1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
SK Telecom Proprietary 1 1x EV-DO Roaming Issues June 18, 2004 Bryan Kim Network R&D Center SK Telecom.
1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 12 Point-to-Point Access: PPP.
Labcourse “Routerlab”
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
Gursharan Singh Tatla SLIP and PPP 27-Mar
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
1 Data Communications Point-to-Point Protocol (PPP)
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Ariel Eizenberg PPP Security Features Ariel Eizenberg
K. Salah 1 Chapter 12 Point-to-Point Access: PPP.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Georgy Melamed Eran Stiller
PPP Protocol PPP Stack -Establish a link (Link Control Protocol) -Authenticate Parties involved (Authentication Protocols) -Carry Network Layer (Network.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
HRPD Femto Local IP Access: Overview Peerapol Tinnakornsrisuphap Qualcomm October 27 th, GPP2 Seoul,
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
70-411: Administering Windows Server 2012
3GPP2 X xxx Title: SIP6 access and MIP6 Access Differentiation Sources: ZTE Contact: Rajesh Bhalla
Point-to-Point Access: PPP PPP Between Routers  Used for Point-to-Point Connections only  Used as data link control (encapsulates network layer.
1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.
1 cdma2000 Packet Data Security Assessment Christopher Carroll Verizon Wireless April 11, 2001.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
AAA Registration Keys Charles E. Perkins/Nokia Research Pat R. Calhoun/Sun Microsystems.
All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook
Prepared By: Dr. Mohamed Abdeldayem Reference: Chapter 24 Wade Edwards, CCNP Complete Study Guide, Experiment 12 Configuring PPP on a serial link.
12. Point-to-Point Access: PPP
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Services in a Converged WAN Accessing the WAN – Chapter 1.
PPP Configuration.
SIP-H.323 Interworking Group RRR-1 IETF-48 SIP-H.323 Interworking Requirements draft-agrawal-sip-h323-interworking-reqs-00.txt Hemant.
Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.
Jun Wang Anand Palanigounder Peerapol Tinnakornsrisuphap
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
3GPP GBA Overview Adrian Escott.
Jun Wang Anand Palanigounder Peerapol Tinnakornsrisuphap
MS Resident User Plane LBS Roaming Summary LBS Roaming Summit – Denver Jan Export of this technology may be controlled by the United States Government.
1 SAMSUNG BCMCS Security Architecture and Key Management JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
Page 1 Inter Working Between Trusted and Non-Trusted Models LBS Roaming Meeting, Macau March 22, 2007 Inter Working Between Trusted and Non-Trusted Models.
WLAN IW Enhancement for Multiple Authentications Support QUALCOMM Inc.: Raymond Hsu, QUALCOMM Inc.: Masa Shirota,
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Port Based Network Access Control
MIPv4-Diameter Update Tom Hiller Lucent Technologies.
1 BCMCS Framework TSG-X BCMCS Adhoc August 20, 2003.
Point-to-Point Protocol (PPP)
PPP – Point to Point Protocol
Wireless Communication CDMA EVDO Systems
Point-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP)
Security Activities in IETF in support of Mobile IP
Point-to-Point Protocol (PPP)
Presentation transcript:

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee

2 What’s in the TIA C standard for Simple IP PPP Session Authentication The PDSN shall support the two authentication mechanisms: CHAP and PAP. The PDSN shall also support a configuration option to allow an MS to receive Simple IP service without CHAP or PAP. The PDSN shall propose CHAP in an initial LCP Configure- Request message that the PDSN sends to the MS during the PPP establishment. If the PDSN receives an LCP Configure-NAK from the MS containing PAP, the PDSN shall accept PAP by sending an LCP Configure-Request message with PAP. If the PDSN … is configured to allow the MS to receive Simple IP service without CHAP or PAP, the PDSN shall respond with an LCP Configure- Request without the Authentication-Protocol option and shall adhere to the guidelines in Section for NAI construction for accounting purposes.

3 What’s in the TIA C standard for Mobile IP Authentication The PDSN shall initially propose CHAP in an LCP Configure- Request message to the MS. The PDSN shall re-send an LCP Configure-Request message without the authentication option after receiving the LCP Configure-Reject (CHAP or PAP) from the MS Agent Advertisements For the MS that uses Mobile IP, the PDSN shall begin transmission of an operator configurable number of Agent Advertisements MIP Extensions [PDSN Requirements] The PDSN shall include the MN-FA Challenge Extension [RFC 3012] in the Agent Advertisement.

4 What’s in the TIA C standard for Mobile IP (cont.) 4.2.3MIP Authentication Support [Home Agent Requirements] When the HA receives an RRQ from a PDSN, it authenticates the RRQ using the MN-HA shared key. …Based on the policy of the home network, the HA may also process the MN-AAA Authentication Extension as specified in RFC 3012, if included in the RRQ MIP Extensions [MS Requirements] The MS shall include the MN-NAI Extension [RFC 2794], MN-HA Authentication Extension [RFC 2002], MN-FA Challenge Extension [RFC 3012], and MN-AAA Authentication Extension [RFC 3012] in the RRQ message. …The MS shall compute the MN-AAA Authentication Extension, according to RFC 3012, based on the shared secret the MS has with the Home RADIUS server. … The MS may use the same shared-secret or different shared secrets in the computation of the MN-AAA Authentication Extension and MN- HA Authentication Extension.

5 What’s in the TIA standard Access Authentication The AT shall support CHAP for the PPP instance on the access stream. If the AN supports access authentication, the AN shall support CHAP for the PPP instance on the access stream. In this case, the AN shall always propose CHAP as a PPP option … 2.4.2AN-AAA Support If the AN supports access authentication and the A12 interface, the AN shall support the RADIUS client protocol… and shall communicate user CHAP access authentication information to the visited AN-AAA in an Access-Request message on the A12 interface. For an AN-AAA to recognize that the transaction is related to access authentication, the Access-Request message may contain an additional 3GPP2 vendor specific attribute.

6 Summary of what’s in the standards  PDSN-level authentication is optional for Simple IP service. –PDSN may allow Simple IP service without CHAP or PAP.  PDSN-level authentication is mandatory for Mobile IP service. –PDSN shall support Mobile IP authentication. –The Home-AAA shall validate the MN-HA Authentication Extension, and may also process the MN-AAA Authentication Extension –MN-HA and MN-AAA authentication may use the same or different shared secret.  A12 AN-level authentication is optional. –A12 and AN-level authentication are completely independent of PDSN- level authentication. (Separate PPP sessions.) –If used, AN-level authentication is performed first. If successful, then proceed to PDSN-level authentication.  In addition, CDG Document 79 “Wireless Data Roaming Requirements and Implementation Phase 1” recommends that the visited network should require authentication and authorization with the AN-AAA.

7 Some Terminology  AN_NAIthe NAI sent in the PPP session for AN-level authentication (e.g.,  PDSN_NAIthe NAI sent in the PPP session for PDSN-level authentication (e.g.,  Operator Aoperator providing Simple IP service and using AN-level authentication for their subscribers  Operator Poperator providing Mobile IP service and using PDSN-level authentication for their subscribers  AN P Operator P’s Access Network  AN-AAA P Operator P’s AAA connected via A12 to the AN  PDSN P Operator P’s PDSN  PDSN-AAA P Operator P’s AAA connected to the PDSN  AN_NAI P the NAI sent for AN-level authentication, when the NAI has Operator P’s domain name (e.g.,  PDSN_NAI P the NAI sent for PDSN-level authentication, when the NAI has Operator P’s domain name

8 EV-DO Architecture Reference Model

9 Call Flow: Auth in Operator P Network

10 Call Flow: Auth in Operator A Network

11 Call Flow: Roaming Auth in Operator P

12 Call Flow: Roaming Auth in Operator A

13 Potential Attack: Attacker in Operator P

14 Potential Attack: Attacker in Operator P (cont.)  NAI and Authentication at the AN level and the PDSN level are independent and can be different.  Attacker uses AN_NAI P at AN level, causing AN-level authentication to be skipped because Operator P thinks this is his own user, and authentication will be performed at the PDSN level.  Attacker uses PDSN_NAI A at PDSN level, causing –PDSN-level authentication to be skipped because Operator P thinks the user is a roamer and the authentication has been performed at the AN level; or –If Operator P forwards the authentication request to Operator A’s PDSN- AAA, the attack still succeeds if the attacker knows Operator A’s default CHAP password, because Operator A will return Access-Accept. The attack scenario is possible even if the standards are strictly followed.

15 Solution to the Attack  Ensure that AN_NAI and PDSN_NAI are the same. –The network must verify that the Device attempting access is associated with the Subscription receiving services.  AN shall report the AN_NAI (the NAI that is used by the AT at system access) to the PDSN by including it in the A11- Registration Request message.  PDSN shall verify that the PDSN_NAI received from the AT in the CHAP response matches the AN_NAI received from the AN in the A11-Registration Request message. If the two NAIs don’t match, terminate the session.  Requires minor A11 interface change to carry the AN_NAI (e.g., HRPD AT_ID) to the PDSN.  Could be viewed as implementation issue, but would require coordination of proprietary solutions between the Operators.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.