Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pre-authentication Overview

Published byWinifred Gibbs Modified over 6 years ago

Similar presentations

Presentation on theme: "Pre-authentication Overview"— Presentation transcript:

1 Pre-authentication Overview
March 23, 2006 IETF65 HOAKEY BOF

2 Pre-authentication Overview
Yoshihiro Ohba Alper Yegin Avi Lior March 23, 2006 IETF65 HOAKEY BOF

3 Objective of pre-authentication
Optimize network access authentication and authorization by performing EAP authentication with a target authenticator before handoff using the connectivity to the current network

4 Expected Improvement with Pre-authentication
Network access Authentication and Authorization L2 Handoff Without Pre-authentication Time With Pre-authentication Time Network access Authentication and Authorization with Pre-authentication Possible packet loss or interface activation delay during this period

5 Pre-authentication PANA EAP over AAA authenticator-1 access home
network-1 home network mobile host PANA Internet home AAA server EAP over AAA access network-2 authenticator-2 - Generate MSK with the authenticator-2 by executing EAP through it.

6 Pre-authentication (alternative scenario)
authenticator-1 access network-1 home network EAP over L2/L3 mobile host Internet home AAA server EAP over AAA access network-2 authenticator-2 - Generate MSK with the authenticator-2 by executing EAP through it.

7 AAA General AAA authentication/Authorization for target Authenticator while session is in progress on the serving Authenticator. Goal: Don’t want to have to do another AAA dip when or soon after the device moves!!! “Preauth” should really be preauthentication and preauthorization.

8 AAA Normal Auth vs. Pre-Auth
AAA needs to know that this is a pre-authentication/Authorization. User may only be allowed to have a single logon at the same time.

9 AAA handoff time. AAA needs to know how long to hold the session before timing out. Session timeout for pre-auth may be different for normal session. If the mobile moves after timeout then do normal authentication.

10 Resource Reservation In order to have a smooth handoff we need to make the resource currently in use available at the Target Authenticator. Some resources may have been obtained on the initial Authentication/Authorization but some other resources may have been obtained during subsequent AAA interaction. So how do I get all the resources I need at the target Authenticator with the Initial AAA AuthN/AuthZ?

11 Accounting Accounting record may be needed to allow billing of resources reserved whether used or not at the target Authenticator. Holding of resources for mobile is not free. Therefore need to send Accounting (Start) when pre-auth happens and not when the mobile moves.

Download ppt "Pre-authentication Overview"

Similar presentations

21-06-xxxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-06-xxx-00-0000 Title: Pre-establishment of IP connectivity discussion Date Submitted:

21-06-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Pre-establishment of IP connectivity discussion Date Submitted:
1 PANA-IETF70 PANA WG Work Items March 12-13, 2008 IETF 71.

1 PANA-IETF70 PANA WG Work Items March 12-13, 2008 IETF 71.
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper.

IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb. 2004.

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.
Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea.

Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, Seoul, Korea.
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)

50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)
21-07-0387-00-00011 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0387-00-0001 Title: Problem Statement for Authentication Signaling Optimization Date.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

Similar presentations

Ads by Google