All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes.

Slides:



Advertisements
Similar presentations
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
WiMAX-EVDO interworking using mobile IP Peretz Feder, Ramana Isukapalli, and Semyon Mizikovsky, Alcatel-Lucent 1 IEEE Communications Magazine, vol. 47,
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN
Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: Agenda Item: SEC.
Wireless and Security CSCI 5857: Encoding and Encryption.
CDMA2000 Packet Data Network Evolution Huawei Technologies Co., Ltd. grants a free, irrevocable license to 3GPP2 and its Organizational Partners.
1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
1. WiMAX_NWG_Stage2 & Stage3. WiMAX Forum The WiMAX Forum is a nonprofit organization formed in 2001 to enhance the compatibility and interoperability.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Eugene Chang EMU WG, IETF 70
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
1 cdma2000 Packet Data Security Assessment Christopher Carroll Verizon Wireless April 11, 2001.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
QUALCOMM PROPRIETARY 3GPP2 Network Evolution Architecture Dec. 04, 2006 Lucent Technologies Nortel Networks Qualcomm Inc. Hitachi, Ltd Huawei Technologies.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Detailed analysis on MIA/MSA architecture Date Submitted: January 5, 2010 Present.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.
August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.
1 Authentication and User Profile April 24, 2007 Jun Wang QUALCOMM Inc. Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.
Title: Placement of ROHC, Authenticator and Requirements for a robust Mobility Management Scheme Abstract: This contribution proposes a new architectural.
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
Doc: IEEE xxx Submission March 2015 Jeongseok Yu et al., Chung-Ang University Project: IEEE P Working Group for Wireless Personal.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo,
Nortel Confidential Information 1 Core network integration issues for inter- RAT, inter-SDO mobility (HRPD – WiMax Focus) Nortel.
Mobile IPv4 – Diameter Draft Status Tom Hiller Lucent Technologies.
Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.
IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.
N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
May 14, 2007 Simon Mizikovsky, Zhibi Wang, Alcatel-Lucent ABSTRACT: A security architecture for the UMB RAN-AGW is provided. Multiple PMIP tunnels from.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
WLAN IW Enhancement for Multiple Authentications Support QUALCOMM Inc.: Raymond Hsu, QUALCOMM Inc.: Masa Shirota,
MIPv4-Diameter Update Tom Hiller Lucent Technologies.
TSG-A WG4 TITLE: GRE L2TPv3 Comparison SOURCE:
for IP Mobility Protocols
IEEE MEDIA INDEPENDENT HANDOVER
March 2012 doc.: IEEE March 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title:
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Security Activities in IETF in support of Mobile IP
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
IEEE MEDIA INDEPENDENT HANDOVER
Presentation transcript:

All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes a security architecture for evolved UMB network. Source: Alcatel-Lucent Semyon Mizikovsky Zhibi Wang Alec Brusilovsky Sarvar Patel Date: January 25, 2007 Recommendation: Review and adopt proposal for UMB Security Architecture.

All Rights Reserved © Alcatel-Lucent 2007, ##### 2 | Presentation Title | January 2007 Architecture Highlights  There are two levels of authentication:  Link Layer/ Access Authentication  Authentication of access subscription held in a UIM, authorizing access to network resources.  Can be done by “Owner” of subscription – Home Service Provider (HSP).  Can be combined with Device Validation if HSP “owns” the Device.  Can be contingent on a success of Device Validation.  Planned to be based on EAP, therefore requires Authenticator in the Serving Network, also called Layer 2 Authenticator.  Mobility Authentication  Authentication of Bindings required to preserve IP session micro- and macro-mobility.  Does not require Authenticator, as it is not based on EAP protocols. Therefore the term Layer 3 Authenticator is misleading.  Current 1xEV-DO Rev.A MobileIP Authentication uses its own keys unrelated to the Access level keys. We propose to bootstrap MIP keys from Access Authentication.  There is an additional Device Validation procedure  Validation of device shell, MAC address integrity, ESN, Model Number compliance, Manufacturer TAG ID, SKU, etc.  Can be done by serving CSN (“Owner” of device subsidy) by validating Device Certificate, but can not protect from cloning.  To satisfy Authentication security requirements, needs the pre-provisioned secret in the secure memory (UIM?), which links it to Access Authentication.  If based on EAP and not combined with Access Authentication, requires a separate Authenticator in the Serving Network.

All Rights Reserved © Alcatel-Lucent 2007, ##### 3 | Presentation Title | January 2007 Levels of Authentication and Key Distribution Framework UIM Device CMIP AAA Mobility Subscription Device and Access Subscription Device Ownership Access Auth HA AG CMIP FA PMIP HA PMIP MN-HA, FA-HA MN-FA, FA-HA, PMIP-RK MIP-RK, PMIP-RK (P)MN-HA X Y Access-Specific protocols and transactions Access-Agnostic protocols and transactions eBS 9 (P)MN-HA1 MSK, PMIP-RK

All Rights Reserved © Alcatel-Lucent 2007, ##### 4 | Presentation Title | January 2007 Process steps 1.User Authentication is executed between the UIM and Subscription Holder – Home AAA. The UIM terminates the EAP Method. The EAPoHRPD is terminated between MS Shell and Access Authenticator.  At initial access, the Device may be validated first, using EAP between MS Shell and Access Authenticator. EAPoHRPD protocol is used on this link. 2.User/Subscription Authentication is done by EAP Server - Home AAA that terminates the EAP Method. RADIUS or DIAMETER protocol is used between User Authenticator / NAS and the AAA Server.  Device Validation is done by EAP Server – AAA that validates Device Credentials. RADIUS or DIAMETER protocol is used between Device Authenticator / NAS and the AAA Server.  The MSK (Master Session Key) is delivered to the Access Authenticator from the AAA. It is used to derive local Ciphering and Integrity Keys for the Air Link security.  The PMIP-RK is delivered to the Access Authenticator from the AAA. It is used for Proxy MIP Binding authentication.  Access Authenticator generates the (P)MN-HA Key from PMIP-RK and loads it into the PMIP Client.

All Rights Reserved © Alcatel-Lucent 2007, ##### 5 | Presentation Title | January 2007 Process Steps (cont) 3.PMIP Client established binding with PMIP HA in the AG. The (P)MN-HA key is used to sign the binding request. 4.PMIP HA in AG requests the (P)MN-HA key from the Mobility AAA. RADIUS or DIAMETER protocol is used for this transaction. 5.If Access AAA and Mobility AAA have a ‘Bootstrapping’ agreement, than bootstrapping of MIP-RK and PMIP-RK from EMSK is requested from Access AAA. Otherwise, Mobility AAA just uses its own pre-configured keys for MIP. The MIP-RK and PMIP-RK are returned to Mobility AAA, which computes (P)MN-HA key and returns it to the PMIP HA. PMIP HA validates PMIP binding. 6.CMIP Client establishes binding (sends RRQ) with CMIP FA in the AG through the established PMIP tunnel. The CMIP MN-HA key for authenticating this binding is computed from MIP-RK by the UIM. 7.The CMIP RRQ is forwarded to the CMIP HA. 8.CMIP HA requests and receives the MN-HA key from the Mobility AAA. RADIUS or DIAMETER protocol is used for this transaction. CMIP HA validates CMIP binding.  To assist with additional security, optional MN-FA and FA-HA keys can also be distributed. 9.As Mobile moves to another eBS, the (P)MN-HA key is sent to the target PMIP Client by the Anchored Access Authenticator.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.