Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute.

Similar presentations


Presentation on theme: "Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute."— Presentation transcript:

1 Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute for Infocomm Research (I 2 R)

2 Do we trust SSL? Of Course. SSL is successful and efficient. What are the features of SSL? Use strong cryptosystem Fewer certificates involved (only servers are required certificates and the correspondent clients are not)

3 SSL Framework Server (Certificate distributed) Internet Client (without Certificate) SSL tunnel Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … VeriSign S1 … SiSi MS SaSa … Sn … Fragment PKI

4 SSL framework SSL vs CBU Server (Certificate distributed) Internet Client (without Certificate) SSL tunnel CBU framework HA Internet CN Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … VeriSign S1 … SiSi MS SaSa … Sn … Fragment PKI MN

5 Design Consideration/Goal MN authenticates itself to CN & sets up a key for secure BU Employs PKC, secure against powerful intruder No PKC operations performed at MNs Issue certificate for home link, not MNs (i. e., public key binds with home link, not with individual IP address)

6 Protocol HA is a security proxy of MN, it’s transparent to CN EXCH0 contains HA’s signature on HoA, g x and a time stamp; it testifies that HoA belongs to HA, authenticates g x to CN MN HA CN REQCOOKIE0 COOKIE1 REPEXCH1 (g y ) EXCH0 (g x ) k= (g x ) y BU BA BC Long term messages Short term messages

7 Benefits Strong cryptosystem Do not need the certificates of mobile devices Against session hijacking Against MN flooding More suitable for fast handover Reduce the computing and communication requirements on the mobile devices High overall performance


Download ppt "Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute."

Similar presentations


Ads by Google