100 likes | 283 Views
MI5: Security, Privacy, Identity. Klaas Wierenga Mobile Internet Summit #2 San Jose, October 10, 2008. Background. Mobile Internet Summit 15/16 July: number of possible solutions 3GPP solutions GSE/8+8 LISP HIP MIPv6 NEMO/MANET … All (?) only address part of the problem space
E N D
MI5: Security, Privacy, Identity Klaas Wierenga Mobile Internet Summit #2 San Jose, October 10, 2008
Background • Mobile Internet Summit 15/16 July: number of possible solutions • 3GPP solutions • GSE/8+8 • LISP • HIP • MIPv6 • NEMO/MANET • … • All (?) only address part of the problem space • Multilayer • Security requirements very generic, i.e. not very helpful ;-( • Major issues: • EID-RLOC separation, • Roaming network access, • Privacy & identity
EID-RLOC separation • Current implicit binding between routing locator (RLOC) and endpoint identifier (EID): the IP-address • Proposals for mobile Internet separate the two for session continuity (and multihoming) • Idea behind Locator/Identifier split: • EID: used to identify host • RLOC: used for packets routing • One identity can be associated with one or more locations • Necessitates some mapping function or agent, somewhere
EID-RLOC separation threats • spoof EID of client(s) • spoof EID of server • intercept traffic between client and server or between clients • flood a 3d party • prevent establishing a session • interrupt a session
Roaming Network Access • Roaming between operators (unlikely that a single operator has enough market share to allow for a non-roaming solution) • Different administrative domains • Contract with many providers or pay as you go undesirable • (Trust between subscriber and home operator and between home operator and visited operator • Uniquely identify users for network/service access • Require some kind of roaming agreement and technology for remote authN/AuthZ
Roaming access threats • Hijack identity of user • Hijack session of user • Access provider as IdP falsely claiming to belong to the trust fabric • Access provider as SP falsely claiming to belong to the trust fabric
Privacy & Identity • Proposals assume often a persistent EID, even tied to hardware ID • EIDs can be related to individuals • Access to EID/RLOC mapping can imply access to location of individuals • EID =/= person ID • Person ID =/= person ID (i.e. multiple roles) • Remote authentication process across untrusted networks • Require protection of personal data • Require binding between person ID/role and network access
Privacy & identity threats • Expose user credentials to 3d party • Expose user location to 3d party • Expose other personal information to third party • Compromise mapping between personal ID and endpoint ID and role based access.
Next steps • Stronger collaboration across teams • Gather input from other subgroups on various technologies • Scope of the technology • Detailed description of the EID, RLOC and mappings semantics (inter- and intra-provider, expiry, revocation etc.) • Detailed description of roaming scenario (authentication flow, authorization, lawful intercept, accounting/billing, emergency services) • Analyze technologies along identified axes • Create set of security and privacy requirements