1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: xxx
Title: MIH Security – Use Case Issue Discussions
Date Submitted: May 9, 2008
Presented: May 14, 2008, Jacksonville, FL
Authors or Source(s):
Lily Chen (NIST)
Abstract: Discuss and clarify some basic issues to be reflected in TR.

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development

3. What is essential for home vs. visited in the sense of security?
Are home domain and visited domain defined in the exact same meaning as Mobile IP? If so, should AAA be in the picture?
However, for Mobile IP, the difference between the home domain and visited domain is more on its routing aspects.
For MIH messages transported at L3, the difference is on the service discovery capability.
They are not defined to facilitate the trust assumptions, besides an AAA server.

4. AAA Server Shall we consider AAA server as a part of network?
Can it be a case that AAA server works for a MIH service access controller and also network access controller?

5. Access control (Section 3.1.1)
If access control is applied to a MIH service, then two cases shall be considered:
Network access controller (media service provider) is the same as the MIH service access controller (EAP/AAA server, HLR/AuC, etc)
Network access controller (media service provider) is different from the MIH service access controller (e.g. dedicated AAA servers for MIH service).

6. Session keys for MIH peers (Section 3.1.1 add “key establishment”)
If mutual authentication is conducted between the MIH peers, then two scenarios:
Establish session keys for authenticity/integrity and confidentiality (MIHF to MIHF).
Do not establish session keys and depend on transport protocol to provide authenticity/integrity and confidentiality. That is, the protections are not MIH specific.

7. Relations among different security aspects (Section 1.1.2)
MIH Access control?
Access Authentication (maybe mutual through access controller, e.g. service provider)
yes no
Mutual Authentication (through a Trusted Third Party, e.g. PKI)
Key establishment (MN and PoS)
MIH Authenticity/integrity and confidentiality
MIH specific auth?
Transport Authenticity/integrity and confidentiality
MIH specific protection?
The transport protections may or may not in the place
Access control for IS may not be always applied.

8. Suggestions on Use Cases – Security Aspects
A use case shall reflect the basic security aspects
Whether MIH access control is applicable and by whom (same as network access controller or not)
Whether mutual authentication is applicable and in which way (centralized or peer to peer through TTP).
Whether MIH specific protections (keys and algorithms) are applicable.
The current use cases mixed different aspects together. They shall be more explicit.

9. Suggestions on Use Cases – Service locations
For home, visited, third party services, a use case shall reflect
Whether the home and visited facilitate the same security mechanisms, e.g. home service has no access control while visited service has access control; home service depends on transport protocol to protect MIH messages while visited service applies MIH specific protections.
Whether the home and visited service have agreements on MIH service roaming.
The current use cases emphasize the aspects on the home, visited, the third party service, which are not directly related to the MIH security discussions.

10. Suggestions on Use Cases – Threats
A use case shall reflect specific threats
How and why an attack is possible and so be a threat.
The current threats listed in the use case are rather general. Especially,
DoS attack must be further detailed to see whether it is a threat.