03-05-0xxx-00-0sec IEEE 802.21 MEDIA INDEPENDENT HANDOVER Title: PLA-MIH: A Secure IEEE802.21 Signaling Scheme Date Submitted: May 3, 2009 Authors or Source(s):

Slides:



Advertisements
Similar presentations
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: Initiate An Exercise for Generating a 21a Document Date Submitted: September 21, 2009.
Advertisements

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1c-handover-issues.ppt Title: MIH Security – What is it? Date Submitted:
sec IEEE MEDIA INDEPENDENT HANDOVER DCN: sec-mih-level-security-considerations Title: MIH-level Security Considerations.
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1c-handover-issues.ppt Title: MIH Security – What is it? Date Submitted:
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: ERP proposal Date Submitted: October 11, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol Security Date Submitted: December, 2007 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal of new SID in IEEE c Date Submitted: Presented at IEEE c TG Authors or Source(s):
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIIS and Its Higher Layer Transport Requirements: Ad hoc Update and Discussion on.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Secure Handover with QoS Support Date Submitted: November, 14,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: PoA Capabilities of IE with IPv6 Prefix Availability Date Submitted: May 2006 Authors.
IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM Title: TGd Message Signing Proposal Date Submitted: Presented at IEEE d session.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Utilizing terminal identifier to recognize the reserved resources.
MuGM IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Group management mechanisms Date Submitted: November, 2012 Authors or Source(s): Daniel.
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: IETF Liaison Report Date Submitted: July 19, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho c-requirements-and-procedures Title: c Requirements and Procedures Date Submitted:
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Data Offload Service through Wireless P2P Networks based on IEEE Framework.
IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx-00-MuGM Title: Outline of MuGM Date Submitted: January, 15th, 2013 Presented at IEEE.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx-00-MuGM Title: Demo Scenario Date Submitted: May, 16th, 2013 Presented at IEEE session in.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Analysis on Identifiers Date Submitted: January 9, 2006 Presented.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Subscription ID Scope Date Submitted: June, 14 th, 2007 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.
IEEE MEDIA INDEPENDENT HANDOVER DCN: REVP-Proposal-on-the-security-of Title: Proposal on the security of Date Submitted:
MuGM IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM Title: Definition of IEEE d multicast identifiers Date Submitted:
MuGM IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Use of certificates as a base security level for securing PoS/MN multicast communication.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Instructions to get a Free IEEE Web Account Date Submitted: January.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Retrieval of multiple IEs and Reports with filering rule Date.
IEEE MEDIA INDEPENDENT HANDOVER Title: Use Cases, Security Study Group Date Submitted: Nov 13 th, 2007 Presented at: IEEE Security SG Authors.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Handover Initiation Strategy Consistency Date Submitted: November,
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: IETF Liaison Report Date Submitted: November 16, 2006 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1a-handover-big-picture.ppt Title: LB 1a, Handover example flow with.
Doc.: IEEE /0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE MEDIA INDEPENDENT HANDOVER DCN: MIH-Security-Options.ppt.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Notify high layer when events change Date Submitted: Jan, 06,
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Problem Scenario Date Submitted: September, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Capability Discovery Amendment Date Submitted: April 20, 2006.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: FMCA MIH Work Item Date Submitted: March, 2009 Presented at IEEE.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Handover Initiation Strategy Consistency Date Submitted: November,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Comments Date Submitted: Jan, 06, 2006 Presented at IEEE
IEEE MEDIA INDEPENDENT HANDOVER DCN: REVP-Proposal-on-the-security-of Title: Proposal on the security of Date Submitted:
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Network based Distributed Mobility Approach Date Submitted: July,
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho Title: IEEE c TG November 2012 Report and Agenda Date Submitted: November.
IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
21-06-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: The amendment for the MIH_Scan primitive Date Submitted: April,
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Multiple MIH User Issues Date Submitted: November, 12-16, 2007.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: MIH security issues Date Submitted: July, 02, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: New scenarios for Date Submitted: May 16, 2013 To be presented at… Authors or Source(s): Daniel.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Load balancing in heterogeneous network use case Date Submitted:
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-0sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: mugm
IEEE MEDIA INDEPENDENT HANDOVER
Presentation transcript:

xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER Title: PLA-MIH: A Secure IEEE Signaling Scheme Date Submitted: May 3, 2009 Authors or Source(s): Sumanta Saha (HUT), Dmitrij Lagutin (HIIT)‏ Abstract: This presentation proposes a novel solution to secure MIH signaling and protect from various threats by using a trust- enabled network layer protocol named PLA. 1

xxx-00-0sec IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SAdards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SAdards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6 2

IEEE a Work Item 2 As published in the call for proposals there are two work items for the MIH security work group. This document proposes a solution for work item 2: Work Item #2: Mechanisms to provide data integrity, replay protection, confidentiality and data origin authentication to IEEE MIH protocol exchanges and enable authorization for MIH services The proposal uses a novel network layer protocol named Packet Level Authentication (PLA) [1], developed at TKK and HIIT, Finland, to secure the communication between the entities of MIH [3]. The primary advantage of the proposal lies in its simplicity and extensibility. As the security mechanisms are directly embedded into the network layer, no added AAA related roundtrip time is required. Moreover, it is possible to extend the use of the protocol to the traffic payload to further secure the traffic. Analysis of the security solution has been done according to the threat list published in and sec-threat-modeling- and-analysis-for-mih-protocol-security xxx-00-0sec3

Packet Level Authentication (PLA)‏ PLA aims to improve security on the network layer by providing availability and accountability PLA is based on per packet public key signature techniques, these are feasible on the Internet scale due to new efficient cryptographic algorithms and advances in semiconductor technology Good analogy to PLA is a paper currency: anyone can independently verify the authenticity of the bill without contacting the bank that has issued the bill Similarly, any node in the network can independently verify authenticity of the PLA protected packet without a trust relationship with the sender or other nodes that have handled the packet xxx-00-0sec4

PLA header PLA adds an own header using the standard IP extension mechanisms, the PLA header contains: Certificate from a trusted third party (TTP) showing that the user is valid and trusted entity For efficiency reasons, PLA uses identity based implicitly certified keys, therefore the sender's public key is calculated from the TTP certificate information Timestamp and sequence number to detect delayed and duplicated packets Signature over the packet with a sender's private key PLA header contains all necessary information to detect modified, duplicated and delayed packets. Therefore any node in the network can detect and drop such packets before they reach the destination xxx-00-0sec5

PLA header 6

PLA cryptographic solutions PLA uses elliptic curve cryptography due to its compact key and signature sizes A 163-bit ECC key has the same strength as a 1024-bit RSA key Overall, the PLA header takes only 1000 bits of space Scalability for high-speed network can be accomplished using a dedicated hardware to accelerate cryptographic operations. Simulations has shown the performance of almost a million verifications per second with an 90nm ASIC [2] In this proposal, we are using PLA only for signaling, therefore it is not necessary to use a dedicated hardware for cryptographic operations xxx-00-0sec7

PLA-MIH introduction We propose using PLA to secure MIH signaling [3] The proposed system introduces certificate authorities (CAs) which are similar to PLA's trusted third parties Different CA certificate rights are used to distinguish between Mobile Node (MN) and Point of Attachment (PoA) Main advantage of the proposed system: any node that receives the PLA protected MIH signaling packet can immediately determine: Whether the packet is authentic (not modified, delayed or duplicated)‏ Whether the packet is sent by an MN or PoA Which operator (CA) has authorized the sender Such an approach reduces the latency during the authentication phase xxx-00-0sec8

Trust relationships We assume following trust relationships in the system: Operator's certificate authority (CA) certify its users and PoAs Operators form trust relationships between each other using CAs xxx-00-0sec9

Bootstrapping How the user will get an initial certificate from a CA? For flexibility, two kinds of certificates are used The user will receive a long-term certificate from the operator during, e.g., creation of the contract. Such a certificate will be valid for months or years Long-term certificate will be used to retrieve a short-term certificate to be used for MIH authentication. Such a short- term certificate will be valid for hours or days If the short-term certificate is expired or lost, it can be retrieved in an automated way with a long-term certificates Expiration of long-term certificate is unlikely, in that case user would need to contact the operator manually to retrieve a new certificate xxx-00-0sec10

PLA-MIH Signaling At this stage we assume that all the PoAs and the MNs have valid certificates issued by the CA of the operator. The signaling of MIH over PLA can be divided primarily into two scenarios Handover between PoAs administered by a single operator Handover between PoAs administered by multiple operators In both cases, PLA is used as a network layer protocol to protect the signaling between IS, ES and CS in MIH architecture This proposal assumes that only the traffic over layer 3 and above is protected. However, similar idea can be extended to the MAC layer to protect even the broadcast messages for service and link discovery. 11

Example MIH signaling with single operator While transferring from one service to another provided by the same operator, the scenario is simple due to the fact that all the PoAs and MNs have certificates issued by the same CA. Upon receiving signed packets with attached certificates, the receiver verifies the authenticity of the packet and the sender. If the receiver believes the sender, it processes the data; otherwise the packet is discarded. An MN cannot fake as a PoA as the certificates have a “rights” field which indicates what rights the certificate owner has. 12

Example MIH signaling with single operator xxx-00-0sec13

Example MIH signaling across multiple operators Handover between services offered by different operators is slightly more complex because there must be trust relationship among the operators and the MN should know whether or not to trust the certificate presented to it by the new PoA. The authors propose a simple solution to the problem. While performing the signaling with the old-PoA the MN can communicate the identity of the new-PoA and then the old-PoA sends the credentials of the operator of the new-PoA to the MN. Later, with this credential, the MN can verify the issuer of the certificate presented by the new-PoA. On the other hand, there are two possibilities to verify the certificate from the MN by the new-PoA. It can either validate the issuer from its own cache, or it can optionally contact its own CA to validate the issuer of the certificate from the MN. After the validation check, the operation goes on normally. There can be further optimization in signaling if the MN is provided a new certificate by the new-PoA. In that case, thereafter the MN is considered as a local MN to the new operator and a simple handover signaling can be followed for further handovers. 14

Example MIH signaling across multiple operators xxx-00-0sec15

PLA-MIH: Security Analysis Threats to MN Identity Spoofing: Identity of an infrastructure node is spoofed Solution: PLA header and certificate information proves the identity of the sender Tampering of information Solution: The integrity of the message is protected by the signature in the packet Information disclosure: MN can get access to unauthorized information Solution: PLA header has the “rights” field which instantly shows what right the sender have; whether it is an MN or a PoA. Threats to IS DoS attack by flooding: Flooding with numerous requests Solution: It is not instantly possible to thwart botnet-type DoS attack. However, upon detection of malicious behavior the IS can report the certificate identity to the CA and thus revoke it. Other attack solutions are same as MN xxx-00-0sec16

PLA-MIH: Security Analysis (Contd.)‏ Threats to ES/CS Tracking information disclosure: Profiling user movement and tracking events Solution: To prevent tracking confidentiality is required. However, PLA does not provide confidentiality as such. It is possible to establish a shared secret in the first packet exchanges and then use that for encrypting further traffic. Threats to MN and IS are also application to ES/CS and can be alleviated in the above stated way xxx-00-0sec17

Evaluation Compared to contemporary security solutions, PLA-MIH has the following advantages: Trust built in directly to the network layer protocol, thus avoiding building security system over already built architecture Easily extendable and flexible security system Use of asymmetric cryptography ensures high-level of security No need to contact CA or AAA server most of the time, reducing network round trip delay Possibility of implementing similar paradigm in link layer advertisement and thus allowing MNs to determine malicious nodes even before attaching to them Proved availability of small-scale hardware which accelerates the operator manifold xxx-00-0sec18

References 1.D. Lagutin. Redesigning Internet - The Packet Level Authentication architecture. Licentiate`s thesis, Helsinki University of Technology, Faculty of Information and Natural Sciences, Department of Information and Computer Science, June Available at: The%20Packet%20Level%20Authentication%20architecture.pdf The%20Packet%20Level%20Authentication%20architecture.pdf 2.J. Forsten, K. Järvinen and J. Skyttä. Packet Level Authentication - Hardware Subtask Final Report. Available at: 3.IEEE standards committee, “Part 21: Media Independent Handover Services,” IEEE (IEEE Std), Jan xxx-00-0sec19