1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Secure Mobile IP Communication
INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Mobile Communications-Network Protocols/Mobile IP
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Mobile IP in Wireless Cellular Systems from several perspectives Charles E. Perkins Nokia Research Center.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Sun Microsystems, Inc. Security for Mobile IP in the 3G Networks Pat R. Calhoun Network and Security Center Sun Microsystems, Inc.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.
1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.
Seamless Handover in Terrestrial Radio Access Networks: A Case Study 第 5 組 彭瑱瑞 李政穎 陳冠男 郝晉杰.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
1 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Draft-ietf-mobileip-vpn-problem-solution-02 Sami Vaarala Netseal.
WIRELESS FORUM IX CONFIDENTIAL A Multicast-based Protocol for IP Mobility Support Ahmed Helmy, Assist. Prof. Electrical Engineering Dept Univ. of Southern.
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.
1 A VPN based approach to secure WLAN access John Floroiu
MOBILITY Beyond Third Generation Cellular Feb
ENABLING TECHNOLOGIES FOR 4G NETWORKS BY ADEL AL-SHAHRANI June 3, 2003.
IETF WG Presentation1. IETF WG Presentation2 General Description This group develops or adopts architectures and protocols to support mobility inside.
Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 SAMSUNG BCMCS Security Architecture and Key Management JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization.
: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
WLAN IW Enhancement for Multiple Authentications Support QUALCOMM Inc.: Raymond Hsu, QUALCOMM Inc.: Masa Shirota,
Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.
Mobility Support in IPv6 (MIPv6)
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
EA C451 Vishal Gupta.
2002 IPv6 技術巡迴研討會 IPv6 Mobility
Wireless Communication CDMA EVDO Systems
Mobile IP in Wireless Cellular Systems
Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.
Mobile IP Regional Registration
Security Activities in IETF in support of Mobile IP
Chapter 24 Mobile IP.
Presentation transcript:

1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long

2 © 1999, Cisco Systems, Inc. Cisco Confidential Outline Requirements Architecture and trust Model VPN access Optimizations Conclusions

3 © 1999, Cisco Systems, Inc. Cisco Confidential Requirements Authentication of the HA and MN Authentication of the HA and FA Compulsory secure tunneling between the HA and the FA Roaming support to non-home wireless carrier networks (Could be ISP)

4 © 1999, Cisco Systems, Inc. Cisco Confidential Requirements The Handoff delay should be minimized. Dynamic Home Address Allocation Assurance of service offering to the Home- WL/ISP Dynamic Home Agent Allocation.

5 © 1999, Cisco Systems, Inc. Cisco Confidential Desirable Features No changes to the RADIUS protocols No Changes to IKE/IPsec No Changes to Mobile IP Perform IKE and IPsec in order to secure traffic into the corporate network It may not be feasible for HAAA to be outside the Firewall

6 © 1999, Cisco Systems, Inc. Cisco Confidential Architecture Foreign Wireless operators AAA Server 2Gnarrowband digital GSM IS-54/13 PDC Home Wireless operator or ISP HA Home AAA Server HA PDSN/FA

7 © 1999, Cisco Systems, Inc. Cisco Confidential Security HA-MN Shared Key HA and FA have Certificates Shared Key between FA and FAAA, and HA and HAAA

8 © 1999, Cisco Systems, Inc. Cisco Confidential Authentication-Basic Req Req (NAI) MNPDSNFAAA Advertisement HA HAAA Opt-AccessReply AccessReq AccessReply Home- WL/ISP Opt- AccessReq Opt-AccessReply IKE Messages (3 round trips) RegReply Req (NAI) Uses existing protocols Additionally uses NAI Draft Access Request and IKE can happen in parallel Uses existing protocols Additionally uses NAI Draft Access Request and IKE can happen in parallel

9 © 1999, Cisco Systems, Inc. Cisco Confidential Optimizations/Optional Flows Challenge Response Tokens IKE Private Payloads Public Key methods can be used to sign mobile IP Reg Req/Rep message IPSec or SSL between entities

10 © 1999, Cisco Systems, Inc. Cisco Confidential Opt-Challenge Response Req Req (NAI, opt- Challenge, responce) MNPDSNFAAA Advertisement (opt-Challenge) HA HAAA Opt-AccessReply AccessReq (CHAP) AccessReply Home- WL/ISP Opt- AccessReq (CHAP) Opt-AccessReply IKE Messages (3 round trips) RegReply Req (NAI) Uses existing protocols Additionally uses NAI Draft, and Challenge Response Uses existing protocols Additionally uses NAI Draft, and Challenge Response

11 © 1999, Cisco Systems, Inc. Cisco Confidential Opt-IKE Private Payloads Send mobile IP registration message as a Private Payload in IKE phase I messages Req Req (NAI) MNPDSNFAAA Advertisement HA HAAA Opt-AccessReply AccessReq AccessReply Home- WL/ISP Opt- AccessReq Opt-AccessReply IKE Messages (3 round trips) Uses existing protocols Additionally uses NAI Draft Have to define mobileip payload Uses existing protocols Additionally uses NAI Draft Have to define mobileip payload Req (NAI) RegReply

12 © 1999, Cisco Systems, Inc. Cisco Confidential Opt- Token Token is sent by the HA to the FA Option 1: HA generates a token (signing with Private Key) Option 2: Obtain the Token from Home-WL/ISP (Similar to OSP (Open Settlement Protocol- ETSI TIPHON)) MNPDSNFAAA HA HAAA Home- WL/ISP RegReply[Token] RegReply Req (NAI) Opt-Authorization Req[Token] Opt-Authorization Rep[Token]

13 © 1999, Cisco Systems, Inc. Cisco Confidential Conclusions Proposal uses existing protocols Optimizations for consideration

14 © 1999, Cisco Systems, Inc. Cisco Confidential References Mobile IP (RFC2002, draft-ietf-mobileip-mn-nai-00.txt, draft-ietf- mobileip-challenge-01.txt, draft-gupta-mobileip-inline- secparams-00.txt) IP Security (RFC2401, RFC2402, RFC2406) IKE (RFC2409) TIPHON Inter-domain, pricing, authorization, and usage exchange TS V1.4.2 ( )

15 © 1999, Cisco Systems, Inc. Cisco Confidential Enabling Wireless Data Services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.