MIKEY-IBAKE and LI Requirements. All Rights Reserved © 2010 Alcatel-Lucent Page 2 | Introduction 3GPP TSG-SA WG3-LI adopted requirements for LI relating.

Slides:



Advertisements
Similar presentations
Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.
Advertisements

A Survey of Key Management for Secure Group Communications Celia Li.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.
Developments in the ETSI NFV Security Expert Group
Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P. Ketchpel, Narayanan Shivakumar Stanford University Presented.
Lawful Interception in 3G IP Multimedia Subsystem
Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Submission October 2011 doc.:IEEE /1517r0 Santosh Abraham, Qualcomm Incorporated Efficient Device and Service Discovery for Peer-to-Peer (P2P)
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.
IEEE-1588 IEEE-1588 – Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems Defines a Precision Time Protocol.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Monitoring Architecture for Lawful Interception in VoIP Networks Second International Conference on Internet Monitoring and Protection (ICIMP 2007), IEEE.
An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.
© NOKIADEFAULT.PPT / / AO page: 1 USIM requirements and structure NOKIA Mobile Phones TSGT3#3(99)082.
NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
E-Detective HTTPS/SSL Interception – MITM & Proxy Decision Group
Cryptography and Network Security (CS435) Part One (Introduction)
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho c-requirements-and-procedures Title: c Requirements and Procedures Date Submitted:
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.
NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0032 Date Submitted: Source: Inuk Jung, Kiseon.
Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Network-Initiated Handover Procedure Update Date Submitted: October.
OSI ARCHITECTURE IN OSI, ACTUAL INFORMATION IS OVERHEADED BY PROTOCOL LAYERS IF ALL SEVEN LAYERS ARE OVERHEADED, THEN AS LITTLE AS 15% OF THE TRANSMITTED.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
NETLMM Applicability Draft (Summary) 28 Sep
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposed Presentation for 3GPP Date Submitted: September,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Registration Amendments Date Submitted: Nov.13, 2006 Submitted for discussion.
Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Doc.: IEEE /1963r0 Submission May 2007 Gottfried Punz, Siemens AustriaSlide 1 SA2 Status and Interest in IEEE u Date: Authors:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
3GPP TSG RAN WG2 meeting #92 Nanjing, China 23-27, May 2016 R
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposed Presentation for 3GPP Date Submitted: August,
Teleconference Agenda
IEEE MEDIA INDEPENDENT HANDOVER
NETLMM Applicability Draft (Summary)
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Global Standards Collaboration (GSC) 14 Security and Lawful Intercept
TLS and DLP Behind the green lock.
Cryptography and Network Security
NFD Tunnel Authentication
Wireless + TSN = Part of the Picture
Presentation transcript:

MIKEY-IBAKE and LI Requirements

All Rights Reserved © 2010 Alcatel-Lucent Page 2 | Introduction 3GPP TSG-SA WG3-LI adopted requirements for LI relating to the use of operator applied encryption in 3GPPSA3#37-LI  SA3LI10_039r5 This contribution provides comparison of MIKEY-IBAKE as specified in TR against these requirements

All Rights Reserved © 2010 Alcatel-Lucent Page 3 | LI Requirements for Encrypted Services (1/5) 1. When an encryption service is provided by the PLMN, lawful interception shall take place as for a non encrypted communications. a. In addition encrypted communications shall be decrypted, or the decryption keys and any required associated information (e.g. roll over counters) shall be provided to the LEMF. b. For the specific case where a key server based solution is used, it is a national option for the operator to make keys and any associated information (e.g. roll over counters) directly available to the LEMF for the decryption of communications MIKEY-IBAKE: MIKEY-IBAKE: The session is re-routed through the Lawful MITM which decrypts it and delivers the un-encrypted traffic to the LEMF.

All Rights Reserved © 2010 Alcatel-Lucent Page 4 | LI Requirements for Encrypted Services (2/5) 2. Interception shall be performed in such a manner as to avoid detectability by the Target or others. In particular: a. There shall be no significant difference in latency during call setup or during communications compared to a non intercepted communications. MIKEY-IBAKE: MIKEY-IBAKE: There is no perceivable increase in latency due to re- routing through MitM or reprocessing of user data. b. Interception of a Target shall not prevent the use of key exchange applications which provide a user key confirmation mechanism. MIKEY-IBAKE: MIKEY-IBAKE: Protocol manipulation by Lawfully Authorized MitM prevents detectability as presented in accompanying discussion paper c. Should interception fail during a call (or during call setup), the call shall be unaffected MIKEY-IBAKE: MIKEY-IBAKE: Failure of Lawfully Authorized MitM is undetectable.

All Rights Reserved © 2010 Alcatel-Lucent Page 5 | LI Requirements for Encrypted Services (3/5) 3. Where the PLMN operator provides decryption of the communication, it is the operator’s choice where in the network this decryption is performed. However, following decryption, all IRI and CC shall be provided to the LEMF using handover mechanisms as per a non encrypted communication. MIKEY-IBAKE: MIKEY-IBAKE: This requirement is independent of key exchange mechanism.

All Rights Reserved © 2010 Alcatel-Lucent Page 6 | LI Requirements for Encrypted Services (4/5) 4. An encryption solution shall not prohibit commencement of Interception and decryption of an existing communication. MIKEY-IBAKE: MIKEY-IBAKE: This requirement is supported by the network-initiated re-keying feature of MIKEY-IBAKE. During the re-keying procedure, the Lawfully authorized MitM is invoked, and remains in the communication path for the duration of the session.

All Rights Reserved © 2010 Alcatel-Lucent Page 7 | LI Requirements for Encrypted Services (5/5) 5. If key material and any associated information are available, it shall be possible to retrospectively decrypt encrypted communications. MIKEY-IBAKE: MIKEY-IBAKE: If all encrypted communication content and associated key material are retained, encrypted communications can be decrypted.

All Rights Reserved © 2010 Alcatel-Lucent Page 8 |

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.