Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Published byLizbeth McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable."— Presentation transcript:

1 Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non- discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.

2 Introduction and Outline PANA is complex at many levels  Too many documents  Too many protocols Unnecessarily too deep in the stack  Need IP address to operate Complex Architecture More susceptible to DoS attacks Configuration Complexity Fundamental issues raised at the IETF Not a coincidence that it is not used anywhere yet!

3 PANA Document List WG Documents  draft-ietf-pana-cxtp draft-ietf-pana-cxtp  draft-ietf-pana-mobopts draft-ietf-pana-mobopts  draft-ietf-pana-preauth draft-ietf-pana-preauth  draft-ietf-pana-snmp draft-ietf-pana-snmp  draft-ietf-pana-statemachine draft-ietf-pana-statemachine  draft-ieft-pana-aaa-interworking draft-ieft-pana-aaa-interworking  draft-ietf-pana-framework draft-ietf-pana-framework  draft-ietf-pana-ipsec draft-ietf-pana-ipsec  draft-ietf-pana-pana draft-ietf-pana-pana  RFC 4058 RFC 4058 RFC 4058  RFC 4016 RFC 4016 RFC 4016  draft-ietf-pana-usage-scenarios draft-ietf-pana-usage-scenarios Related documents  draft-anjum-pana-location-requirements-00.txt draft-anjum-pana-location-requirements-00.txt  draft-bournelle-pana-mobopts-analysis-00.txt draft-bournelle-pana-mobopts-analysis-00.txt  draft-forsberg-pana-skc-00.txt draft-forsberg-pana-skc-00.txt  draft-marin-pana-ieee80211doti-00.txt draft-marin-pana-ieee80211doti-00.txt Evidently, a long list of documents to even parse, let alone implement!

4 Fundamental Issues with PANA IETF Security AD Evaluation of PANA:  “The PANA WG seems to have a fundamental misunderstanding about 802.11i. I believe that the people involved in the PANA WG have been told about their misunderstanding by the editor of 802.11i (Jesse Walker from Intel), and it seems that this input was ignored this input. As a result the PANA specification that will not work at all in wireless LANs that deploy 802.11i.”

5 Fundamental Issues with PANA IETF Security AD Evaluation of PANA:  “An Access Point that implements 802.11i will silently discard all PANA traffic, and as a result, the PANA usage scenarios 802.11i (either TKIP or CCMP, which are called WPA and WPA2 by the WiFi Alliance) cannot work as described.”

6 PANA Architecture PaCPAAAS EP PANA AAA/LDAP/API SNMP/ API IKE/ 4-way HS

7 Protocols Involved in PANA EAP over PANA  EAP (RFC3748)  IPsec  PANA-SNMP  CxTP  PANA-AAA EAP Method Secure Association Protocol  802.11i 4-way exchange  802.16e 3-way exchange  IKE  Key management still separate and diverse for different access technologies

8 Protocols Involved – EAPoHRPD EAP over HRPD  EAP (RFC3748) EAP Method GEE

9 Protocol Layering HRPD EAP Layer Peer Layer Method1Method2 GEE Layer UDP EAP Layer Peer Layer Method1Method2 IPLower LayerPANA EAPoPANA Peer Stack EAPoHRPD Peer Stack

10 DoS Impacts Worst case impact on system (EAP over PANA)  L2 AND L3 equipment!  More layers to launch DoS attacks  DHCP-based attacks possible Worst case impact on system (EAPoHRPD)  L2 equipment only!

11 Comparison (1 of 2) EAP over HRPD EAP over PANA Number of OTA messages required  7 7 7 7  7 (not counting AT obtaining IP address) NOTE: If not optimized via piggybacking,  13 EAP methods supported AllAll Integrity protection of EAP messages Yes (dependent upon EAP method) Yes Encryption of attributes in EAP messages Yes (dependent upon EAP method) Reliable, in-order delivery Yes (via EAP retransmission and RLP retransmission/sequence numbers) Yes (via PANA retransmission/sequence numbers, EAP retransmission, and RLP retransmission/sequence numbers) Fragmentation Yes (via RLP or specific EAP method) IP address required No Yes (e.g, link-local)

12 Comparison (2 of 2) EAP over HRPD EAP over PANA Reliable indication that EAP exchange has completed successfully or failed Yes (dependent upon the EAP method) Yes Separate access authentication (NAP) and service authentication (ISP) supported YesYes Identity privacy supported Yes (dependent upon the EAP method) Bandwidth efficient Yes Requires UDP/IP header (maybe use ROHC to help) LightweightYes Not really 3GPP2 standards work required Yes (about the same as for EAPoPANA … see next slide) Yes (about the same as for EAPoHRPDRLP … see next slide) IETF momentum/industry adoption Yes (meaning EAP over a specific link-layer, not EAP over HRPD per se) Questionable … also, 3GPP2 dependent upon IETF to publish PANA RFCs in timely manner

13 PANA Timeline 2001 Start of PANA work 20022003200420052006?? Original Deadline Fundamental Issues Raised; Still in last call Start of EAPoHRPD work 20052006 Start Of GEE GEE to IESG EAPoHRPD/GEE Timeline EAPoHRPD Completion

14 Timeline EAPoHRPD  4Q of 2005 GEE  Submission to IESG by 5/1/06 PANA  Last call in progress  Fundamental issues raised by security AD No clear resolution seems possible  Work in progress for 5 years now; could prolong much longer

15 Conclusion Stating the obvious, no reason to use PANA  EAPoHRPD is simpler  EAPoHRPD with GEE does everything we need

Download ppt "Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable."

Similar presentations

WLAN IW Enhancement for IMS Support

WLAN IW Enhancement for IMS Support
WLAN IW Enhancement for Multiple Authentications Support Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to.

WLAN IW Enhancement for Multiple Authentications Support Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to.
Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian

Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian
Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.
Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu, Qualcomm Inc., Sanket S. Nesargi, Nortel, Nanying Yin,

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu, Qualcomm Inc., Sanket S. Nesargi, Nortel, Nanying Yin,
Inter-AGW HO Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material.

Inter-AGW HO Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material.
Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., Wing C. Lau, Qualcomm Inc., Notice:

Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., Wing C. Lau, Qualcomm Inc., Notice:
Www.huawei.com MIP6-HA-Local-Assignment-Capability indication to MS Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners.

MIP6-HA-Local-Assignment-Capability indication to MS Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners.
Tunneling Protocol Support for 1x CSFB from E-UTRAN

Tunneling Protocol Support for 1x CSFB from E-UTRAN
1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.
IP Connectivity for E911 in HRPD/PDS Networks Page 1 IP Connectivity for Emergency Calls in HRPD/PDS Networks 3GPP2 Meeting, 1/07 IP Connectivity for Emergency.

IP Connectivity for E911 in HRPD/PDS Networks Page 1 IP Connectivity for Emergency Calls in HRPD/PDS Networks 3GPP2 Meeting, 1/07 IP Connectivity for Emergency.
XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, 2014 3GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.

XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.
3GPP2 A30-20110907-008r0 3GPP2 C20-20110926-xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.

3GPP2 A r0 3GPP2 C xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.
HRPD Femto Local IP Access: Overview Peerapol Tinnakornsrisuphap Qualcomm October 27 th, 2008 3GPP2 Seoul,

HRPD Femto Local IP Access: Overview Peerapol Tinnakornsrisuphap Qualcomm October 27 th, GPP2 Seoul,
1 IP Service Authorization Support and Mobility Selection for X.S0011-E Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,

1 IP Service Authorization Support and Mobility Selection for X.S0011-E Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,
1 UATI-IP address mapping Peerapol Tinnakornsrisuphap David Ott Qualcomm.

1 UATI-IP address mapping Peerapol Tinnakornsrisuphap David Ott Qualcomm.
1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.

1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -

1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -
Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.

Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.

Similar presentations

Ads by Google