Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE MEDIA INDEPENDENT HANDOVER

Similar presentations


Presentation on theme: "IEEE MEDIA INDEPENDENT HANDOVER"— Presentation transcript:

1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: sec-mih-level-security-considerations Title: MIH-level Security Considerations Date Submitted: February 10, 2008 Presented at IEEE session #25 in Orlando Authors or Source(s):  Yoshihiro Ohba (Toshiba) Abstract: This document describes security goals, use cases and considerations on MIH-level security. sec

2 IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development sec

3 Purpose Identify security goals for each service and use case
Determine the level of requirement for each goal Levels of requirement M (Mandatory requirement) O (Optional requirement) - (Not required) sec

4 Security Goals Data origin authentication Mutual authentication
Unilateral authentication Message authentication Replay protection Confidentiality sec

5 Use Cases Pre-attachment use case
MIH entity communicates with another MIH entity before network access authentication Used for MIHF Discovery and Information Service Post-attachment use case MIH entity communicates with another MIH entity after network access authentication Used for all services and service management sec

6 Goals and Requirements (Pre-attachment Use Case)
Security Goals Requirement (M/O/-) Note Data origin authentication Mutual authentication Unilateral authentication Message authentication Replay protection Confidentiality TBD sec

7 Goals and Requirements (Post-attachment Use Case)
Security Goals Requirement (M/O/-) Note Data origin authentication Mutual authentication Unilateral authentication Message authentication Replay protection Confidentiality TBD sec

8 Considerations on Pre-attachment Use Case (1/2)
Pre-attachment use case is vulnerable to man-in-the-middle (MiTM) attack Scenario: An attacker AP-X resides between MN and AP-Y and bridges MIH discovery and MIH messages back and forth (1) MN discovers AP-X (2) MN establishes an SA with IS server of operator Y, and perform IS query over the SA. The IS server responds to the MN with operator-id “Y” and other information associated with operator Y. MN AP-X (lying) AP-Y (legitimate) IS server Operator X’s network Operator Y’s network (3) MN performs network access authentication with AP-X. If both operators X and Y have a roaming relationship with MN’s home operator, MN will be authorized for access to operator X’s network even if it thinks that it is attaching to operator Y’s network. One day, the user of the MN will receive a bill from the home operator about the use of operator X, which may be more expensive than expected. sec

9 Considerations on Pre-attachment Use Case (2/2)
The MiTM attack is possible even with (mutual or unilateral) data origin authentication at MIH-level To detect the MiTM attack, Channel Binding [RFC3748] needs to be provided for MIHF ID of PoS during network access authentication in step (3) However, Channel Binding is optional in all known link-layer technologies that use EAP, and no standard Channel Binding solution exists On the other hand, only limited types and amount of information will be provided to unauthenticated MN for security and resource reasons Question: Does the benefit of securing pre-attachment use case pay to its deployment cost? sec


Download ppt "IEEE MEDIA INDEPENDENT HANDOVER"

Similar presentations


Ads by Google