Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

Published byEzra Lester Modified over 8 years ago

Similar presentations

Presentation on theme: "1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee."— Presentation transcript:

1 1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee

2 2 What’s in the TIA-835-2-C standard for Simple IP 3.2.1.3PPP Session Authentication The PDSN shall support the two authentication mechanisms: CHAP and PAP. The PDSN shall also support a configuration option to allow an MS to receive Simple IP service without CHAP or PAP. The PDSN shall propose CHAP in an initial LCP Configure- Request message that the PDSN sends to the MS during the PPP establishment. If the PDSN receives an LCP Configure-NAK from the MS containing PAP, the PDSN shall accept PAP by sending an LCP Configure-Request message with PAP. If the PDSN … is configured to allow the MS to receive Simple IP service without CHAP or PAP, the PDSN shall respond with an LCP Configure- Request without the Authentication-Protocol option and shall adhere to the guidelines in Section 3.2.2.1 for NAI construction for accounting purposes.

3 3 What’s in the TIA-835-2-C standard for Mobile IP 4.2.1.3Authentication The PDSN shall initially propose CHAP in an LCP Configure- Request message to the MS. The PDSN shall re-send an LCP Configure-Request message without the authentication option after receiving the LCP Configure-Reject (CHAP or PAP) from the MS. 4.2.2.1Agent Advertisements For the MS that uses Mobile IP, the PDSN shall begin transmission of an operator configurable number of Agent Advertisements 4.2.2.3MIP Extensions [PDSN Requirements] The PDSN shall include the MN-FA Challenge Extension [RFC 3012] in the Agent Advertisement.

4 4 What’s in the TIA-835-2-C standard for Mobile IP (cont.) 4.2.3MIP Authentication Support [Home Agent Requirements] When the HA receives an RRQ from a PDSN, it authenticates the RRQ using the MN-HA shared key. …Based on the policy of the home network, the HA may also process the MN-AAA Authentication Extension as specified in RFC 3012, if included in the RRQ. 4.5.2.3MIP Extensions [MS Requirements] The MS shall include the MN-NAI Extension [RFC 2794], MN-HA Authentication Extension [RFC 2002], MN-FA Challenge Extension [RFC 3012], and MN-AAA Authentication Extension [RFC 3012] in the RRQ message. …The MS shall compute the MN-AAA Authentication Extension, according to RFC 3012, based on the shared secret the MS has with the Home RADIUS server. … The MS may use the same shared-secret or different shared secrets in the computation of the MN-AAA Authentication Extension and MN- HA Authentication Extension.

5 5 What’s in the TIA-878-1 standard 2.4.1.3Access Authentication The AT shall support CHAP for the PPP instance on the access stream. If the AN supports access authentication, the AN shall support CHAP for the PPP instance on the access stream. In this case, the AN shall always propose CHAP as a PPP option … 2.4.2AN-AAA Support If the AN supports access authentication and the A12 interface, the AN shall support the RADIUS client protocol… and shall communicate user CHAP access authentication information to the visited AN-AAA in an Access-Request message on the A12 interface. For an AN-AAA to recognize that the transaction is related to access authentication, the Access-Request message may contain an additional 3GPP2 vendor specific attribute.

6 6 Summary of what’s in the standards  PDSN-level authentication is optional for Simple IP service. –PDSN may allow Simple IP service without CHAP or PAP.  PDSN-level authentication is mandatory for Mobile IP service. –PDSN shall support Mobile IP authentication. –The Home-AAA shall validate the MN-HA Authentication Extension, and may also process the MN-AAA Authentication Extension –MN-HA and MN-AAA authentication may use the same or different shared secret.  A12 AN-level authentication is optional. –A12 and AN-level authentication are completely independent of PDSN- level authentication. (Separate PPP sessions.) –If used, AN-level authentication is performed first. If successful, then proceed to PDSN-level authentication.  In addition, CDG Document 79 “Wireless Data Roaming Requirements and Implementation Phase 1” recommends that the visited network should require authentication and authorization with the AN-AAA.

7 7 Some Terminology  AN_NAIthe NAI sent in the PPP session for AN-level authentication (e.g., user@OperatorA.com)  PDSN_NAIthe NAI sent in the PPP session for PDSN-level authentication (e.g., user@OperatorP.com)  Operator Aoperator providing Simple IP service and using AN-level authentication for their subscribers  Operator Poperator providing Mobile IP service and using PDSN-level authentication for their subscribers  AN P Operator P’s Access Network  AN-AAA P Operator P’s AAA connected via A12 to the AN  PDSN P Operator P’s PDSN  PDSN-AAA P Operator P’s AAA connected to the PDSN  AN_NAI P the NAI sent for AN-level authentication, when the NAI has Operator P’s domain name (e.g., user@OperatorP.com)  PDSN_NAI P the NAI sent for PDSN-level authentication, when the NAI has Operator P’s domain name

8 8 EV-DO Architecture Reference Model

9 9 Call Flow: Auth in Operator P Network

10 10 Call Flow: Auth in Operator A Network

11 11 Call Flow: Roaming Auth in Operator P

12 12 Call Flow: Roaming Auth in Operator A

13 13 Potential Attack: Attacker in Operator P

14 14 Potential Attack: Attacker in Operator P (cont.)  NAI and Authentication at the AN level and the PDSN level are independent and can be different.  Attacker uses AN_NAI P at AN level, causing AN-level authentication to be skipped because Operator P thinks this is his own user, and authentication will be performed at the PDSN level.  Attacker uses PDSN_NAI A at PDSN level, causing –PDSN-level authentication to be skipped because Operator P thinks the user is a roamer and the authentication has been performed at the AN level; or –If Operator P forwards the authentication request to Operator A’s PDSN- AAA, the attack still succeeds if the attacker knows Operator A’s default CHAP password, because Operator A will return Access-Accept. The attack scenario is possible even if the standards are strictly followed.

15 15 Solution to the Attack  Ensure that AN_NAI and PDSN_NAI are the same. –The network must verify that the Device attempting access is associated with the Subscription receiving services.  AN shall report the AN_NAI (the NAI that is used by the AT at system access) to the PDSN by including it in the A11- Registration Request message.  PDSN shall verify that the PDSN_NAI received from the AT in the CHAP response matches the AN_NAI received from the AN in the A11-Registration Request message. If the two NAIs don’t match, terminate the session.  Requires minor A11 interface change to carry the AN_NAI (e.g., HRPD AT_ID) to the PDSN.  Could be viewed as implementation issue, but would require coordination of proprietary solutions between the Operators.

Download ppt "1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee."

Similar presentations

Authentication.

Authentication.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
SK Telecom Proprietary 1 1x EV-DO Roaming Issues June 18, 2004 Bryan Kim Network R&D Center SK Telecom.

SK Telecom Proprietary 1 1x EV-DO Roaming Issues June 18, 2004 Bryan Kim Network R&D Center SK Telecom.
1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 12 Point-to-Point Access: PPP.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 12 Point-to-Point Access: PPP.
Labcourse “Routerlab”

Labcourse “Routerlab”
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
Gursharan Singh Tatla SLIP and PPP 27-Mar-2011 1

Gursharan Singh Tatla SLIP and PPP 27-Mar
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
1 Data Communications Point-to-Point Protocol (PPP)

1 Data Communications Point-to-Point Protocol (PPP)
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
K. Salah 1 Chapter 12 Point-to-Point Access: PPP.

K. Salah 1 Chapter 12 Point-to-Point Access: PPP.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
PPP Protocol PPP Stack -Establish a link (Link Control Protocol) -Authenticate Parties involved (Authentication Protocols) -Carry Network Layer (Network.

PPP Protocol PPP Stack -Establish a link (Link Control Protocol) -Authenticate Parties involved (Authentication Protocols) -Carry Network Layer (Network.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.

Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.

Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.

Similar presentations

Ads by Google