Securing Access to Mobile Operator Core Networks using IKEv2

Slides:



Advertisements
Similar presentations
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Evaluation of an internet protocol security based virtual private network solution Thesis written by Arto Laukka at TeliaSonera Finland Oyj SupervisorProfessor.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
K. Salah1 Security Protocols in the Internet IPSec.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
Industrial Strength Security for an Insecure World
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Network Mobility Yanos Saravanos Avanthi Koneru. Agenda Introduction Problem Definition Benchmarks and Metrics Components of a mobile architecture Summary.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Karlstad University IP security Ge Zhang
FINAL YEAR PROJECT. FINAL YEAR PROJECT IMPLEMENTATION OF VPN USING IPSEC.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
An Analysis on NAT Security
CSCI 465 Data Communications and Networks Lecture 26
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Virtual Private Networks
IPSec Detailed Description and VPN
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
Virtual Private Networks (VPN)
Virtual Private Networks
Virtual Private Network (VPN)
Virtual Private Network
CSE 4905 IPsec.
Encryption and Network Security
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
SECURING NETWORK TRAFFIC WITH IPSEC
Internet and Intranet Fundamentals
IT443 – Network Security Administration Instructor: Bo Sheng
UNIT.4 IP Security.
IPSec IPSec is communication security provided at the network layer.
CIT 480: Securing Computer Systems
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
Virtual Private Network (VPN)
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Goals Introduce the Windows Server 2003 family of operating systems
Sheila Frankel Systems and Network Security Group, ITL
Security Protocols in the Internet
Virtual Private Networks (VPNs)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Virtual Private Networks (VPNs)
Virtual Private Networks (VPN)
B. R. Chandavarkar CSE Dept., NITK Surathkal
Lecture 36.
Lecture 36.
Cryptography and Network Security
Presentation transcript:

Securing Access to Mobile Operator Core Networks using IKEv2 16.1.2006 Master’s Thesis Author Pekka Nurmi Supervisor Joerg Ott September 21, 2018

Agenda Background Methodology Security Protocols for IP Networks Operator’s Network Architectures Testing IKEv2 Implementations Feasibility in Operator’s Environment Conclusions September 21, 2018

Background Amount and the value of the internet traffic grows Insecurity of the networks, risks grow IP based networks -> IP security (IPsec) Enhanced version of the IPsec defined by the IETF in December 2005 New key exchange protocol IKEv2 more efficient more secure First implementations during 2006 need for testing in Mobile Operator’s environment ” Is the IKEv2 based Virtual Private Networks (VPNs) feasible in an operator’s network environment? ” September 21, 2018

Methodology The study is conducted in three parts 1. Literature study Security protocols for IP networks (IETF) Operator’s network Architectures (3GPP) Testing 3 Cases = 3 different IKEv2 implementations Measurements using network analyzer tools Feasibility evaluation Operator solutions Issues and improvements September 21, 2018

Security Protocols for IP networks 1/3 IPsec creates VPN tunnels and provides security for the insecure IP protocol access control, connectionless integrity, data origin authentication, confidentiality, and anti-replay protection Security protocols Encapsulating Security Payload (ESP) Authentication Header (AH) Key management Internet Key Exchange (IKEv2) September 21, 2018

Security Protocols for IP networks 2/3 IKEv2 Key negotiation protocol for performing mutual authentication and setting up IPsec security associations 4 message exchanges IKE_SA_INIT and IKE_AUTH CREATE_CHILD_SA INFORMATIONAL MOBIKE IKEv2 Mobility and Multihoming protocol VPN client can move and change address without breaking the SA New protocol; no implementations tested yet September 21, 2018

Security Protocols for IP networks 3/3 IKEv2 authentication in operator’s network AAA protocol (RADIUS, Diameter) EAP-SIM SIM card based authentication EAP-AKA for 3G September 21, 2018

Operator’s Network Architectures 1/3 Access Networks GERAN / UTRAN WLAN Core Network CS & PS domains AAA services IMS services September 21, 2018

Operator’s Network Architectures 2/3 IMS services using IKEv2 Tunneled connection to the operator’s PDG September 21, 2018

Operator’s Network Architectures 3/3 Mobility management in IKEv2 (in 3GPP2) MOBIKE for intra Access Network handoff MIP for inter AN handoff September 21, 2018

Testing IKEv2 Implementations 1/3 Case 1 IP based solution laptop client (Linux) Case 2 Mobile phone client (Symbian S60) Case 3 3G and IP based solution (TTG) 2 clients Laptop (Windows XP) PDA (Windows Mobile 5.0) September 21, 2018

Testing IKEv2 Implementations 2/3 Test Case Architectures Cases 1 & 2 September 21, 2018

Testing IKEv2 Implementations 3/3 Case 3 September 21, 2018

Testing IKEv2 Implementations 4/4 Measurement results September 21, 2018

Feasibility in Operator’s Environment 1/4 Present Situation Approx. 86 % of organizations (turnover >10M€) in Finland used VPN solutions already in 2005. Nearly 70% of mobile workers used VPN by 2006 in the U.S. IPsec is the most popular VPN technology VPN business is centralized between a few big vendors September 21, 2018

Feasibility in Operator’s Environment 2/4 Solution 1 Hosted VPN access to an enterprise’s intranet Same service for the 3G and IP (e.g. WLAN) access SIM-card based authentication in both cases September 21, 2018

Feasibility in Operator’s Environment 3/4 Solution 2 Bundle several secure network access elements in one package Laptop/mobile phone 3G and WLAN SIM-card IKEv2/IMS VPN client for enterpises and consumers September 21, 2018

Feasibility in Operator’s Environment 4/4 Issues and Improvements Choices for Clients Interoperability Mobility management Signalling traffic optimization September 21, 2018

Conclusions Secure connections are needed IKEv2 and IPsec specifications provide enhanced IP security IKEv2 implementations appear to be promising technology A few important issues to solve with every tested implementation IMS services can be used safely through an IKEv2 tunnel Large-scale scalability testing needed The old security solutions are still valid, but for how long? September 21, 2018

The Nordic and Baltic telecommunications leader September 21, 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.