URP Usage Scenarios for Mobility James Kempf Sun Microsystems, Inc.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Enabling Secure Internet Access with ISA Server

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Akshat Sharma Samarth Shah

Doc.: IEEE /243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

A Survey of Secure Wireless Ad Hoc Routing

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Motivation for Context Aware Mobility 69 th IETF Chicago – MobOpts WG Eranga Perera (NICTA), Blume O. (Alcatel-Lucent), Georgiades M. (Uni of Surrey),

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Lecture 3a Mobile IP 1. Outline How to support Internet mobility? – by Mobile IP. Our discussion will be based on IPv4 (the current version). 2.

Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.

Mobile IP, PMIP, FMC, and a little bit more

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

AAA Registration Keys Charles E. Perkins/Nokia Research Pat R. Calhoun/Sun Microsystems.

1 Local Security Association (LSA) The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Lesson 2 – IP Addressing IP Address (IPv4 – Version 4) Private and Public Address Brief Introduction to IPv6 – Version 6.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

MOBILITY Beyond Third Generation Cellular Feb

Problem Scope Objective To demonstrate/determine clearly the need for an edge protocol that allows a user to interact with an agent in the network for.

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

Update on SEND Keys Draft draft-kempf-mipshop-handover-key-00.txt James Kempf DoCoMo Labs USA Rajeev Koodli Nokia

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

PAGE 1 A Firewall Control Protocol (FCON) draft-soliman-firewall-control-00 Hesham Soliman Greg Daley Suresh Krishnan

Routing Information Protocol

An Introduction to Mobile IPv4

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

IP Address Location Privacy and Mobile IPv6: Problem Statement draft-irtf-mobopts-location-privacy-PS-00.txt Rajeev Koodli.

Related Issues Which layer URP should operate? Candidate: Network Layer, or Application Layer Discovery of Registration Agent (RA) (depends upon who initiates.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.

Security Issues With Mobile IP

Automatic Subnet Numbering

Support for Flow bindings in MIPv6 and NEMO

Computer Networks Mobile IP.

Preventing Denial of Service Attacks

Pat R. Calhoun Sun Microsystems, Inc.

Cryptographic Protocols

User Registration Protocol BoF

Chapter 15. Internet Protocol

AAA: A Survey and a Policy- Based Architecture and Framework

Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.

Chapter 24 Mobile IP.

Lecture 4a Mobile IP 1.

Computer Networks Protocols

Presentation transcript:

URP Usage Scenarios for Mobility James Kempf Sun Microsystems, Inc.

Problem Statement:Service Authorization Protocol exchange involved in authorizing a Mobile Node for particular network services after handover is often more extensive than actually setting up the service itself (ex. COPS flows in draft-thomas- seamoby-rsvp-analysis-00.txt). –Could seriously delay Mobile Node obtaining authorized service. –Possible to solve efficiently at edge with context transfer. –Difficult to solve back in network, alternatives unappealing: Context transfer flooding. Selective context transfer based on tracking of mobile node’s routes. Initial URP registration provides Mobile Node with something like a lightweight encrypted capabilities token, the possession of which is sufficient to identify the Mobile Node as authorized for a collection of network level services. –Each router examines token, grants Mobile Node’s packets the requested service if allowed. –Router acts as both PDP and PEP since Mobile Node’s initial packets contain authorization token.

Problem Statement: Authentication Challenge The network requires some means to issue a lightweight challenge the Mobile Node to authenticate, for example, after handover The Mobile Node requires some means to challenge the network. –Especially true for , where anybody can set up an access point (e.g. fake bank teller problem). Initial URP exchange sets up. –URP RA provides the Mobile Node with a cryptographically protected response token to present when challenged. –Mobile Node provides URP RA with a cryptographically protected response token with which to reply when challenged.

Motivation: Privacy Network operator or user may want to hide the fact that a particular mobile is in a particular subnet. –Can’t use IPv6 for IP address. Draft talks about using an identity token. –Possible but better ways to do this (e.g. SUCV, BAKE, etc.). –Somewhat half baked. BUT...URP can provide the vehicle for setting up initial conditions (keying, etc.).

Requirements Provide a means whereby a Mobile Node’s packets can securely prove authorization for a particular network level service after handover without requiring an extensive protocol exchange. Provide a secure authentication tokens whereby a Mobile Node can challenge the network after handover, and the network can challenge the Mobile Node. Set up initial conditions for masking Mobile Node’s location and origin.