1 / 15

AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long

AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long. Outline. Requirements Architecture and trust Model VPN access Optimizations Conclusions. Requirements. Authentication of the HA and MN Authentication of the HA and FA

avian
Download Presentation

AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAA/Mobile IP For 3G CDMA SystemsGopal Dommety and Allen Long

  2. Outline • Requirements • Architecture and trust Model • VPN access • Optimizations • Conclusions

  3. Requirements • Authentication of the HA and MN • Authentication of the HA and FA • Compulsory secure tunneling between the HA and the FA • Roaming support to non-home wireless carrier networks (Could be ISP)

  4. Requirements • The Handoff delay should be minimized. • Dynamic Home Address Allocation • Assurance of service offering to the Home-WL/ISP • Dynamic Home Agent Allocation.

  5. Desirable Features • No changes to the RADIUS protocols • No Changes to IKE/IPsec • No Changes to Mobile IP • Perform IKE and IPsec in order to secure traffic into the corporate network • It may not be feasible for HAAA to be outside the Firewall

  6. Home Wireless operator or ISP Architecture Foreign Wireless operators AAA Server 2Gnarrowband digital GSM IS-54/13 PDC Home AAA Server HA PDSN/FA HA

  7. Security • HA-MN Shared Key • HA and FA have Certificates • Shared Key between FA and FAAA, and HA and HAAA

  8. Home-WL/ISP HA MN PDSN FAAA HAAA Advertisement Req Req (NAI) Opt- AccessReq Opt- AccessReq AccessReq Opt-AccessReply AccessReply Opt-AccessReply IKE Messages (3 round trips) Req (NAI) RegReply RegReply Uses existing protocols Additionally uses NAI Draft Access Request and IKE can happen in parallel Authentication-Basic

  9. Optimizations/Optional Flows • Challenge Response • Tokens • IKE Private Payloads • Public Key methods can be used to sign mobile IP Reg Req/Rep message • IPSec or SSL between entities

  10. Home-WL/ISP HA MN PDSN FAAA HAAA Advertisement (opt-Challenge) Req Req (NAI, opt- Challenge, responce) Opt- AccessReq (CHAP) Opt- AccessReq (CHAP) AccessReq (CHAP) Opt-AccessReply AccessReply Opt-AccessReply IKE Messages (3 round trips) Req (NAI) RegReply RegReply Uses existing protocols Additionally uses NAI Draft, and Challenge Response Opt-Challenge Response

  11. Opt-IKE Private Payloads Home-WL/ISP HA MN PDSN FAAA HAAA • Send mobile IP registration message as a Private Payload in IKE phase I messages Advertisement Req Req (NAI) Opt- AccessReq Opt- AccessReq AccessReq Opt-AccessReply AccessReply Opt-AccessReply Req (NAI) RegReply IKE Messages (3 round trips) RegReply Uses existing protocols Additionally uses NAI Draft Have to define mobileip payload

  12. Home-WL/ISP HA MN PDSN FAAA HAAA Req (NAI) RegReply[Token] RegReply Opt- Token • Token is sent by the HA to the FA • Option 1: HA generates a token (signing with Private Key) • Option 2: Obtain the Token from Home-WL/ISP (Similar to OSP (Open Settlement Protocol- ETSI TIPHON)) Opt-Authorization Req[Token] Opt-Authorization Rep[Token]

  13. Conclusions • Proposal uses existing protocols • Optimizations for consideration

  14. References • Mobile IP (RFC2002, draft-ietf-mobileip-mn-nai-00.txt, draft-ietf-mobileip-challenge-01.txt, draft-gupta-mobileip-inline-secparams-00.txt) • IP Security (RFC2401, RFC2402, RFC2406) • IKE (RFC2409) • TIPHON Inter-domain, pricing, authorization, and usage exchange TS 101 321 V1.4.2 (1998-12)

  15. Enabling Wireless Data Services

More Related