Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003

What are we Bootstrapping? Not just a HA nor just a MN It takes two to tango Bootstrapping a security association between two devices, such that one is enabled as an MN and the other as its HA Bootstrapping a Mobility Security Association (MSA)

Why Bootstrapping Mobility Securely? Reduces RTT on HA/MN tunnels (optimal HA for distant locations) Hides MN topological location (though this precludes route optimization). Reduced configuration required (on either the MN or the HA) MN resilience to network renumbering Enables network to assign MN's to HA administratively Allows for HA load balancing by assigning MN according to load Authorizes a device to become an MN (security-wise)

Possible scenarios (1/2) No previous credential: Not a MIP6 issue? –Leap-of-faith: Too risky (the whole RO was predicated on some genuine trust or accountability between MN&HA) –Enrollment out-of-band model (separate path for confirmation via , human exchange) Transitive Trusted Introduction (visa/mcard, merchant, consumer) – reusable models?

Possible scenarios (2/2) Rolling over a Non-Mobile Security Association (e.g., Enterprise PKI, AAA infrastructure etc.) –Probably work on this Rolling over an existing MSA: –Existing HA with a new MN (RFC3041 private address scenario) –Existing MN to acquire a new HA (Dynamic HA scenario) –Yes, work on this

Existing MSA Certificate Possible meanings of bootstrap: –Complete the MN's Cert with info on HA –Change its HA info from HA_orig to HA_new (temp, permanent) –Complete the HA's Cert with info on MN –Change its MN info from MN_orig to MN_new (temp, permanent)

MIPv6 Dynamic MSA Outline Mobile Node comes up in a foreign domain, renumbering, creates an RFC3041, etc Performs authentication and is authorized to enter network as a roamer. –Authentication via EAPoL2 –PANA –EAP over IKEv2 Results in authentication and configuration info perhaps via a credential provisioning process

Further thoughts on Dynamic MSA’s Secure location of dynamic HA? –Protocol in Section of base draft is not secure. –IKE required w. anycast address – is this possible? –Issues w. IPsec on ICMP messages. –Encourage trend toward standardized, securable configuration/service discovery mechanisms. Establish an SA for draft-ietf-mobileip-mipv6-ha-ipsec-06.txt but… Is the MN authorized for HA service? –Binding between IKE and AAA. Not standardized in IKEv1. –Use IKEv2 EAP over IKE (Section 2.16). IDi instead of IKE AUTH in Message 2 from MN to HA. HA responds with EAP to initiate the EAP exchange. Shared key may be established as part of exchange (e.g. preshared secret). How to securely assign MN a HoA? –IKEv2 CFG_REQUEST (Section 2.19)? –DHCP in IKE (draft-ietf-ipsec-dhcp-over-ike-00.txt)?

Credential Provisioning What to create: Mobile IP variant of draft-ietf-ipsec-pki profile: "Certificate Extensions and Attributes for Mobile IP" ?? How to create them? Variant of: –draft-ietf-ipsra-pic* (over IKE) (which is a variant of draft-bellovin-ipsra-getcert-* ) –EAP to an auth server, which provisions credentials to the MN which can be used later MN and private addresses: –concept of a session –during the session, an MN-issued rfc3281 Attrib Cert(ideally a real authorization cert via SPKI) enables the rfc3041 address –communication outside of scope?