Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari.

Slides:

Advertisements

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.

Cryptography and Network Security

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1c-handover-issues.ppt Title: MIH Security – What is it? Date Submitted:

Cryptography and Network Security Chapter 17

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 8 Web Security.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

1 SIPREC Requirements IETF #80 Authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lam.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Issues to Consider w.r.t Protocol Solution - IETF54 -

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

IETF 69 SIPPING WG Meeting Mohammad Vakil Microsoft An Extension to Session Initiation Protocol (SIP) Events for Pausing and Resuming.

3/20/2007IETF68 PANA WG1 PANA Issues and Resolutions Yoshihiro Ohba Alper Yegin.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

1 © NOKIA FILENAMs.PPT/ DATE / NN AAA-SIP Requirements Current draft: draft-loughney-sip-aaa-req-00.txt draft-calhoun-sip-aaa-reqs-04.txt may not be updated.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.

IETF69 ANCP WG1 ANCP Multicast Handling draft-maglione-ancp-mcast-00.txt R. Maglione, A. Garofalo - Telecom Italia F. Le Faucheur, T. Eckert - cisco Systems.

DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Partial Notifications IETF 56 SIMPLE WG draft-lonnfors-simple-presinfo-deliv-reqs-00 draft-lonnfors-simple-partial-notify-00 Mikko Lönnfors

IETF66 PANA WG Problem Statement for a time-basis accounting in an "always-on“ Broadband scenario R. Maglione - Telecom Italia

DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:

Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00

<draft-ohba-pana-framework-00.txt>

Open issues with PANA Protocol

PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Cryptography and Network Security

PANA Issues and Resolutions

Carrying Location Objects in RADIUS

Pre-authentication Overview

A Wireless LAN Security Protocol

PAA-EP protocol considerations PANA wg - IETF 57 Vienna

Cryptography and Network Security

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Protocol for Carrying Authentication for Network Access - PANA -

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Securing the CASP Protocol

Application Layer Mobility Management Scheme for Wireless Internet

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

Cryptography and Network Security

A Model For Network Security

Presentation transcript:

Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari A. Ghosh Y. Ohba H. Tschofenig

What? Location based services –Location based authorization (LBAr): Authorization based on location credentials Can be incorporated into PANA messaging Location credentials may be incorporated as data fields in payloads of selected PANA messages –E.g. GPS latitude/longitude information NAS AAA Server PANA RADIUS/Diameter MN

How? Two components –Technology to determine the user location (securely) NOT OUR FOCUS HERE –Ability to convey information about the user location from the client device to network

Requirements for LBAr R1 PAA must be able to obtain location information for a PaC. R2 PAA must be able to determine changes in PaC location during a PANA session R3 PAA must be capable of terminating network access in case the PaC location is outside the authorized region. R4 The PaC must be able to send location information confidentially to the PAA. R5 The PAA should also be able to verify that the location information indeed originated at the claimed PaC.

R1PAA must be able to obtain location information for a PaC Location credentials may be provided by PaC –In this case PaC is colocated with a location module (e.g. GPS receiver) that computes the required credentials –PANA messaging will be used to transfer the credentials from PaC to PAA Location credentials could be provided by a third party location provider –E.g. In U-TDOA, location is computed by the network provider –In this case some out-of-band messaging is required between PAA and location provider –Not of concern for us here.

R2 PAA must be able to determine changes in PaC location during a PANA session As a result of PaC mobility, PaC can move out of range PANA “Access Phase” messaging may be used to get location updates from the PaC Location updates can be triggered based on timeouts at the PaC or periodic queries from the PAA or any other appropriate mechanisms

R3PAA must be capable of terminating network access in case the PaC location is outside the authorized region PANA “Termination Phase” messaging may be used to end the PANA session PAA should inform the EP to remove access privileges for the PaC

R4 The PaC must be able to send location information confidentially to the PAA. R5The PAA should also be able to verify that the location information indeed originated at the claimed PaC.

Other issues Usage of privacy policies needs to be described in more detail.