21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: MIH security issues Date Submitted: July, 02, 2007 Presented at IEEE session #NN in City Authors or Source(s): Maryna Komarova Abstract: This document discusses security problems related to the handover preparation and to the authentication in a new administrative domain.
21-07-xxxx IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6
21-07-xxxx When authentication is needed Handover preparation: A MN should be able to obtain IEEE information before being authenticated to the point of attachment. Communication with Information Service is not authenticated and the received information is not reliable. Any messages exchanged between two MIHF must be integrity and reply protected over secure transport. Authenication between the target acces network and the MN: Mutual authentication is strongly required; The confidentiality of communication must be assured: key material must be created as a result of the authentication;
21-07-xxxx Problems For intra-technology handovers IEEE believes that the expected interruption time should not exceed 100 ms for real time services [document GPP-LS- Response]; Mutual authentication introduces significant delay to the overall handover latency (more than 100 ms); Pre-authentication is a costly process when a transition to many networks is possible; Each administrative domain implements its own authentication methods; Authentication methods and type of credentials either should be negotiated between the MN and the Authenticator or they should be unified.
21-07-xxxx Usage scenario: Handover preparation The Information Service belongs to the administrative domain where the MN is authenticated: Key hierarchy approach may be used; The Information Service is located in another network: Authentication is needed;
21-07-xxxx Usage scenario: Authentication in the target domain A mobile device can make a transition between two LANs deployed by different administrative domains; There is no trust between the mobile device and the target network; The mobile device trusts some entity that has established trust relationships with the target network.
21-07-xxxx Presence of trust relationships
21-07-xxxx Proposals: authentication-based transition Decompose the authentication into Pre-authentication signaling and Fast re-authentication in the target network. The authentication must be independent of: Transport; Technology; The authentication method used previously; Provide key material generation for future key establishment; Deploy an extension of EAP: EAP is extensible; EAP is mode and media independent; EAP is used in , and 3GPP standards;
21-07-xxxx Pre-authentication signalling Aim: provide a user with credentials (proofs of his identity) and enable him to verify the identity of the target network; Use the fact that the MN was successfully authenticated by an entity trusted by the target domain; Decide what entities are responsible for issuing credentials in different scenarios of trust/roaming agreements presence; Signaling optimization: Combine location update to the home network/broker with the request for credentials; Envisage proactive and reactive modes of signaling Proactive mode: after transition to a new network the MN asks credentials for all access networks reachable from the current location; Reactive mode: the MN asks credentials when it decides to handover to a new network.
21-07-xxxx Fast Re-Authentication Aim: reduce the latency of mobile node’s authentication in a new administrative domain; Use credentials acquired as a result of pre-authentication signaling;
21-07-xxxx Comments/Q&A