Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

Published byLorin Copeland Modified over 8 years ago

Similar presentations

Presentation on theme: "MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks."— Presentation transcript:

1 MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks

2 Overview MIP6-bootstrapping for the Integrated Scenario –draft-ietf-mip6-bootstrapping-integrated-dhc-06 –Aligns with Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction draft-ietf-dime-mip6-integrated-09 Since last updated added: Mobile IPv6 bootstrapping in split scenario –draft-ietf-mip6-bootstrapping-split-07 –Aligns with Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction draft-ietf-dime-mip6-split-10

3 Next steps Resolve EDITOR’s notes Align the attributes with the DIME drafts –Final check as the other documents are close to being published. Make sure goals from: AAA Goals for Mobile IPv6 (draft-ietf-mext-aaa-ha-goals-01) are covered. –See next slide Write security consideration section Update Diameter compatibility section. Working Group last call post IETF-72?.

4 Issue with IKEv2 and PSK As per “AAA Goals for Mobile IPv6”: G2.12 The HA MUST be able to authenticate the MN through the AAAH in case a pre-shared key is used in IKEv2 for user authentication. – We don’t support that (nor does DIME-SPLIT). When IKEv2 is used with PSK-based initiator authentication, the pre-shared secret is carried inside the MIP-MN-HA-MSA AVP This is a mistake, since the AAA is not authenticating the MN and also the PSK should NOT be sent raw but instead the PSK should be digested as per 4306: AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), )

5 Possible Solution To comply to the above, –Along with the AUTH data, the HA needs to send the IKEv2 msg, the Nr, the value prf(SK_pi,IDi') and the negotiated PRF function to the AAA. –The AAA can now compute its own version of the AUTH and compare it to that received from the HA – as per 4306 section 2.15) –If successfully authenticated, the AAA returns the prf(PSK,”Key Pad for IKEv2”) so that the HA can compute its own AUTH when it sends a response. Issues: –The AAA and HA have use the same PRF function. How does the HA know what PRF function is supported by the AAA? –For RADIUS we need to come up with a way to carry the IKEv2 message, the Nr, and the value prf(SK_pi,IDi') Attributes are limited to 253 octets and packet is limited to 4k octets.

Download ppt "MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks."

Similar presentations

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003

A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
A RADIUS Attribute for SAML Messages draft-ietf-abfab-aaa-saml-01 ABFAB, IETF 80.

A RADIUS Attribute for SAML Messages draft-ietf-abfab-aaa-saml-01 ABFAB, IETF 80.
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.

(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
DIME WG IETF 79 DIME WG Status & Other Stuff Thursday, November 11, 2010 Jouni Korhonen, Lionel Morand.

DIME WG IETF 79 DIME WG Status & Other Stuff Thursday, November 11, 2010 Jouni Korhonen, Lionel Morand.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.
July 16, 20031 Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

Similar presentations

Ads by Google