1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.

Slides:

Advertisements

Similar presentations

Secure Mobile IP Communication

Advertisements

MIP Extensions: FMIP & HMIP

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一黃明祥.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

1 © 2005 Nokia mobike-transport.ppt/ MOBIKE Transport mode usage and issues Mohan Parthasarathy.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

Mobile IP version 6 Route Optimization Security Design Background draft-ietf-mip6-ro-sec-01 MIP6 WG Nikander, Arkko, Aura, Montenegro, Nordmark TUESDAY,

Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Network Mobility Yanos Saravanos Avanthi Koneru. Agenda Introduction Problem Definition Benchmarks and Metrics Components of a mobile architecture Summary.

March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

Req1 - Separability Old: –An RO scheme MUST have the ability to be bypassed by traffic types that desire to use bidirectional tunnels through an HA. New:

1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.

1 Towards Seamless Handovers in SSM Source Mobility – An Evaluation of the Tree Morphing Protocol Olaf Christ,

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

Network Mobility Yanos Saravanos Avanthi Koneru. Agenda Introduction Problem Definition Benchmarks and Metrics Components of a mobile architecture Summary.

1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

1 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

A Route Optimization Scheme Based on Roaming in PMIPv6 (pROR) S.-s. Oh, H.-Y. Choi, and S.-G. Min 1 in Fifth International Joint Conference on INC, IMS.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

MOBILITY SUPPORT Abdullah Alghamdi. G ENERIC HANDOVER PERFORMANCE REQUIREMENTS Handover rates Fast reservations:  Minimize RTT during QoS establishment.

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

MOBILE IP GROUP NAME: CLUSTER SEMINAR PRESENTED BY : SEMINAR PRESENTED BY : SANTOSH THOMAS SANTOSH THOMAS STUDENT NO: STUDENT NO:

1 IETF 78: NETEXT Working Group IPSec/IKEv2 Access Link Support in Proxy Mobile IPv6 IPSec/IKEv2-based Access Link Support in Proxy Mobile IPv6 Sri Gundavelli.

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.

MIPv6 – Base Status & Open Issues Jari Arkko, Charlie Perkins Mobile IP WG meeting IETF 55.

Mobile IPv6 in 6NET: An Overview Chris Edwards, Lancaster University, UK.

1 Background and Introduction. 2 Outline History Scope Administrative.

Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG

07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.

Load Balance for Distributed Home Agents in Mobile IPv6 draft-deng-mip6-ha-loadbalance-02.txt Hui Deng Hitachi (China) Brian HaleyHewlett-Packard Company.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

IETF70 - Mobopts RG1 On Mobile IPv6 Optimization and Multihoming draft-ng-mobopts-multihoming-00.txt Chan-Wah Ng

Network Mobility (NEMO) Advanced Internet 2004 Fall

1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.

IETF57 Mobility for IPv6 (MIP6) BoF IETF57 July 16 th, to 1130 hours Vienna, Austria.

1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Flow Distribution Rule Language for Multi-Access Nodes draft-larsson-mext-flow-distribution-rules-01.

Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.

Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.

Booting up on the Home Link

for IP Mobility Protocols

Presentation transcript:

1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center

2 Background Improvements over RR New functions for HA - MN communications Michael Thomas’ non-SPD based authorization model HA-MN IKE-variant feedback Other developments in IETF - IKEv2

3 Improvements on RR Several proposed mechanisms: –Shared secret –CGA It seems that most people are after speed –Example: CGA could eliminate most or all home address tests –A hard problem is trying to optimize care-of tests Suggestion: –Optional mechanisms allowed in addition to RR

4 New Functions Addressing freedom –Previously unknown home addresses (3041) –Previously unknown home agents –Currently, we assume a tight binding to addresses Dynamic assignment of home agents –Reduces RTT through the home agent –Hides mobile node’s topological location –Need to solve AAA interaction, secure anycast, and authorization issues Suggestion: –Work on a specification for these functions

5 HA-MN IKE-Variant Feedback SSH has a IKE-based HA-MN security implementation But, it does things in a slightly different way... –IPsec policies and SAs use only care-of addresses –No authorization policy needed for IKE phase 2 establishment –Additional HAO checks are associated with SAs/credentials Properties: –Easy for BITS, tough on manual keying –Performs both SPD&selector checks and HAO checks –On-the-wire format the same for packets, only difference in IKE –Reminds us of the scheme Michael Thomas proposed earlier Suggestion –Produce a future “extended” specification (perhaps IKEv2 version of the current specification), and take this in account

6 Additional IKEv2 Issues Mobility/roaming/multi-homing/SCTP function for IKEv2? A method to move SAs to a new address In MIPv6, move IKEv2 first, then send a BU Not a part of IKEv2 RFC, design somewhat open –Different signaling approaches proposed –Scope - is multi-homing included? Suggestion: –Produce a future specification for IKEv2 roaming –Ensure that it suits MIPv6 needs

7 Possible Future Work Items Improved RR protocols IKEv2 roaming -- work with the IPsec WG (or new WG) A new, more powerful specification for MN - HA security –Dynamic home addresses –Dynamic home agents –Using IKEv2 features Strawman designs for the above: –“Application” layer design –IKEv2 design