1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0xxx-00-0000
Title: IEEE P MIH Security Use Case Discussion Topics
Date Submitted: April 29, 2008
Presented: Teleconference April 30, 2008
Authors or Source(s):
Lily Chen (NIST)
Abstract: Highlight questions on basic scenarios which are related to the MIH security use cases.
2/23/2019

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development
2/23/2019

3. What is the “Home Domain”?
Home subscriber network - Network managed by an operator with whom the subscriber has a business relationship (subscription). (item 3.6, P D10).
An access control (with media related identity) through access authentication through a centralized database;
Link level security protection.
Is it true that a home domain for media is also home domain for service?
2/23/2019

4. Information Service Two basic situations
Subscription based service (billing/charge is involved, centralized database is available);
Non-subscription based service (no billing is involved, may not have a centralized database).
Should both of these two situations be considered?
2/23/2019

5. Security Objectives for IS
Access control for subscription based services
Only subscribed users can access the service
Confidentiality – to prevent non-subscribers from accessing the information
Authenticity - Authenticate the source of the message;
How the message source is identified? (by MIHF identity (NAI), the transport layer identity (e.g. IP address or MAC), or any of them.
Integrity
End to end or link by link? (Which inter-media entities may be involved on the way to transport MIH messages.)
2/23/2019

6. IDs and Protection Modes
PoA
Information Server
IPsec
802.11i
MIHF -NAI1
MIHF- NAI2
MIHF to MIHF (End to end)?
Which identity shall be used to identify a MIHF? IP address, MAC address, or MIHF-ID(NAI)?
Is hop by hop protection provided by transport protocol sufficient? If not, what is the possible threat?
2/23/2019

7. Subscription based IS Can we assume that
IS service provider is the same as media access provider. That is, IS service can share a database with media service subscription? (see Figure 3, P D10)
Do we need to consider the situation that
IS service provider is different from media service provider? IS service has its own database and subscriber information. (e.g. IS has a dedicated AAA server.)
2/23/2019

8. Non-subscription based IS
MIH message authenticity and integrity are independent to transport protocol.
Mutual authenticated key establishment via a trusted third party (e.g. CA).
Each MIHF is identified by TTP with MIHF-ID.
MIH message authenticity and integrity depend on transport protocol.
Media service provider offers free IS service and also
share keys with the PoS through access authentication.
A CA can bind a public key with a MIHF identity. However, the CA may have no control on creditability and accountability of the MIHF entity.
2/23/2019

9. Event Service (ES) and Command Service (CS)
Is it likely that ES and CS are non- subscription based (i.e. with a centralized service provider, centralized billing/charging)?
Is a media service provider playing any role in ES and CS, besides possibly implement ES and CS service in MNs and NNs?
Can we assume that a PoS located in home network is necessarily a home network entity?
2/23/2019

10. Summary and More Questions
If a service is non-subscription based or the service provider is different from the media provider, then the terms like “home domain” and “visited network” will have new meaning or even not be meaningful.
Shall we re-define these terms?
Shall we consider all the different situations?
If we select some cases to be included, what are they?
If depending on transport protocol to provide security for MIH service, then in “home domain” may mean a lot.
2/23/2019