Presentation is loading. Please wait.

Presentation is loading. Please wait.

21-07-0446-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0446-00-0000 Title: Security SG Report Date Submitted: November 20, 2007 Authors.

Similar presentations


Presentation on theme: "21-07-0446-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0446-00-0000 Title: Security SG Report Date Submitted: November 20, 2007 Authors."— Presentation transcript:

1 21-07-0446-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0446-00-0000 Title: Security SG Report Date Submitted: November 20, 2007 Authors or Source(s): Yoshihiro Ohba Abstract: Report of Security SG meeting at IEEE 802.21 session 23 in Atlanta

2 21-07-0446-00-00002 IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEEs name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEEs sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html> Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 http://standards.ieee.org/board/pat/guide.html IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEEs name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEEs sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf> Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6 http://standards.ieee.org/board/pat/faq.pdf

3 21-07-0446-00-00003 Outline Two meeting slots: Nov. 17 (Mon) AM2, Nov. 15 (Thu) PM2 4 TR (Technical Report) contributions All contributions address Security Signaling Optimization during Handover (SSOH) One contribution also addresses MIH-level Security Mechanism (MIHS) One contribution for performance evaluation on SSOH One contribution for combining security signaling and QoS resource reservation Discussed PAR and 5C issues There will be 2 nd call for TR contributions before January 2007 meeting

4 21-07-0446-00-00004 TR contribution on re-authentication TR contribution: http://www.ieee802.org/21/doctree/Security_SG/21-07- 0402-02-0000-MIH_Key_Hierarchy.dochttp://www.ieee802.org/21/doctree/Security_SG/21-07- 0402-02-0000-MIH_Key_Hierarchy.doc Presented slides: http://www.ieee802.org/21/doctree/Security_SG/21-07- 0402-03-0000-MIH%20key-hierarchy%20approaches.ppthttp://www.ieee802.org/21/doctree/Security_SG/21-07- 0402-03-0000-MIH%20key-hierarchy%20approaches.ppt The contribution addresses inter-technology handover between EAP-based technologies using HOKEY re-authentication Re-authentication may be performed proactively via the serving network, or reactively via the target network Proactive re-authentication may require a new work in 802.21 In reactive re-authentication, native EAP transport defined in each link-layer such as 802.1X may be used with or without modification Need for a new work in 802.21 is smaller than proactive re- authentication In both proactive and reactive re-authentication, candidate authenticator discovery mechanism is needed

5 21-07-0446-00-00005 TR contribution on inter-domain handover w/ pre-authentication TR contribution: http://www.ieee802.org/21/doctree/Security_SG/21-07-0387- 00-0000-%20security_signaling_inter-domain.doc http://www.ieee802.org/21/doctree/Security_SG/21-07-0387- 00-0000-%20security_signaling_inter-domain.doc Presented slides: http://www.ieee802.org/21/doctree/Security_SG/21-07-0387- 01-0000-%20security_signaling_inter-domain.ppt http://www.ieee802.org/21/doctree/Security_SG/21-07-0387- 01-0000-%20security_signaling_inter-domain.ppt The contribution addresses inter-domain handover where a direct or indirect trust relationship exists between the serving and target network Pre-authentication is identified as the potential approach In the case of indirect trust relationship, pre-authentication signaling needs be performed along the chain of trust Proxy authenticator is introduced to support pre- authentication across domains with indirect trust relationship

6 21-07-0446-00-00006 TR contribution on inter-technology handover w/ pre- authentication (1/2) TR contribution: http://www.ieee802.org/21/doctree/Security_SG/21-07-0403- 00-0000-Security%20SG%20Use%20Case.doc http://www.ieee802.org/21/doctree/Security_SG/21-07-0403- 00-0000-Security%20SG%20Use%20Case.doc Presented slides: http://www.ieee802.org/21/doctree/Security_SG/21-07-0403- 01-0000%20-Use%20Case.ppt http://www.ieee802.org/21/doctree/Security_SG/21-07-0403- 01-0000%20-Use%20Case.ppt The contribution addresses inter-technology handover between specific technologies: 802.111 and 802.16 Pre-authentication is identified as the potential approach The same approach is generally applicable to other technologies as long as the target network supports EAP

7 21-07-0446-00-00007 TR contribution on inter-technology handover w/ pre- authentication (2/2) TR contribution: http://www.ieee802.org/21/doctree/Security_SG/21-07-0390-00- 0000-MIH_Security_TR_Use_Case_Scenarios.doc http://www.ieee802.org/21/doctree/Security_SG/21-07-0390-00- 0000-MIH_Security_TR_Use_Case_Scenarios.doc Presented slides: http://www.ieee802.org/21/doctree/Security_SG/21-07-0391-00- 0000-Use_Case_Scenario.ppt http://www.ieee802.org/21/doctree/Security_SG/21-07-0391-00- 0000-Use_Case_Scenario.ppt The contribution addresses inter-technology handover to a specific set of technologies that support EAP Inter-domain handover is also supported Handover to Non-EAP technologies are not supported

8 21-07-0446-00-00008 Performance evaluation on SSOH http://www.ieee802.org/21/doctree/Security_SG/21-07-0401- 01-0000- Authentication%20Signaling%20Performance%20in%20MIH.p pthttp://www.ieee802.org/21/doctree/Security_SG/21-07-0401- 01-0000- Authentication%20Signaling%20Performance%20in%20MIH.p pt NS-2 simulation results are shown on security signaling performance for full authentication, re-authentication and pre- authentication for handover between 802.11 and 802.16 Full authentication is based on EAP-TTLS w/MD5 Re-authentication is based on HOKEY ERX Three performance metrics: EAP latency, post-handover security signaling latency and transmission latency Some issues with simulation conditions AAA latency is underestimated Simulation runs unnecessarily EAP during 802.11r FT Additional evaluation is encouraged

9 21-07-0446-00-00009 Combining security signaling and QoS resource reservation http://www.ieee802.org/21/doctree/Security_SG/21-07-0435- 00-0000-secure_Handover_with_QoS.ppthttp://www.ieee802.org/21/doctree/Security_SG/21-07-0435- 00-0000-secure_Handover_with_QoS.ppt The purpose is to provide seamless mobility with QoS Proactive QoS signaling for resource reservations at IP layer using QoS NSLP where anticipation of movement is feasible The proposed approach is to combine network access authentication and QoS signaling Even the two types of signaling are combined, network access authentication needs to complete before QoS reservation

10 21-07-0446-00-000010 Discussion on PAR and 5C PAR-related material: http://www.ieee802.org/21/doctree/Security_SG/21-07-0394- 00-0000-SSG_Scope_Issues.ppt http://www.ieee802.org/21/doctree/Security_SG/21-07-0394- 00-0000-SSG_Scope_Issues.ppt 5C-related material: Annex A of 21-07-0402-02 Support for Non-EAP authentication was discussed heavily Straw poll was taken Support for handover with EAP: Yes(20)/No(0) Support for handover with Non-EAP: Yes(10)/ No(7) Support for inter-technology handover: Yes(21)/No(0) Open issues Definition of administrative domain needs to be revised to cover a scenario where multiple ESSes are served by a single AAA server Clarification on relationship with 802.1 Linksec is needed

11 21-07-0446-00-000011 Security SG Milestones November 2007 All contributions intended to be included in the TR need to be submitted before the meeting Detailed submission guidelines will be posted to the reflector PAR/5C discussion January 2008 All major studies are expected to be done PAR/5C discussion February 2008 Submit PAR/5C to IEEE 802 EC to create a TG March 2008 Completion of TR Discuss feedback on PAR/5C Joint Meeting with 802.1 Link Security Task Group Done

12 21-07-0446-00-000012 Next Steps Jan. 2008 Meeting SSOH: Security Signaling Optimization during Handover MIHS: MIH-level Security mechanism 4 TR Contributions 1 TR Contribution On SSOH TR Contributions on MIHS, etc. Baseline TR Nov. 2007 Meeting PAR/5C Mar. 2008 Meeting TR PAR/5C Submission to EC (by Feb 14, 2008) Presentation of PAR to general 802 membership Approval by EC Coordination w/ other WGs Approval by WG PAR Submission to IEEE-SA Standards Board Submission Deadline: Jan. 7, 2008


Download ppt "21-07-0446-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0446-00-0000 Title: Security SG Report Date Submitted: November 20, 2007 Authors."

Similar presentations


Ads by Google