1 / 15

NEMO AAA Requirements

NEMO AAA Requirements. Prepared for 55 th IETF By Ng Chan Wah, Takeshi Tanaka 20 11 2002. Motivations. Large-scale NEMO deployment scenarios are usually commercial applications: public access networks in trains, ships, aircrafts AAA is important for commercial

heath
Download Presentation

NEMO AAA Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NEMO AAA Requirements Prepared for 55th IETF By Ng Chan Wah, Takeshi Tanaka 20 11 2002 Panasonic Singapore Labs – Network Team

  2. Motivations • Large-scale NEMO deployment scenarios are usually commercial applications: • public access networks in trains, ships, aircrafts • AAA is important for commercial • Some other NEMO deployment scenarios are for government agencies • police, firefighters • access control is needed to protect information Panasonic Singapore Labs – Network Team

  3. Resources • Access control are needed to authenticate MR/VMN for their use of the following resources: • In foreign network: • Network bandwidth • CoA • In home network: • Tunneling resources provided by home agents Panasonic Singapore Labs – Network Team

  4. AR AR AR AR AR MR MR MR MR MR VMR LFN VMR VMN LFN VMN LMN Scenarios • In draft-ng-nemo-aaa-use-00.txt, we identified 5 usage scenarios. Internet Panasonic Singapore Labs – Network Team

  5. General Response on Mailing List • Argument whether AAA requirements should be separated from requirements for basic NEMO support. • draft-ng-nemo-aaa-use-00.txt contains both requirements for AAA solution and NEMO solution. • Differentiate and classify them? Panasonic Singapore Labs – Network Team

  6. Requirements (1/8) A1: The AAA servers MUST be able to share, or dynamically establish security associations with external authorities that are able to verify the credentials provided by the client. • Reqm for AAA Solution Panasonic Singapore Labs – Network Team

  7. Requirements (2/8) A2: The VMN or MR MUST be able to provide complete, unforgeable credentials without having to contact its home agent. • Reqm for both NEMO Solution + AAA Solution Panasonic Singapore Labs – Network Team

  8. Requirements (3/8) A3: Intermediate nodes MUST not be able to learn any information which may enable them to reconstruct and reuse the credentials. • Reqm for NEMO Solution + AAA Solution • NEMO Solution: • AR/MR MUST NOT snoop into packets sent by VMN • AAA Solution: • MUST provide a mechanism to securely transfer credentials Panasonic Singapore Labs – Network Team

  9. Requirements (4/8) A4: AAA request and response operations between the ARs/MRs and the respective AAA servers MUST prevent eavesdropping. • Reqm for AAA Solution Panasonic Singapore Labs – Network Team

  10. Requirements (5/8) A5: AAA request and response operations between the ARs/MRs and the respective AAA servers MUST NOT be vulnerable to denial-of-service attack. • Reqm for AAA Solution Panasonic Singapore Labs – Network Team

  11. Requirements (6/8) A6: AAA request and response operations between the ARs/MRs and the respective AAA servers MUST NOT be vulnerable to man-in-the-middle attack. • Reqm for AAA Solution Panasonic Singapore Labs – Network Team

  12. Requirements (7/8) A7: MR that supports attachment of VMN on its internal link SHOULD implement AAA client capability to be able to contact MR's home AAA server to check on credentials provided by the visiting nodes. • Reqm for NEMO Solution/Implementation Panasonic Singapore Labs – Network Team

  13. Requirements (8/8) A8: MR that support attachment of VMN on its internal links SHOULD NOT change its AAA policy for the said VMNs during a continuous session, even when the MR has undergone a handover between AR of different administrative domains. • Reqm for AAA Policy • Possible to draw requirements for NEMO Solution? Panasonic Singapore Labs – Network Team

  14. Issues (1/2) • Not looked at: • Multihoming consideration • From the point of view of Visiting Nodes: need to authenticate the access routers? Panasonic Singapore Labs – Network Team

  15. Issues (2/2) • Where this work should be done • NEMO WG  Requirements on AAA solutions • Bring this work to some other AAA-related WG Panasonic Singapore Labs – Network Team

More Related