Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

IDMP-based Fast Handoffs and Paging in IP-based Cellular Networks IEEE 3G Wireless Conference, 2001 李威廷 11/22/2001 Telcordia.

Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.

MIP Extensions: FMIP & HMIP

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

MOBILE NETWORK LAYER Mobile IP.

1 PERFORMANCE COMPARISON OF VERTICAL HANDOVER STRATEGIES FOR PSDR HETEROGENEOUS NETWORK 學生 : 鄭宗建學號 :

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一黃明祥.

Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can.

Hierarchical MIPv6 mobility management (HMIPv6)

Authors: Ing-Ray Chen Weiping He Baoshan Gu Presenters: Yao Zheng.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

What is Mobility Management? ● Mobility Management involves handling movement of any IP devices in a mobile environment ● Mobility Management can be 

A Mobile-IP Based Mobility System for Wireless Metropolitan Area Networks Chung-Kuo Chang; Parallel Processing, ICPP 2005 Workshops. International.

Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.

THE IP MOBILITY APPROACH 발표자 : 이진우. Tables 1. Introduction 2. Domain Based Micro Mobility Supporting Protocols 2.1 Cellular IP Network Architecture,

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.

Inter-Mobility Support in Controlled 6LoWPAN Networks Zinonos, Z. and Vassiliou, V., GLOBECOM Workshops, 2010 IEEE.

50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)

1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

IP Services over Bluetooth: Leading the Way to a New Mobility Markus Albrecht Matthias Frank Peter Martini Markus Schetelig Asko Vilavaara Andre Wenzel.

Subject: Scenarios Designed for the Verification of Mobile IPv6 Enabling Technologies

1 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained.

KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.

Convergence & Handoff Issues in Next-Generation Wireless Networks Jaydip Sen.

A Scheme of Mobile Firewall in Mobile IPv6 draft-qiu-mip6-mobile-firewall-00.txt Feng BAO, Robert DENG, Ying QIU, Jiangying ZHOU 26 October 2015.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

WIRELESS FORUM IX CONFIDENTIAL A Multicast-based Protocol for IP Mobility Support Ahmed Helmy, Assist. Prof. Electrical Engineering Dept Univ. of Southern.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

Master Thesis Presentation “Simulating mobility in a realistic networking environment” Supervisor : George Polyzos Examiner : George Xylomenos Student.

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Global Roaming in Next-Generation Networks Theodore B. Zahariadis, Konstantinos G. Vaxevanakis, Christos P. Tsantilas, and Nikolaos A. Zervos Ellemedia.

© 2008 Mobile VCE 1PIMRC Ubiquitous Workshop 2008 A Combined Mobility and QoS Framework for Delivering Ubiquitous Services Dev Pragad.

MOBILITY Beyond Third Generation Cellular Feb

1 Mobility Support for IP-Based Network Professor : Sheau-Ru Tong Reporter : M 李思儀 M 林濟斌 IEEE Communications Magazine October 2005 Jie.

Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG

A Scheme for MN-MAP Security in HMIPv6 draft-qiu-mipshop-mn-map-security-00.txt Jianying ZHOU Feng BAO, Robert DENG, Ying QIU Institute for Infocomm Research,

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

+ Solution Overview (LR procedure) The whole sequence for localized routing Local routing capability detection Local routing Initiation LR scope or LR.

Design and Analysis of Optimal Multi-Level Hierarchical Mobile IPv6 Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Modularized Two-Stages Vertical Handoff Scheme in Integration of WWAN and WLAN Shimin Li Ying Wang Presented by Shimin Li E&CE750.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Network Mobility (NEMO) Advanced Internet 2004 Fall

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Network based Distributed Mobility Approach Date Submitted: July,

Mobile IP 순천향대학교 전산학과 문종식

DMAP: integrated mobility and service management in mobile IPv6 systems Authors: Ing-Ray Chen Weiping He Baoshan Gu Presenters: Chia-Shen Lee Xiaochen.

Service Flows Distribution and Handoff Technique based on MIPv6 draft-liu-dmm-flows-distribution-and-handoff-00

Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

Security Issues With Mobile IP

2002 IPv6 技術巡迴研討會 IPv6 Mobility

Mobility Support in Wireless LAN

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous Services over Heterogeneous Mobile Networks - The Key to ‘True’ Mobility 15th, September, PIMRC

Mobile Communications Research Outline Introduction to Enhanced Node (EN) Architecture framework Security Threats, Security Requirements and Overview of the Solutions Introduction to the Mobility Protocols Authenticated Access Control Scheme Secured Handover Process Mechanism Conclusions

Mobile Communications Research Enhanced Node (EN) Why Enhanced Node (EN)? To address the challenges posed by ubiquitous services, the concept of network support sub-layer, which consists of elements of security, QoS and mobility management (MM) with radio resource management (RRM) hooks, is proposed. The nodes with the support sub-layer are referred to as enhanced nodes (ENs). Functionalities of EN With the help of ENs, integration of security, QoS and MM can be achieved. Integration, in this context, incorporates both horizontal integration between the various service concepts that exist in the disparate networks, and vertical integration, where the support of security, QoS and MM in the various participating networks is a key factor in end-to-end performance

Mobile Communications Research Security Related Enhanced Node (EN)

Mobile Communications Research Security Related Enhanced Node (EN) The security related ENs are basically normal mobility agents enhanced by specific security functionalities. The security related EN acts as both of the security entity and the mobility agent. - As a security entity, it connects to the AAA servers and the ARs. The authenticated access control and the secured handover services can be provided by the security entity. - As a mobility agent, it connects to the mobile nodes (MN) and the ARs. It deals with the handover signalling and the basic Mobile IP signalling.

Mobile Communications Research Architectural Framework

Mobile Communications Research Architectural Framework Two IP-based access networks with the similar infrastructure are presented. More than one EN with the network sub-layer is located within one access network and they communicate with each other via signalling. one AAA server within each network, which is located close to the ENs to help delivering secured services to the MNs. one gateway is located in each access network as an interface with the external IP network. The home network, with home agent (HA) and AAA server, needs to be involved when the information from the home domain is required.

Mobile Communications Research Security Threats Eavesdropping - when a Mobile Node (MN) is communicating with a correspondent node (CN), an adversary could eavesdrop to the conversation and learn some useful data such as the MN’s address, even when the meaningful data are encrypted. Masquerading - an adversary could impersonate as a legitimate MN to access the network and to perform handover. Message Modification - an adversary could modify the important signalling messages, such as the binding update (BU), if they are not properly secured. Denial-of-Service (DoS) - an adversary could repeat the QoS-conditionalised BUs in a path to book out all the available resources so that the path will run out of resources for any legitimate requests.

Mobile Communications Research Security Requirements Network Access Control - The MN needs to be authorized before it can enter the access network. Authentication - The MN needs to be authenticated for the services it requests, such as the handover. Protection of the handover signalling - It is required to secure signalling involved in the handover procedures, such as the BUs. So that the adversary can not by any means gain or even modify useful information by listening to the handover conversation. Availability/Prevention of DoS - The MN needs to be authenticated before sending out the QoS- conditionalised BU to make sure it is not an adversary trying to reserve the resources. Support efficient handovers - It is necessary that the security mechanisms have minimal negative effect on the registration and handover procedures. Therefore, the integration of security and MM is required.

Mobile Communications Research Overview of the solutions Authenticated access control scheme - It provides MN the authorized network access. It prevents unauthorized use of the network resources, such as an adversary accessing the network by masquerading as a legitimate user. -Authentication and registration are completed in one sequential signalling, which integrates security with MM Secured handover process mechanism - It authenticates the MN before the handover and provides the MN secured handover by securing signalling involved, such as BUs.

Mobile Communications Research Mobility Protocols Hierarchical Mobile IPv6 (HMIPv6) Fast handover for Inter-EN domains handover - the MN’s new location needs to be temporarily registered with the previous EN (PEN). This can be done by the fast handover registration. - When a MN moves into a new EN (NEN) domain, the MN obtains a new RCoA and sends a BU to the PEN requesting it to forward packets to the MN’s new RCoA. - Due to the intelligence, the PEN can be configured to forward packets to the NEN. And the packets finally arrive at the LCoA associated with the AR that is geographically adjacent to AR on the boundary of the PEN domain.

Mobile Communications Research Authenticated Access Control Scheme The AAA servers are located in both of the visited network (AAAF) and the home network (AAAH). EN acts as the AAA client, which is connected to the AAAF server. Integrate the security messages with the BUs, including the BUs to EN and to HA, in order to reduce the Round-Trip-Times (RRTs) involved in the registration and authentication processes.

Mobile Communications Research Authenticated Access Control Scheme Integration of mobility and security Signalling for the authenticated access control scheme

Mobile Communications Research Secured Handover Process Mechanism The mechanism authenticates the MN before the handover takes place, also protects handover by securing the signalling using a handover key (HK) between the two entities involved eg. Mobile Node (MN) and EN. The secured handover process includes two procedures: key generation and securing handover messages. AAAF server also acts as the Handover Key Server (HKS)

Mobile Communications Research Key Generation Overview of the key generation procedures Signalling for the key generation procedures

Mobile Communications Research Secure the Handover Using the Handover Key Intra-EN Domain Handover Registration messages are localised within the EN domain, which means in the route of MN-AR-EN. Therefore, when the MN moves between ARs, the BU and BA can be secured using the HK between the MN and the AR pair (or even the MN and the EN pair). Inter-EN Domains Handover HK is used to secure the fast handover signalling, such as Fast Binding Update (FBU). The use of Handover Key (HK) in the fast handover

Mobile Communications Research Conclusions The introduction of EN The EN provides compatibility with QoS and mobility management (MM), which integrates security with QoS and MM in a common framework to minimize the negative cross issues. Provide two security solutions for the EN based infrastructure - The authenticated access control scheme aims at authenticating and authorizing the MN when it crosses the networks. - The secured handover process mechanism provides the MN secured micro-mobility and macro-mobility handoffs within one access network.

Mobile Communications Research Thank you ! Q&A