request. This will make it possible for the
Foreign Agent to use its AAA infrastructure in order to authenticate
the Mobile Node.
3.2. Foreign Agent Processing for Registration Requests
Upon receipt of the Registration Request, if the Foreign Agent has
issued a Challenge as part of its Agent Advertisements, and it does
not have a security association with the mobile node, then the
Foreign Agent MUST check that the MN-FA Challenge extension exists,
and that it contains a challenge value previously unused by the
Mobile Node. This ensures that the mobile node is not attempting to
replay a previous advertisement and authentication. If the challenge
extension is needed and does not exist, the Foreign Agent MUST send a
Registration Reply to the mobile node with the error code
MISSING_CHALLENGE.
A foreign agent that sends Agent Advertisements containing a
Challenge value MAY send a Registration Reply message with a
MISSING_CHALLENGE error if the mobile node sends a Registration
Request with a Mobile-Foreign Authentication extension without
including a Challenge. In other words, such a foreign agent MAY
refuse to process a Registration Request request from the mobile node
unless the request contains a valid Challenge.
If a mobile node retransmits a Registration Request with the same
Identification field and the same Challenge extension, and the
Foreign Agent still has a pending Registration Request record in
effect for the mobile node, then the Foreign Agent forwards the
Registration Request to the Home Agent again. In all other
circumstances, if the Foreign Agent receives a Registration Request
with a Challenge extension containing a Challenge value previously
used by that mobile node, the Foreign Agent SHOULD send a
Registration Reply to the mobile node containing the Code value
STALE_CHALLENGE.
The Foreign Agent MUST NOT accept any Challenge in the Registration
Request unless it was offered in last successful Registration Reply
issued to the Mobile Node, or else advertised as one of the last
CHALLENGE_WINDOW (see section 9) Challenge values inserted into the
immediately preceding Agent advertisements. If the Challenge is not
one of the recently advertised values, the foreign Agent SHOULD send
a Registration Reply with Code UNKNOWN_CHALLENGE (see section 10).
Perkins & Calhoun Standards Track [Page 5]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Furthermore, the Foreign Agent MUST check that there is either a
Mobile-Foreign, or a MN-AAA Authentication extension after the
Challenge extension. Any registration message containing the
Challenge extension without either of these authentication extensions
MUST be silently discarded. If the registration message contains a
Mobile-Foreign Authentication extension with an incorrect
authenticator that fails verification, the Foreign Agent MAY send a
Registration Reply to the mobile node with Code value
BAD_AUTHENTICATION (see Section 10).
If the MN-AAA Authentication extension (see Section 6) is present in
the message, or if an NAI extension is included indicating that the
mobile node belongs to a different administrative domain, the foreign
agent may take actions outside the scope of this protocol
specification to carry out the authentication of the mobile node.
The Foreign Agent MUST NOT remove the MN-AAA Authentication Extension
from the Registration Request prior to the completion of the
authentication performed by the AAA infrastructure. The appendix
provides an example of an action that could be taken by a foreign
agent.
In the event that the Challenge extension is authenticated through
the Mobile-Foreign Authentication Extension, the Foreign Agent MAY
remove the Challenge Extension from the Registration Request without
disturbing the authentication value computed by the Mobile Node for
use by the AAA or the Home Agent. If the Challenge extension is not
removed, it MUST precede the Foreign-Home Authentication extension.
If the Foreign Agent does not remove the Challenge extension, then
the Foreign Agent SHOULD store the Challenge value as part of the
pending registration request list [8]. Also in this case, the
Foreign Agent MUST reject any Registration Reply message coming from
the Home Agent that does not also include the Challenge Extension
with the same Challenge Value that was included in the Registration
Request. The Foreign Agent MUST send the rejected Registration
message to the mobile node, and change the status in the Registration
Reply to the value MISSING_CHALLENGE (see section 10).
If the Foreign Agent does remove the Challenge extension and
applicable authentication from the Registration Request message, then
it SHOULD insert the Identification field from the Registration
Request message along with its record-keeping information about the
particular Mobile Node in order to protect against replays.
Perkins & Calhoun Standards Track [Page 6]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
3.3. Foreign Agent Processing for Registration Replies
The Foreign Agent MAY include a new Challenge extension in any
Registration Reply, successful or not. If the foreign agent includes
this extension in a successful Registration Reply, the extension
SHOULD precede a MN-FA authentication extension.
Suppose the Registration Reply includes a Challenge extension from
the Home Agent, and the foreign agent wishes to include another
Challenge extension with the Registration Reply for use by the mobile
node. In that case, the foreign agent MUST delete the Challenge
extension from the Home Agent from the Registration Reply, along with
any FA-HA authentication extension, before appending the new
Challenge extension to the Registration Reply.
3.4. Home Agent Processing for the Challenge Extensions
If the Home Agent receives a Registration Request with the MN-FA
Challenge extension, and recognizes the extension, the Home Agent
MUST include the Challenge extension in the Registration Reply. The
Challenge Extension MUST be placed after the Mobile-Home
authentication extension, and the extension SHOULD be authenticated
by a Foreign-Home Authentication extension.
Since the extension type for the Challenge extension is within the
range 128-255, the Home Agent MUST process such a Registration
Request even if it does not recognize the Challenge extension [8].
In this case, the Home Agent will send a Registration Reply to the
Foreign Agent that does not include the Challenge extension.
4. MN-FA Challenge Extension
This section specifies a new Mobile IP Registration extension that is
used to satisfy a Challenge in an Agent Advertisement. The Challenge
extension to the Registration Request message is used to indicate the
challenge that the mobile node is attempting to satisfy.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Challenge...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The MN-FA Challenge Extension
Type 132 (skippable) (see [8])
Length Length of the Challenge value
Perkins & Calhoun Standards Track [Page 7]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Challenge The Challenge field is copied from the Challenge field
found in the Agent Advertisement Challenge extension
(see section 2).
5. Generalized Mobile IP Authentication Extension
Several new authentication extensions have been designed for various
control messages proposed for extensions to Mobile IP (see, for
example, [9]). A new authentication extension is required for a
mobile node to present its credentials to any other entity other than
the ones already defined; the only entities defined in the base
Mobile IP specification [8] are the home agent and the foreign agent.
It is the purpose of the generalized authentication extension defined
here to collect together data for all such new authentication
applications into a single extension type with subtypes.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP Authentication Extension
Type 36 (not skippable) (see [8])
Subtype a number assigned to identify the kind of
endpoints or characteristics of the particular
authentication strategy
Length 4 plus the number of bytes in the Authenticator;
MUST be at least 20.
SPI Security Parameters Index
Authenticator The variable length Authenticator field
In this document, only one subtype is defined:
1 MN-AAA Authentication subtype (see section 6)
Perkins & Calhoun Standards Track [Page 8]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
6. MN-AAA Authentication subtype
The Generalized Authentication extension with subtype 1 will be
referred to as a MN-AAA Authentication extension. If the mobile node
does not include a Mobile-Foreign Authentication [8] extension, then
it MUST include the MN-AAA Authentication extension whenever the
Challenge extension is present. If the MN-AAA Authentication
extension is present, then the Registration Message sent by the
mobile node MUST contain the Mobile-HA Authentication extension [8]
if it shares a security association with the Home Agent. If present,
the Mobile-HA Authentication Extension MUST appear prior to the MN-
AAA Authentication extension. The mobile node MAY include a MN-AAA
Authentication extension in any Registration Request. The
corresponding response MUST include the MN-HA Authentication
Extension, and MUST NOT include the MN-AAA Authentication Extension.
The default algorithm for computation of the authenticator is HMAC-
MD5 [5] computed on the following data, in the order shown:
Preceding Mobile IP data || Type, Subtype, Length, SPI
where the Type, Length, Subtype, and SPI are as shown in section 5.
The resulting function call, as described in [5], would be:
hmac_md5(data, datalen, Key, KeyLength, authenticator);
Each mobile node MUST support the ability to produce the
authenticator by using HMAC-MD5 as shown. Just as with Mobile IP,
this default algorithm MUST be able to be configured for selection at
any arbitrary 32-bit SPI outside of the SPIs in the reserved range
0-255.
7. Reserved SPIs for Mobile IP
Mobile IP defines several authentication extensions for use in
Registration Requests and Replies. Each authentication extension
carries a Security Parameters Index (SPI) which should be used to
index a table of security associations. Values in the range 0 - 255
are reserved for special use. A list of reserved SPI numbers is to
be maintained by IANA at the following URL:
http://www.iana.org/numbers.html
Perkins & Calhoun Standards Track [Page 9]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
8. SPI For RADIUS AAA Servers
Some AAA servers only admit a single security association, and thus
do not use the SPI numbers for Mobile IP authentication extensions
for use when determining the security association that would be
necessary for verifying the authentication information included with
the Authentication extension.
SPI number CHAP_SPI (see section 9) is reserved (see section 7) for
indicating the following procedure for computing authentication data
(called the "authenticator"), which is used by many RADIUS servers
[10] today.
To compute the authenticator, apply MD5 [11] computed on the
following data, in the order shown:
High-order byte from Challenge || Key ||
MD5(Preceding Mobile IP data ||
Type, Subtype (if present), Length, SPI) ||
Least-order 237 bytes from Challenge
where the Type, Length, SPI, and possibly Subtype, are the fields of
the authentication extension in use. For instance, all four of these
fields would be in use when SPI == CHAP_SPI is used with the
Generalized Authentication extension. Since the RADIUS protocol
cannot carry attributes greater than 253 in size, the preceding
Mobile IP data, type, subtype (if present), length and SPI are hashed
using MD5. Finally, the least significant 237 bytes of the challenge
are concatenated.
9. Configurable Parameters
Every Mobile IP agent supporting the extensions defined in this
document SHOULD be able to configure each parameter in the following
table. Each table entry contains the name of the parameter, the
default value, and the section of the document in which the parameter
first appears.
Parameter Name Default Value Section(s) of Document
-------------- ------------- ----------------------
CHALLENGE_WINDOW 2 3.2
CHAP_SPI 2 8
10. Error Values
Each entry in the following table contains the name of Code [8] to be
returned in a Registration Reply, the value for the Code, and the
section in which the error is first mentioned in this specification.
Perkins & Calhoun Standards Track [Page 10]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Error Name Value Section of Document
---------------------- ----- -------------------
UNKNOWN_CHALLENGE 104 3.2
BAD_AUTHENTICATION 67 3.2 - also see [8]
MISSING_CHALLENGE 105 3.1,3.2
STALE_CHALLENGE 106 3.2
11. IANA Considerations
The Generalized Mobile IP Authentication extension defined in Section
5 is a Mobile IP registration extension as defined in RFC 2002 [8]
and extended in RFC 2356 [7]. IANA should assign a value of 36 for
this extension.
A new number space is to be created for enumerating subtypes of the
Generalized Authentication extension (see section 5). New subtypes
of the Generalized Authentication extension, other than the number
(1) for the MN-AAA authentication extension specified in section 6,
must be specified and approved by a designated expert.
The MN-FA Challenge Extension defined in Section 4 is a router
advertisement extension as defined in RFC 1256 [3] and extended in
RFC 2002 [8]. IANA should assign a value of 132 for this purpose.
The Code values defined in Section 10 are error codes as defined in
RFC 2002 [8] and extended in RFC 2344 [6] and RFC 2356 [7]. They
correspond to error values conventionally associated with rejection
by the foreign agent (i.e., values from the range 64-127). The Code
value 67 is a pre-existing value which is to be used in some cases
with the extension defined in this specification. IANA should record
the values as defined in Section 10.
A new section for enumerating algorithms identified by specific SPIs
within the range 0-255 is to be added to
http://www.isi.edu/in-notes/iana/assignments/mobileip-numbers.
The CHAP_SPI number (2) discussed in section 8 is to be assigned from
this range of reserved SPI numbers. New assignments from this
reserved range must be specified and approved by the Mobile IP
working group. SPI number 1 should not be assigned unless in the
future the Mobile IP working group decides that SKIP is not important
for enumeration in the list of reserved numbers. SPI number 0 should
not be assigned.
Perkins & Calhoun Standards Track [Page 11]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
12. Security Considerations
In the event that a malicious mobile node attempts to replay the
authenticator for an old MN-FA Challenge, the Foreign Agent would
detect it since the agent always checks whether it has recently
advertised the Challenge (see section 3.2). Allowing mobile nodes
with different IP addresses or NAIs to use the same Challenge value
does not represent a security vulnerability, because the
authentication data provided by the mobile node will be computed over
data that is different (at least by the bytes of the mobile nodes' IP
addresses).
Whenever a Foreign Agent updates a field of the Registration Reply
(as suggested in section 3.2), it invalidates the authentication data
supplied by the Home Agent in the MN-HA Authentication extension to
the Registration Reply. Thus, this opens up a security exposure
whereby a node might try to supply a bogus Registration Reply to a
mobile node that causes the mobile node to act as if its Registration
Reply were rejected. This might happen when, in fact, a Registration
Reply showing acceptance of the registration might soon be received
by the mobile node.
If the foreign agent chooses a Challenge value (see section 2) with
fewer than 4 bytes, the foreign agent SHOULD maintain records that
also the Identification field for the mobile node. The foreign agent
can then find assurance that the Registration messages using the
short Challenge value are in fact unique, and thus assuredly not
replayed from any earlier registration.
Section 8 (SPI For RADIUS AAA Servers) defines a method of computing
the Generalized Mobile IP Authentication Extension's authenticator
field using MD5 in a manner that is consistent with RADIUS [10]. The
use of MD5 in the method described in Section 8 is less secure than
HMAC-MD5 [5], and should be avoided whenever possible.
13. Acknowledgements
The authors would like to thank Tom Hiller, Mark Munson, the TIA
TR45-6 WG, Gabriel Montenegro, Vipul Gupta, and Pete McCann for their
useful discussions. A recent draft by Mohamed Khalil, Raja
Narayanan, Emad Qaddoura, and Haseeb Akhtar has also suggested the
definition of a generalized authentication extension similar to the
specification contained in section 5.
Perkins & Calhoun Standards Track [Page 12]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Calhoun, P. and C. Perkins. "Mobile IP Network Access Identifier
Extension for IPv4", RFC 2794, January 2000.
[3] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.
[4] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
[5] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[6] Montenegro, G., "Reverse Tunneling for Mobile IP", RFC 2344, May
1998.
[7] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for
Mobile IP", RFC 2356, June 1998.
[8] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[9] Perkins, C. and D. Johnson, "Route Optimization in Mobile IP",
Work in Progress.
[10] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2138, April
1997.
[11] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
1992.
[12] Simpson, W., "PPP Challenge Handshake Authentication Protocol
(CHAP)", RFC 1994, August 1996.
Perkins & Calhoun Standards Track [Page 13]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
A. Verification Infrastructure
The Challenge extensions in this protocol specification are expected
to be useful to help the Foreign Agent manage connectivity for
visiting mobile nodes, even in situations where the foreign agent
does not have any security association with the mobile node or the
mobile node's home agent. In order to carry out the necessary
authentication, it is expected that the foreign agent will need the
assistance of external administrative systems, which have come to be
called AAA systems. For the purposes of this document, we call the
external administrative support the "verification infrastructure".
The verification infrastructure is described to motivate the design
of the protocol elements defined in this document, and is not
strictly needed for the protocol to work. The foreign agent is free
to use any means at its disposal to verify the credentials of the
mobile node. This could, for instance, rely on a separate protocol
between the foreign agent and the Mobile IP home agent, and still be
completely invisible to the mobile node.
In order to verify the credentials of the mobile node, we imagine
that the foreign agent has access to a verification infrastructure
that can return a secure notification to the foreign agent that the
authentication has been performed, along with the results of that
authentication. This infrastructure may be visualized as shown in
figure 4.
+----------------------------------------------------+
| |
| Verification and Key Management Infrastructure |
| |
+----------------------------------------------------+
^ | ^ |
| | | |
| v | v
+---------------+ +---------------+
| | | |
| Foreign Agent | | Home Agent |
| | | |
+---------------+ +---------------+
Figure 4: The Verification Infrastructure
After the foreign agent gets the Challenge authentication, it MAY
pass the authentication to the (here unspecified) infrastructure, and
await a Registration Reply. If the Reply has a positive status
(indicating that the registration was accepted), the foreign agent
Perkins & Calhoun Standards Track [Page 14]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
accepts the registration. If the Reply contains the Code value
BAD_AUTHENTICATION (see Section 10), the foreign agent takes actions
indicated for rejected registrations.
Implicit in this picture, is the important observation that the
Foreign Agent and the Home Agent have to be equipped to make use of
whatever protocol is made available to them by the challenge
verification and key management infrastructure shown in the figure.
The protocol messages for handling the authentication within the
verification infrastructure, and identity of the agent performing the
verification of the Foreign Agent challenge, are not specified in
this document, because those operations do not have to be performed
by any Mobile IP entity.
Addresses
The working group can be contacted via the current chairs:
Basavaraj Patil
Nokia Corporation
6000 Connection Drive
M/S M8-540
Irving, Texas 75039
USA
Phone: +1 972-894-6709
Fax : +1 972-894-5349
EMail: Basavaraj.Patil@nokia.com
Phil Roberts
Motorola
1501 West Shure Drive
Arlington Heights, IL 60004
USA
Phone:+1 847-632-3148
EMail: QA3445@email.mot.com
Perkins & Calhoun Standards Track [Page 15]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Questions about this memo can also be directed to the authors:
Charles E. Perkins
Communications Systems Lab
Nokia Research Center
313 Fairchild Drive
Mountain View, California 94043
USA
Phone: +1-650 625-2986
Fax: +1 650 625-2502
EMail: charliep@iprg.nokia.com
Pat R. Calhoun
Network & Security Center
Sun Microsystems Laboratories
15 Network Circle
Menlo Park, California 94025
USA
Phone: +1 650-786-7733
Fax: +1 650-786-6445
EMail: pcalhoun@eng.sun.com
Perkins & Calhoun Standards Track [Page 16]
^L
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Perkins & Calhoun Standards Track [Page 17]
^L
|