IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0373-00-0000 Title: Issues on UIR bit Date Submitted: October, 28, 2007 Presented at IEEE 802.21 session 22.5 in New Jersey Authors or Source(s):  Yoshihiro Ohba Abstract: This contribution analyzes issues related to UIR bit of MIH protocol header for resolution of SB Comment 206. 21-07-0373-00-0000

IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>  IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>  21-07-0373-00-0000

UIR (Unauthenticated Information Request) The current definition of UIR bit (Page 151, Line 43): “This field is used to indicate if the protocol message is sent preauthentication/pre-association so that the length of the response message can be limited.” Sponsor Ballot Comment 206: Comment: “UIR bit usage is not clear. Which entity is supposed to set this bit? If MN is supposed to set this bit, how PoS can trust that MN is authenticated when the bit is not set? The underlying assumption for the response limiting using this bit to work is not clear.” Suggestion: “Delete the UIR bit or add more text that answers to those questions. 21-07-0373-00-0000

Issue 1: Transport Protocol Dependency It seems that PoA is responsible for setting the UIR bit of MIH messages originated by unauthenticated MN, and thus PoA needs to be a trusted entity to PoS. What is the identity of PoA? The Source Identifier TLV does not serve for identifying PoA if it is MN’s MIHF-ID The identity of PoA must be a transport protocol dependent identifier such as an IP address This means that the access control mechanism using UIR bit has transport protocol dependency, as opposed to its original purpose With transport protocol dependency, other solutions are possible without use of UIR, by using different transport protocol dependent identifiers to distinguish MIH messages originated from unauthenticated MNs, such as use of different IP addresses and/or port numbers 21-07-0373-00-0000

Issue 2: Access Control Responsibility It is not clear whether MIHF or MIH user on PoS is responsible for the execution of access control using the UIR bit, including: limiting the response message size limiting the types of IEs to be included in the response message If MIHF is responsible for the access control, MIHF can be very complex since it has to know service-specific contents If MIH user is responsible for the access control, the access control mechanism does not work since there is no parameter in any MIH primitive to convey the UIR bit 21-07-0373-00-0000

Conclusion The need for UIR bit is not clear and its definition is incomplete MIH-level access control being studied in Security SG is more appropriate to address the access control issue for unauthenticated MN Suggestion: Remove UIR bit from the specification and expect future Security Task Group to solve the problem 21-07-0373-00-0000