1 Background and Introduction. 2 Outline History Scope Administrative.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1 Mobile IP Myungchul Kim Tel:

Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Network Initiated Handovers T. Melia, J. Korhonen, R. Aguiar, S. Sreemanthula, V. Gupta Based on draft-melia-mipshop-niho-ps-00.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

What Makes for a Successful Protocol? Presented By: Nigel Medforth.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.

PaC with unspecified IP address. Requirements Assigning an IP address to the client is outside the scope of PANA. PANA protocol design MAY require the.

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

IPv6 Site Renumbering Gap Analysis draft-liu-6renum-gap-analysis-01 draft-liu-6renum-gap-analysis-01 Bing Liu Sheng Jiang IETF July

Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

AIMS Workshop Heidelberg, 9-11 March 1998 P717 & P805: SIRTE Study for Internet Roaming Throughout Europe Franco Guadagni - Telecom Italia / CSELT

A Mobile-IP Based Mobility System for Wireless Metropolitan Area Networks Chung-Kuo Chang; Parallel Processing, ICPP 2005 Workshops. International.

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

Integration of 6LoWPAN into IP networks draft-cansever-6lowpan-integration-00.txt Derya Cansever Geoff Mulligan Carl Williams.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

1 November 2006 in Dagstuhl, Germany

Russ Housley IETF Chair Internet2 Spring Member Meeting 28 April 2009 Successful Protocol Development.

ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.

EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

1 A VPN based approach to secure WLAN access John Floroiu

1 Lessons from IPv6 Steven M. Bellovin

GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.

RFC 4477 DHCP: Dual-Stack Issues Speaker: Ching-Chen Chang Date:

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.

Wireless security Wi–Fi (802.11) Security

Doc.: IEEE /0093r0 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka

1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.

DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.

November 2001 Lars Falk, TeliaSlide 1 doc.: IEEE /617r1 Submission Status of 3G Interworking Lars Falk, Telia.

Doc.: IEEE /0010r1 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,

DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

Lecture 14 Mobile IP. Mobile IP (or MIP) is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile.

IPv4/IPv6 Interoperability for Mobility Carl Williams Hesham Soliman Pekka Sovalo.

Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.

Introduction Wireless devices offering IP connectivity

Informing AAA about what lower layer protocol is carrying EAP

for IP Mobility Protocols

Jari Arkko Bernard Aboba

IETF67 B. Patil, Gopal D., S. Gundavelli, K. Chowdhury

Securing Access to Mobile Operator Core Networks using IKEv2

Lecture 4a Mobile IP 1.

Presentation transcript:

1 Background and Introduction

2 Outline History Scope Administrative

3 History 1/4 Recent interest in using EAP in various IETF WGs Traditional, network access-related use in PPP, PANA (and IEEE of course) VPN usage in IKEv2 Other kinds of use or proposals in MIP6, DHC, NSIS, ISMS, EAP Multi-Hop Bar BoF, … Some of this usage may be outside originally intended application of EAP

4 History 2/4 EAP co-chairs and ADs were interested in this –What’s the problem? –Why are we seeing such an interest? –What’s the right solution? Trying to take a step back and analyze the situation

5 History 3/4 Deployment problems for security –Effort needed in set-up too much for some cases –Initial plans for security are often (too?) ambitious –In many cases most of the cost in security is in deployment –Example: calculate the investment to upgrade all GSM SIM cards to new ones -- N = 1.5G, process cost per unit ~ 20$ Increased number of roaming, mobile users –Can not rely on local shared secrets Technical problems in some of the solutions for securing our protocols

6 History 4/4 Functional growth in the IP layer –IPv6 ND does more than ARP –Mobility mechanisms and optimizations –Network access functions –The requirements for security are higher... These issues have led people to look for reuse of security that already exists for other purposes –Don’t have to deploy new credentials –Don’t have to invent new protocols

7 Some Concrete Examples... DHCP typically not secured, although security solutions exist for it Original IPv6 ND security had technical and deployment problems -- later replaced by SEND (but no deployment experience yet) Mobile IPv6 requires strong security between home agents and mobile nodes; setting this up has proved challenging in practice -- also unable to use existing shared secrets in AAA

8 Scope for the BoF Talk about the needs (the problem) in the various WGs Talk about the different potential solutions (at a high level, no bits) Goals of this BoF are primary educational: –We learn more about the problems –We learn more about the solutions –Find others who have the same problems

9 Non-Scope for the BoF Start protocol work -- this is a one-time discussion forum Take work over from WGs -- the relevant WGs have the responsibility to develop their own solutions Argue about EAP applicability rules -- we will mention these but try to focus on high- level solution alternatives rather than a single protocol