21-07-0122-03-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,

Slides:



Advertisements
Similar presentations
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal for adding a key hierarchy based approach in the security.
Advertisements

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Secure Handover with QoS Support Date Submitted: November, 14,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE session.
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Handover Procedure – Redraw of Annex Figure Date Submitted: January.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Reference Model and Use-Cases for Information Service Date.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: IETF Liaison Report Date Submitted: July 19, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 23, 2009 Presented at IEEE session.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: L3 Transport for MIH Services Date Submitted: July 19, 2007 Presented at IEEE
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Analysis on Identifiers Date Submitted: January 9, 2006 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Security SG Report Date Submitted: September 20, 2007 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Higher layer services and information IEs Date Submitted: March 2006 Authors or Source(s):
IEEE MEDIA INDEPENDENT HANDOVER Title: Use Cases, Security Study Group Date Submitted: Nov 13 th, 2007 Presented at: IEEE Security SG Authors.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Template for Handover Flow Diagram Date Submitted: Nov 6, 2006 Presented at IEEE.
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: IETF Liaison Report Date Submitted: November 16, 2006 Presented.
IEEE MEDIA INDEPENDENT HANDOVER DCN: LB1a-handover-big-picture.ppt Title: LB 1a, Handover example flow with.
Doc.: IEEE /0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE MEDIA INDEPENDENT HANDOVER DCN: MIH-Security-Options.ppt.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Security Problems related to Transition Date Submitted: January.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Handover Flow Diagrams Update Date Submitted: May 14, 2007 Presented.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Problem Scenario Date Submitted: September, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Handover Initiation Strategy Consistency Date Submitted: November,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Optimize MIIS Get Information Message Date Submitted: February.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Reference Model and Use-Cases for Information Service Date.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Pre-authentication Activity Date Submitted: February 26, 2006.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: May 14, 2009 Presented at IEEE session.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 20, 2007 Presented.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
IEEE MEDIA INDEPENDENT HANDOVER DCN: 100 Title: Cross Domain Trigger and Handover Talking Points Date Submitted: July 13, 2004.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: MIH security issues Date Submitted: July, 02, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Your Title Here
IEEE MEDIA INDEPENDENT HANDOVER DCN: mugm
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Presentation transcript:

IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September, 2007 Presented at IEEE session #22, Hawaii Authors or Source(s): Subir Das (Telcordia), Yoshihiro Ohba (Toshiba) Abstract: This document describes an based architecture for security optimization during handovers

IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3

Architectural Alternatives and Recommendation Key hierarchy based transition for intra-domain and intra-technology handover assumes distributed authenticator model Each SDO (e.g., , WiMAX) is defining its own distributed authenticator model Therefore, it would be difficult to define a unified distributed authenticator model across multiple technologies Key hierarchy based transition for inter-domain and inter-technology handover as defined by IETF HOKEY WG can work with both integrated and distributed authenticator models On the other hand, can we always assume that the key hierarchy is available across multi-provider’s domain? It seems to have some deployment issues since it requires a lot more tightly coupled security policies in place and also needs changes to existing AAA infrastructure Authentication based transition (pre-authentication) can work with both integrated and distributed authenticator models Recommendation to Security Study Group: Focus on authentication based transition for the time being In parallel, SG can evaluate the applicability of key hierarchy based transition as defined in IETF HOKEY WG

Functional Elements of Authentication Based Transition MN (Mobile Node) In addition to the functionalities defined in specification, MN has the following functionality: EAP Peer PoA (Point of Attachment) In addition to the functionalities defined in specification, PoA has the following functionality: EAP Authenticator Pre-authentication Forwarding for indirect pre-authentication PoA acts as MIH PoS On the other hand, SG should also consider the cases where EAP based authentication is not used

Functional Element Mapping to the Communication Model Serving PoA R3 MIH MN R1 R2 R4 MIH PoS Non-PoA Network Entity MIH PoS Non-PoS MIH R4 R5 Candidate PoA Non-PoA Network Entity Only R1, R2 and R5 are involved in authentication based transition

Pre-authentication Signaling Flows Serving PoA MIH MN R1 MIH PoS MIH PoS R5 Candidate PoA Home AAA Server MN-CA Signaling (via serving network) EAP over higher layers (HL) EAP over AAA Serving PoA MIH MN R1 R2 MIH PoS MIH PoS R5 Candidate PoA Home AAA Server MN-SA Signaling EAP over L2/HL EAP over AAA SA-CA Signaling EAP over HL Direct Pre-authentication Indirect Pre-authentication R2

Issues Need to be addressed Which EAP over higher layer protocol can we use? IETF defined L3 protocol or MIH protocol ? Do we need to support both direct and indirect pre- authentication? Authenticator discovery and context binding issues?