1 / 21

A Secure Access System for Mobile IPv6 Network

A Secure Access System for Mobile IPv6 Network. ZHANG Hong Aug 28, 2003 Zhangh@cnnic.net.cn. Introduction. Background: Internet, Wireless, Mobile Communication is under very fast development A secure mobile IPv6 network access system is highly needed for mobile IPv6 deployment. Scenario.

ferris
Download Presentation

A Secure Access System for Mobile IPv6 Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Secure Access System for Mobile IPv6 Network ZHANG Hong Aug 28, 2003 Zhangh@cnnic.net.cn

  2. Introduction • Background: Internet, Wireless, Mobile Communication is under very fast development • A secure mobile IPv6 network access system is highly needed for mobile IPv6 deployment

  3. Scenario

  4. Current Status and Problem • Current methods and systemsare still inadequate, including EAP, PANA, 802.1X, RADIUS, Diameter

  5. Security Goals • 1) The MN and the network access server could do mutual authentication, in case Man-in-Middle Attack. • 2) Inter-domain authentication/authorization must be accomplished to support roaming user . • 3) No one including AAA servers in foreign domain could forge access request of MN. • 4) Transport service for the MN should be protected and prevent attacker to steal the service after MN is authenticated.

  6. Security Association

  7. Overview • The secure access procedure for MN is comprised of three phases: - initial phase, - authentication- registration phase - termination phase.

  8. Initial Phase • When MN first enters a foreign network, it is in this phase. The MN will get IPv6 care-of-address by either stateful or stateless address auto-configuration. This system does not modify current IPv6 address auto-configuration protocols. • MN sends a server-request packet to access servers with an IPv6 site-local broadcast address. The servers receive the request and send answers. MN will choose one server and build secure channel with it by a TLS-alike way. This secure channel will protect further authentication and registration messages.

  9. Message 1: Server Request := MN’s request for a access server to deal with its access request • Message 2: Server Reply := Access Server’s reply • Message 3: Ack := MN’s acknowledge for one of the access servers. • Message 4:{Server Cert, Challenge}Sig := the chosen access server returns its certificate and a challenge, the whole message is signed by the access server.

  10. Authentication- Registration Phase • In this phase, MN will send its NAI, identity credentials to access server through the secure channel built in initial phase. Thus the user identity privacy is achieved by encryption. Authentication of MN may need AAAH if MN is in foreign domain, and AAAH will do binding update registration in HA for the MN. Authentication is accomplished by transferring EAP payload between MN and AAAH.

  11. Message 1: E{NAI, Cha, N} := MN’s NAI, Challenge (Cha) in initial phase, Nonce (N) for message freshness, the whole message is encrypted using the access server’s public key • Message 2: AMR1 := Auth-MN-Request message, this message contains NAI. AAAL will forward this message to MN’s AAAH • Message 3: AMA1 := Auth-MN-Answer message, this message contains NAI, EAP-MD5 challenge AVP • Message 4: {EAP, N}sig := access server sends the EAP-MD5 challenge to MN. Nonce guarantees the message freshness. This message is signed

  12. Message 5: E{NAI, EAP, N, BU} := MN sends NAI, EAP-MD5 response, nonce and binding update (BU) request to access server. • Message 6: AMR2 := access server encapsulate NAI, EAP response in AVPs, BU and sends them to AAAL through AMR message • Message 7: BUR := Binding Update Request, AAAH sends binding update request to HA, and HA replies BUA(Binding Update Answer)

  13. Termination Phase • MN sends termination request to the access server and the server replies. In order to detect when MN has disconnected abnormally, the access server uses heartbeat detection mechanism by sending probe message periodically.

  14. Message 1: E{Terminate Request, N} := MN’s request to terminate access, this message is encrypted by temp key • Message 2: {Server Reply}sig := Access server’s reply with signature

  15. Logic Analysis ABBR. AS – Access Server Cert – Certificate Cha – Challenge N - Nonce • MN Receives Cert, Cha, { Cert, Cha }Sig • MN Verifies Cert • MN Believes PK Belongs to AS • MN Believes AS Said Cha • AS Receives {MN, Cha, N}Pk • AS Believes Freshness(Cha)

  16. AS Believes Freshness(MN, N) • MN Receives EAP-Cha, N, {EAP-Cha, N}sig • MN Believes AS Said {EAP-Cha, N} • MN Believes Freshness(N) • MN Believes Freshness(EAP-Cha) • AS Receives{EAP-Res, MN, N }pk • AAAH Verifies EAP-Res • AAAH Believes MN’s Identity

  17. Comparison With Former Goals This system accomplishes all of them. • 1) The access server is authenticated to MN by certificate. The MN is authenticated later by EAP methods. • 2) Inter-domain authentication/authorization is supported by AMR and AMA messages in Diameter protocol. • 3) No one could forge access request of MN and send it to AAA servers in home domain. • 4) Service theft attack is prevented by security association between MN and router.

  18. Thanks !!!

More Related