Securing Robust Header Compression (ROHC)

The desire for the cellular and wireless industry to converge on an all-IP infrastructure, fueled by the increased usage of mobile applications on smart phones and VoIP applications have pushed research in maximizing bandwidth efficiency amidst a shrinking allocation of RF spectrum. One method of providing increased bandwidth efficiency (especially with the desire to move to IPv6), is the use of RObust Header Compression (ROHC-RFC5225) to compress headers from the network layer and above into small identifiers before sending packets to the link layer. ROHCv1 and ROHCv2 have been adopted and is in the roadmaps for usage on High Speed Packet Access (HSPA), Long Term Evolution (LTE) and Evolution Data Optimized (EV-DO) mobile phone networks. Although the promise of significant bandwidth savings can be achieved using ROHC, the stateful nature of the protocol leads to potential compromises. In this paper, we examine three attacks on the ROHC protocol that result in denial of service and packet interception and their affect on networks that use ROHC to compress and decompress IP headers. Additionally, we propose three simple methods to mitigate the attacks.