1. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-07-0310-00-0000-MIH-Security-Options.ppt Title: MIH Security Options Date Submitted: Sept 16, 2007 Presented at IEEE 802.21 session #NN in Big Island, HI Authors or Source(s): Srinivas Sreemanthula and Gabor Bajko Abstract:

2. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 2 IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html> Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 http://standards.ieee.org/board/pat/guide.html

3. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 3 Requirements Problem discussed in 21-07-0085-00-0000-mih- security.ppt21-07-0085-00-0000-mih- security.ppt MIH PoS must be authenticated at all times for MN to receive MIH services –Either for subscription or anonymous requests –e.g. MN must ensure the information provided by MIIS is coming from an authenticated source Authenticating MN by the MIH PoS will enable – MIH service level authorization and –policy based MIH service access control –Message integrity protection for MIH services* Message confidentiality can be handled at the transport layer

4. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 4 Server Authentication No MN MIH level authentication or authorization MN Network Access: Authentication, Authorization & Key Mngmt Visited Network MIH PoS* Home [ w/ MIH Entity ] MIH Server Discovery Server Authentication MIH Service Exchanges MN trusts server * Home, visited or third party

5. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 5 Mutual Authentication No MN authorization => No MIH Access Control MN Network Access: Authentication, Authorization & Key Mngmt Visited Network MIH PoS* MIH Server Discovery Server Authentication Client Authentication MIH Service Exchanges MN trusts server * Home, visited or third party MN validated Integrity protected Home [ w/ MIH Entity ]

6. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 6 Mutual Authentication & MN Authorization MN Network Access: Authentication, Authorization & Key Mngmt Visited Network MIH PoS* MIH Server Discovery Server Authentication Client Authentication MN trusts server MN specific MIH Authorization * Home, visited or third party MIH Service Exchanges Integrity protected Home [ w/ MIH Entity ]

7. doc.: IEEE 802.21-07/0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 7 Future Work Understanding scope of work Architectural Scope and Definition MIH Service Authentication –Server Side (Service specific?) –MN Side MIH Authorization and Service Access Control Integrity Protection aspects Q/A