San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

Slides:

Advertisements

Similar presentations

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.

Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: Agenda Item: SEC.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, Seoul, Korea.

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Subject: Scenarios Designed for the Verification of Mobile IPv6 Enabling Technologies

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)

1 Local Security Association (LSA) The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le.

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

IETF65 DIME WG V. Fajardo, A. McNamee, J. Bournelle and H. Tschofenig Diameter Inter Operability Test Suites (draft-fajardo-dime-interop-test-suite-00.txt)

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

Doc.: IEEE /xxxr0 Submission November, 2004 Jim TomcikSlide 1 cdma2000-WLAN Interworking Jim Tomcik Raymond Hsu

August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

1 Background and Introduction. 2 Outline History Scope Administrative.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel)

Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.

1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.

Mip6 – IETF60 Mobility for IPv6 (mip6) IETF-60 August 3rd, 2004 San Diego, CA, USA.

1 MIP6-IETF63 Mobility for IPv6 [MIP6] Tuesday, August 2, Afternoon Session II & Afternoon Session III IETF63 Chair(s): Basavaraj.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Diameter Mobile IPv6: HA-to-AAAH support draft-ietf-dime-mip6-split-01.txt Julien Bournelle (Ed.) Gerardo Giaretta Hannes Tschofenig Madjid Nakhjiri.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.

V4 traversal for IPv6 mobility protocols - Scenarios Mip6trans Design Team MIP6 and NEMO WGs, IETF 63.

Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00

for IP Mobility Protocols

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Presentation transcript:

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta Ivano Guardini Elena Demaria Telecom Italia Lab (TILab) Julien Bournelle Maryline Laurent-Maknavicius GET/INT

MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 2 Overview Solution for bootstrapping Mobile IPv6 relying on a AAA infrastructure Bootstrapping is performed during the authentication phase for network access –the basic assumption is that network access and mobility services are provided by the same entity (i.e. Integrated ASP) –re-use of network access credentials The interaction between the MN and the Home AAA server is realized using EAP –exploits the capability of several EAP methods to carry arbitrary parameters together with authentication data

MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 3 Protocol architecture Mobile Node Router or Access Point (pass through) AAA Server AAA Client Home Agent AAA-HA Protocol Configuration Data EAP Exchange L2/L3 Access Protocol (IEEE 802.1x, PANA) AAA Protocol (Diameter/RADIUS) Authentication for network access MIPv6 Authorization and Configuration

MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 4 Advantages No changes needed on access equipment –easier deployment (particularly in roaming scenarios) –works with existing equipment (e.g. IEEE 802.1X APs) Both RADIUS and Diameter can be used between NAS and AAA infrastructure MN-HA IPsec SA can be setup from the keying material exported by the EAP method Could be used also over IKEv2 exploiting its support for EAP authentication –MIPv6 bootstrap from access networks with no EAP support (e.g. WLAN hotspots where initial logon occurs using HTTP)

MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 5 Requirements on EAP methods Mutual Authentication Integrity Replay Protection Confidentiality (*) Exchange of arbitrary parameters PEAPv2 XXXXX EAP-FAST XXXXX EAP-TTLS XXXXX EAP-IKEv2 XXXXX EAP-SIM XXXXX EAP-AKA XXXXX EAP-TLS XXXX EAP-MD5 (*)Only if the secret for bootstrapping the IPsec SA is not derived from the EAP key hierarchy

MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 6 Next steps Extension of the I-D with support for IKE authentication methods other than PSK –e.g. certificates Specification of the AAA-HA interface –a viable approach is the development of a new Diameter application –another solution might be the leverage of SNMPv3 –we should start with the collection of requirements (new I-D?) Definition of an AMSK for Mobile IPv6 –bootstrapping MN-HA IPsec SA from the EAP key hierarchy –a new I-D is probably needed