Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long.

Published byFelicity Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long."— Presentation transcript:

1 1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long

2 2 © 1999, Cisco Systems, Inc. Cisco Confidential Outline Requirements Architecture and trust Model VPN access Optimizations Conclusions

3 3 © 1999, Cisco Systems, Inc. Cisco Confidential Requirements Authentication of the HA and MN Authentication of the HA and FA Compulsory secure tunneling between the HA and the FA Roaming support to non-home wireless carrier networks (Could be ISP)

4 4 © 1999, Cisco Systems, Inc. Cisco Confidential Requirements The Handoff delay should be minimized. Dynamic Home Address Allocation Assurance of service offering to the Home- WL/ISP Dynamic Home Agent Allocation.

5 5 © 1999, Cisco Systems, Inc. Cisco Confidential Desirable Features No changes to the RADIUS protocols No Changes to IKE/IPsec No Changes to Mobile IP Perform IKE and IPsec in order to secure traffic into the corporate network It may not be feasible for HAAA to be outside the Firewall

6 6 © 1999, Cisco Systems, Inc. Cisco Confidential Architecture Foreign Wireless operators AAA Server 2Gnarrowband digital GSM IS-54/13 PDC Home Wireless operator or ISP HA Home AAA Server HA PDSN/FA

7 7 © 1999, Cisco Systems, Inc. Cisco Confidential Security HA-MN Shared Key HA and FA have Certificates Shared Key between FA and FAAA, and HA and HAAA

8 8 © 1999, Cisco Systems, Inc. Cisco Confidential Authentication-Basic Req Req (NAI) MNPDSNFAAA Advertisement HA HAAA Opt-AccessReply AccessReq AccessReply Home- WL/ISP Opt- AccessReq Opt-AccessReply IKE Messages (3 round trips) RegReply Req (NAI) Uses existing protocols Additionally uses NAI Draft Access Request and IKE can happen in parallel Uses existing protocols Additionally uses NAI Draft Access Request and IKE can happen in parallel

9 9 © 1999, Cisco Systems, Inc. Cisco Confidential Optimizations/Optional Flows Challenge Response Tokens IKE Private Payloads Public Key methods can be used to sign mobile IP Reg Req/Rep message IPSec or SSL between entities

10 10 © 1999, Cisco Systems, Inc. Cisco Confidential Opt-Challenge Response Req Req (NAI, opt- Challenge, responce) MNPDSNFAAA Advertisement (opt-Challenge) HA HAAA Opt-AccessReply AccessReq (CHAP) AccessReply Home- WL/ISP Opt- AccessReq (CHAP) Opt-AccessReply IKE Messages (3 round trips) RegReply Req (NAI) Uses existing protocols Additionally uses NAI Draft, and Challenge Response Uses existing protocols Additionally uses NAI Draft, and Challenge Response

11 11 © 1999, Cisco Systems, Inc. Cisco Confidential Opt-IKE Private Payloads Send mobile IP registration message as a Private Payload in IKE phase I messages Req Req (NAI) MNPDSNFAAA Advertisement HA HAAA Opt-AccessReply AccessReq AccessReply Home- WL/ISP Opt- AccessReq Opt-AccessReply IKE Messages (3 round trips) Uses existing protocols Additionally uses NAI Draft Have to define mobileip payload Uses existing protocols Additionally uses NAI Draft Have to define mobileip payload Req (NAI) RegReply

12 12 © 1999, Cisco Systems, Inc. Cisco Confidential Opt- Token Token is sent by the HA to the FA Option 1: HA generates a token (signing with Private Key) Option 2: Obtain the Token from Home-WL/ISP (Similar to OSP (Open Settlement Protocol- ETSI TIPHON)) MNPDSNFAAA HA HAAA Home- WL/ISP RegReply[Token] RegReply Req (NAI) Opt-Authorization Req[Token] Opt-Authorization Rep[Token]

13 13 © 1999, Cisco Systems, Inc. Cisco Confidential Conclusions Proposal uses existing protocols Optimizations for consideration

14 14 © 1999, Cisco Systems, Inc. Cisco Confidential References Mobile IP (RFC2002, draft-ietf-mobileip-mn-nai-00.txt, draft-ietf- mobileip-challenge-01.txt, draft-gupta-mobileip-inline- secparams-00.txt) IP Security (RFC2401, RFC2402, RFC2406) IKE (RFC2409) TIPHON Inter-domain, pricing, authorization, and usage exchange TS 101 321 V1.4.2 (1998-12)

15 15 © 1999, Cisco Systems, Inc. Cisco Confidential Enabling Wireless Data Services

Download ppt "1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.

INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Mobile Communications-Network Protocols/Mobile IP

Mobile Communications-Network Protocols/Mobile IP
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.

Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Mobile IP in Wireless Cellular Systems from several perspectives Charles E. Perkins Nokia Research Center.

Mobile IP in Wireless Cellular Systems from several perspectives Charles E. Perkins Nokia Research Center.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Sun Microsystems, Inc. Security for Mobile IP in the 3G Networks Pat R. Calhoun Network and Security Center Sun Microsystems, Inc.

Sun Microsystems, Inc. Security for Mobile IP in the 3G Networks Pat R. Calhoun Network and Security Center Sun Microsystems, Inc.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb. 2004.

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Similar presentations

Ads by Google