Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)

Published byCalvin Barton Modified over 6 years ago

Similar presentations

Presentation on theme: "Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)"— Presentation transcript:

1 Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)

2 Changes since Dallas Two reviews received (official MOBDIR and unofficial SECDIR) and comments incorporated Summary of changes: Replay protection mechanism using timestamps alone Sequence number field removed; no need for both sequence number and timestamps Timestamp allows stateless AAA server function Error codes streamlined Fixed IANA section Defined PRF Message summary added for clarification MAC Option to be pulled into RFC4068bis Draft will be revised after update of 4068bis Technical work is mostly complete Extensive reviews received Appendices to be submitted as RADEXT and DIME documents Satisfied all criteria for adoption as WG document Adoption?

3 Backup Slides

4 Example Topology AP2.1 MN AP2.2 AR2 AAAH Server AP1.1 AR1 MN AP1.2

5 Protocol Overview AAA Server MN AR1 AR2 HKReq RADIUS Access Request
HMK Generated HMK Generated HKReq ([MN ID, Msg ID, Seq #, MN Nonce], MN-AAA MAC) RADIUS Access Request ([HKReq, NAS IP], AR-AAA MAC) Validate MAC Generate HK1 RADIUS Access Accept ([AAA Nonce, Lifetime] AAA-MN MAC, [HK1], ARn-AAA Key) HKResp Decrypt HK1 Generate HK1 ([AAA Nonce, Lifetime] AAA-MN MAC) MN Handoff To AR2 FNA([FBU], HK1) [FBU], HK1 Validate FBU FBAck FBAck

6 Draft Goals Establish a handover key between MN and AR to secure FBU/FBAck Simple, single roundtrip protocol

7 Draft Status No current open issues
Previous discussion – CoA validation prior to handover key derivation Discussion on how to update the draft and move forward

8 IP Address Validation Strictly in the context of FMIP
Purpose – validate the CoA of the MN while deriving the handover key

9 IP Address Validation Mechanisms
Controlled networks may have their own means of IP address validation On links such as PPP, IPv6CP can provide tight control over IP address assignment Some technologies would allow binding of L2 credentials to IP addresses at the time of network access Other more definitive methods also possible Consensus on providing guidance in the security considerations section

Download ppt "Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
IETF 71: NETLMM Working Group – Proxy Mobile IPv6 1 Proxy Mobile IPv6 111 draft-ietf-netlmm-proxymip6-11.txt IETF 71: NETLMM Working Group – Proxy Mobile.

IETF 71: NETLMM Working Group – Proxy Mobile IPv6 1 Proxy Mobile IPv6 111 draft-ietf-netlmm-proxymip6-11.txt IETF 71: NETLMM Working Group – Proxy Mobile.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Fast handovers for PMIPv6 Hidetoshi Yokota KDDI Lab Kuntal Chowdhury Starent Networks Rajeev Koodli Nokia Siemens Networks Basavaraj Patil Nokia Siemens.

Fast handovers for PMIPv6 Hidetoshi Yokota KDDI Lab Kuntal Chowdhury Starent Networks Rajeev Koodli Nokia Siemens Networks Basavaraj Patil Nokia Siemens.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.

August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.
Transient BCE for Proxy Mobile IPv6 draft-ietf-mipshop-transient-bce-pmipv6-00.txt Oliver Marco

Transient BCE for Proxy Mobile IPv6 draft-ietf-mipshop-transient-bce-pmipv6-00.txt Oliver Marco
1 NetLMM Vidya Narayanan Jonne Soininen

1 NetLMM Vidya Narayanan Jonne Soininen
6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.

6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.
Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.

Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.
July 2007 CAPWAP Protocol Specification Editors' Report July 2007

July 2007 CAPWAP Protocol Specification Editors' Report July 2007
RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.

RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.
Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
Draft-ietf-ccamp-lmp-02.txt Link Management Protocol (LMP) LMP draft updates…  draft-ietf-ccamp-lmp-07.txt  draft-ietf-ccamp-lmp-wdm-01.txt  draft-ietf-ccamp-lmp-test-sonet-sdh-00.txt.

Draft-ietf-ccamp-lmp-02.txt Link Management Protocol (LMP) LMP draft updates…  draft-ietf-ccamp-lmp-07.txt  draft-ietf-ccamp-lmp-wdm-01.txt  draft-ietf-ccamp-lmp-test-sonet-sdh-00.txt.
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
CAPWAP Threat Analysis

CAPWAP Threat Analysis

Similar presentations

Ads by Google