Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE MEDIA INDEPENDENT HANDOVER

Published byFrøydis Hagen Modified over 6 years ago

Similar presentations

Presentation on theme: "IEEE MEDIA INDEPENDENT HANDOVER"— Presentation transcript:

1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: sec Title: Threats for MIH Services: Assumptions and Use cases Date Submitted: April 16, 2008 Presented at Security Study Group Teleconference on April 16, 2008 Authors or Source(s):   Subir Das (Telcordia Technologies), Shubhranshu Singh (Samsung) Marc Meylemans (Intel) Abstract: This document describes the threats for MIH services based on a few assumptions and use cases

2 IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development

3 Common Security Threats
Message Modification Message Hijacking/Replay False Identity of MIHF Denial of Service Note: No distinction has been made between outsiders and insiders attack

4 Goals To address the questions that were received during last teleconference. In particular, What are the assumptions on MIH services deployment? What are the security features we need? Assessment of threats that exists in different deployment models

5 General Assumptions MIH services are available after successful network access authentication Note: Situations where MN accesses MIH services without network access authentication be considered separately If link layer security is in use on the network, it is established between the MN and the PoA For simplicity, all MIH services are provided by one network (e.g., home or visited, 3rd party)

6 Security features needed to mitigate the threats
MIH Entity authentication Peer entities need to verify their authenticity MIH protocol message protection Message exchange between peers need to be secured

7 Securing peer MIHF entity discovery
Non Goals Securing peer MIHF entity discovery Discovery happens via out of band signaling except the case when combining with Capability Discovery MIHF discovery should be considered separately and should be our non-goal

8 Deployment Scenario #1 Scenario 1: MN is in the home network and the MIH services (e.g., IS, ES, CS) are provided by the home network. hPoS Core Network Home Network PoA MIH Messages (L3 comm) Access Network (L2 Comm) Note: This and the following scenarios assume PoA and PoS are separate entities however in some cases they might be co-located. Mobile Node

9 Deployment Scenario #1 (contd..)
Two possible cases Case 1a: hPoS has access to user’s subscription profile Case 1b: hPoS has no access to user’s subscription profile

10 Addressing Security Features for Case 1a
Entity authentication MIH service specific credentials may be derived from network access authentication credentials Other mechanisms are also possible MIH protocol message protection Can be achieved by enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all common threats can be mitigated

11 Addressing Security Features for Case 1b
Entity authentication Since there is no access to user’s subscription profile, entity authentication can not be performed MIH protocol message protection Can be achieved via enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all threats can NOT be mitigated

12 Deployment Scenarios #2
Scenario2: MN is in the visited network and MIH services are provided by the home network hPoS Home Network MIH Messages (L3 comm) PoA Visited Network (L2 Comm) Mobile Node

13 Deployment Scenario #2 (contd..)
Two possible Cases Case 2a: hPoS has access to user’s subscription profile Case 2b: hPoS has no access to user’s subscription profile

14 Addressing Security Features for Case 2a
Entity authentication MIH service specific credentials may be derived from network access authentication credentials Other mechanisms are also possible MIH protocol message protection Can be achieved by enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all common threats can be mitigated

15 Addressing Security Features for Case 2b
Entity authentication Since there is no access to user’s subscription profile, entity authentication can not be performed MIH protocol message protection Can be achieved via enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all threats can NOT be mitigated

16 Deployment Scenarios #3
Scenario3: MN is in the visited network and MIH services are also provided by the visited network. There is a roaming relationship between home and visited networks Home Network MIH Messages (L3 comm) PoA vPoS Visited Network (L2 Comm) MIH Messages (L3 comm) Mobile Node

17 Deployment Scenario #3 (contd..)
Two possible Cases Case 3a: vPoS has access to user’s subscription profile via roaming relationship Case 3b: vPoS has no access to user’s subscription profile via roaming relationship

18 Addressing Security Features for Case 3a
Entity authentication MIH service specific credentials may be derived from network access authentication credentials Other mechanisms are also possible MIH protocol message protection Can be achieved by enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all common threats can be mitigated

19 Addressing Security Features for Case 3b
Entity authentication Since there is no access to user’s subscription profile, entity authentication can not be performed MIH protocol message protection Can be achieved via enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all threats can NOT be mitigated

20 Deployment Scenarios #4
Scenario4: MN is in the visited or Home network and MIH services are provided by 3rd Party network. tPoS 3rd Party Network MIH Messages (L3 comm) PoA Home or Visited Network (L2 Comm) Mobile Node

21 Deployment Scenario #4 (contd..)
Three possible Cases Case 4a: tPoS has access to its own user’s subscription profile Case 4b: tPoS has access to user’s subscription profile via user’s home network (through agreement) Case 4c: tPoS has no access to user’s subscription profile

22 Addressing Security Features for Case 4a &4b
Entity authentication MIH service specific credentials may be derived from network access authentication credentials Other mechanisms are also possible MIH protocol message protection Can be achieved by enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all common threats can be mitigated

23 Addressing Security Features for Case 4c
Entity authentication Since there is no access to user’s subscription profile, entity authentication can not be performed MIH protocol message protection Can be achieved via enabling transport security, if transport security is available Need to bind transport SAs with MIH identity Therefore all threats can NOT be mitigated

24 What Should We Do Then? Shall we assume that MIH Services are always based on user’s ‘Subscription’? (except pre-attachment case) If not, can we handle the complexity and address the issues within the time frame? Opinions/Thoughts? Consensus?

25 Next Steps? Capture the discussions in the TR
Address/resolve additional comments/questions/ thoughts

Download ppt "IEEE MEDIA INDEPENDENT HANDOVER"

Similar presentations

21-07-xxxx-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0463-00-0000 Title: MIH Protocol Security Date Submitted: December, 2007 Presented.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol Security Date Submitted: December, 2007 Presented.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-12-0113-00-srho Title: Discussion on “MGW vs. MIH-PoS” in IEEE 802.21c Date Submitted: Sept. 14 th, 2012.

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho Title: Discussion on “MGW vs. MIH-PoS” in IEEE c Date Submitted: Sept. 14 th, 2012.
21-07-0301-01-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,

IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-11-0022-00-0sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,
Doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-07-0310-00-0000-MIH-Security-Options.ppt.

Doc.: IEEE /0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE MEDIA INDEPENDENT HANDOVER DCN: MIH-Security-Options.ppt.
21-12-0120 1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-12-0173-00-srho Title: IEEE 802.21c TG November 2012 Report and Agenda Date Submitted: November.

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho Title: IEEE c TG November 2012 Report and Agenda Date Submitted: November.
21-07-0122-03-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,

IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
21-07-xxxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-xxxx-00-0000 Title: MIH security issues Date Submitted: July, 02, 2007 Presented at.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: MIH security issues Date Submitted: July, 02, 2007 Presented at.
IEEE MEDIA INDEPENDENT HANDOVER DCN:

IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho

IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
IEEE MEDIA INDEPENDENT HANDOVER

IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER

IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER

IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec

IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER

IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec

IEEE MEDIA INDEPENDENT HANDOVER DCN: sec

Similar presentations

Ads by Google