1 Local Security Association (LSA) The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le.

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
H ELSINKI U NIVERSITY OF T ECHNOLOGY AAA Architecture for hierarchical wireless Mobile IPv4 Tom Weckström Telecommunications Software and Multimedia Laboratory.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate
EN/FAD How can AAA infrastructure support services and applications in roaming architectures Ericsson Bay Area Research (EBAR) Theodore Havinis.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
1 Utilizing Multiple Home Links on Mobile IPv6 Waseda University Hongbo Shi Shigeki Goto
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.
50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)
1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long.
1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
AAA Registration Keys Charles E. Perkins/Nokia Research Pat R. Calhoun/Sun Microsystems.
AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
1 A VPN based approach to secure WLAN access John Floroiu
Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.
URP Usage Scenarios for Mobility James Kempf Sun Microsystems, Inc.
Title: Placement of ROHC, Authenticator and Requirements for a robust Mobility Management Scheme Abstract: This contribution proposes a new architectural.
Problem Scope Objective To demonstrate/determine clearly the need for an edge protocol that allows a user to interact with an agent in the network for.
Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.
Requirements For Handover Information Services MIPSHOP – IETF #65 Srinivas Sreemanthula (Ed.)
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
Mobility for IP: Performance, Signaling and Handoff Optimization (MIPSHOP) IETF 73, November 2008 Vijay Devarapalli
Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.
Load Balance for Distributed Home Agents in Mobile IPv6 draft-deng-mip6-ha-loadbalance-02.txt Hui Deng Hitachi (China) Brian HaleyHewlett-Packard Company.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Related Issues Which layer URP should operate? Candidate: Network Layer, or Application Layer Discovery of Registration Agent (RA) (depends upon who initiates.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
MIPv4-Diameter Update Tom Hiller Lucent Technologies.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Network Based Connectivity and Mobility Management for IPv4 draft-chowdhury-netmip4-00.txt Kuntal Chowdhury IETF-65.
Carrying Location Objects in RADIUS
for IP Mobility Protocols
with distributed anchor routers
ERP extension for EAP Early-authentication Protocol (EEP)
draft-corujo-ps-common-interfaces-lmm-00
IETF67 B. Patil, Gopal D., S. Gundavelli, K. Chowdhury
User Registration Protocol BoF
Mobile IP Regional Registration
Presentation transcript:

1 Local Security Association (LSA) The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le

2 What? A secure mechanism to setup a Local Security Association between the user and the visited domain An LSA can be utilized for various purposes, including: securing message exchanges between user and the visited domain deriving secondary LSAs between user and visited domain without involving home domain The mechanism proposed in the draft defines a Temporary Shared Key to setup the LSA Mechanisms to setup LSAs can be of benefit to URP as an edge protocol (LSA between user and the Registration Agent or Access Router)

3 The Framework Home Domain Visited Domain AAAh AAAl AAAc RA NAS LT-SA Assumptions: a long term SA is shared between the user and its home domain long term SA used for: user/network authentication for generation of LSAs URP LT-SA FA Scope of LT-SA Scope of LSA

4 TSK Features The Temporary Shared Key is securely established between the user and the visited domain TSK allows subsequent: user authentication without involvement of the home domain network authentication without involvement of the home domain establishment of secondary LSAs (e.g. MN-AR, MN-FA)

5 TSK Applicability applicable to any application, e.g. Mobile IPv4: – Authentication – Key distribution Examples of key distribution scenarios key distribution to FA (MIPv4) key distribution to HA in Foreign Domain (MIPv4) keys for User-AR: data protection over the access link

6 TSK Benefits Use of TSK reduces the signaling between the home and visited domains enables frequent user authentications Enables frequent refreshing of secondary LSAs Use of TSK reduces the time delay of procedures (user authentication and key distribution)

7 draft-le-aaa-lsa-tsk-00.txt The TSK draft describes the procedures for: TSK Establishment TSK Distribution TSK Update TSK Revocation

8 TSK and URP Draft-le-aaa-lsa-tsk-00.txt describes the exchange of information between the user and the visited and home domains No protocol is specified to carry such information URP is a good candidate Usage of LSA empowers URP as edge protocol Relation between URP and AAA from the point of view of LSA Registration Agent is AAAc

9 Conclusion A potential mechanism for URP to setup a Local Security Association between the user and the visited/access network: the TSK TSK as the mechanism used together with URP to setup LSA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.