Presentation on theme: "Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., Wing C. Lau, Qualcomm Inc., Notice:"— Presentation transcript:
Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., email@example.com Wing C. Lau, Qualcomm Inc., firstname.lastname@example.org Notice: QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.
Problem Statement WLAN IW requires that the PDIF and HA to be in the same 3GPP2 system If the PDIF is in a visited 3GPP2 system, need a solution for the visited 3GPP2 system to dynamically assign a MIPv4 HA Currently, 835-D supports dynamic MIPv4 HA assignment by the home 3GPP2 system
Proposal Summary HAAA authorizes the Visited Network (VN) to assign HA PDIF carries out the dynamic HA assignment in the VN HA in VN fetches MN-HA shared key from HAAA HAAA (instead of HA) performs DNS update Based on RADIUS –Similar concepts can be used for Diameter Applicable for MIPv4 FA CoA or CCoA operation
Dynamic HA Assignment During IKEv2 exchange, PDIF in the VN sends RADIUS Access- Request containing a 3GPP2 VSA “HA_Assign_Request” –The presence of this VSA indicates that the MS has indicated (via IKEv2) to PDIF that the MS wants VN to assign a HA. HAAA responds with RADIUS Access-Accept containing a 3GPP2 VSA “HA_Assign_Authorized” –The presence of this VSA indicates that the HAAA authorizes the VN to assign a HA. PDIF assigns a HA for the MS. –How PDIF assigns HA is outside the scope. This is analogous to IS-835 that how HAAA assigns HA is outside the scope. PDIF conveys the assigned HA to the MS via IKEv2 3GPP2-specific vendor payload. MS performs Mobile IP registration with the assigned HA. –MS may use the FA CoA mode or CCoA mode.
MN-HA Key Distribution Upon receiving the RRQ, HA needs the MN-HA shared key to verify the MN-HA Authenticator in the RRQ. The mechanisms described in IS-835 can be used for the HA to fetch MN-HA shared key from HAAA. –HA sends RADIUS Access-Request including the 3GPP2 VSA “MN-HA SPI” to request the MN-HA shared key. The RADIUS message traverses through the VAAA acts as a proxy. –HAAA responds with RADIUS Access-Accept including the 3GPP2 VSA “MN-HA Shared Key” containing the key encrypted using the HAAA- VAAA shared secret. Encryption is based on MD5 and described in section 3.5 of RFC 2868. –VAAA uses the HAAA-VAAA shared secret to decrypt the “MN-HA Shared Key” VSA and uses the VAAA-HA shared secret to encrypt the “MN-HA Shared Key” VSA. Configuration of HAAA-VAAA shared secret and VAAA-HA shared secret are outside the scope.
DNS Update To support IP Reachability Service, HAAA performs DNS update. –Why? DNS update by the HA would require security association between the HA in the visited network and DNS server in the home network. The same mechanisms in IS-835 are used for DNS update.
Recommendations Adopt the proposal herein Similar concepts can be used for MIP6 If adopted, will bring stage-3 text in the next meeting