Presentation is loading. Please wait.

Presentation is loading. Please wait.

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

Published byTrevor West Modified over 8 years ago

Similar presentations

Presentation on theme: "San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta."— Presentation transcript:

1 San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta Ivano Guardini Elena Demaria Telecom Italia Lab (TILab) Julien Bournelle Maryline Laurent-Maknavicius GET/INT

2 MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 2 Overview Solution for bootstrapping Mobile IPv6 relying on a AAA infrastructure Bootstrapping is performed during the authentication phase for network access –the basic assumption is that network access and mobility services are provided by the same entity (i.e. Integrated ASP) –re-use of network access credentials The interaction between the MN and the Home AAA server is realized using EAP –exploits the capability of several EAP methods to carry arbitrary parameters together with authentication data

3 MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 3 Protocol architecture Mobile Node Router or Access Point (pass through) AAA Server AAA Client Home Agent AAA-HA Protocol Configuration Data EAP Exchange L2/L3 Access Protocol (IEEE 802.1x, PANA) AAA Protocol (Diameter/RADIUS) Authentication for network access MIPv6 Authorization and Configuration

4 MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 4 Advantages No changes needed on access equipment –easier deployment (particularly in roaming scenarios) –works with existing equipment (e.g. IEEE 802.1X APs) Both RADIUS and Diameter can be used between NAS and AAA infrastructure MN-HA IPsec SA can be setup from the keying material exported by the EAP method Could be used also over IKEv2 exploiting its support for EAP authentication –MIPv6 bootstrap from access networks with no EAP support (e.g. WLAN hotspots where initial logon occurs using HTTP)

5 MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 5 Requirements on EAP methods Mutual Authentication Integrity Replay Protection Confidentiality (*) Exchange of arbitrary parameters PEAPv2 XXXXX EAP-FAST XXXXX EAP-TTLS XXXXX EAP-IKEv2 XXXXX EAP-SIM XXXXX EAP-AKA XXXXX EAP-TLS XXXX EAP-MD5 (*)Only if the secret for bootstrapping the IPsec SA is not derived from the EAP key hierarchy

6 MIPv6 authorization and config. based on EAP August, 2004 IETF 60 th – mip6 WG draft-giaretta-mip6-authorization-eap-01 6 Next steps Extension of the I-D with support for IKE authentication methods other than PSK –e.g. certificates Specification of the AAA-HA interface –a viable approach is the development of a new Diameter application –another solution might be the leverage of SNMPv3 –we should start with the collection of requirements (new I-D?) Definition of an AMSK for Mobile IPv6 –bootstrapping MN-HA IPsec SA from the EAP key hierarchy –a new I-D is probably needed

Download ppt "San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta."

Similar presentations

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Omniran-13-0040-00-0000 1 3GPP Trusted WLAN Access to EPC Use Case Analysis Date: 2013-05-15 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.

Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Similar presentations

Ads by Google