1 / 5

Pre-authentication Extension to PANA draft-ietf-pana-preauth-02.txt

Pre-authentication Extension to PANA draft-ietf-pana-preauth-02.txt. Yoshihiro Ohba. Changes from -01. Defined ‘E’ (prE-authentication) bit instead of ‘P’ bit ‘P’ bit is assigned for “Ping” in pana-pana-18 Updated calls flows to be consistent with pana-pana-18 Revised terms (simplified)

dympna
Download Presentation

Pre-authentication Extension to PANA draft-ietf-pana-preauth-02.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Pre-authentication Extension to PANAdraft-ietf-pana-preauth-02.txt Yoshihiro Ohba IETF70 PANA WG

  2. Changes from -01 • Defined ‘E’ (prE-authentication) bit instead of ‘P’ bit • ‘P’ bit is assigned for “Ping” in pana-pana-18 • Updated calls flows to be consistent with pana-pana-18 • Revised terms (simplified) • Changed the name of PAAs in the serving and candidate networks • Local PAA Serving PAA (SPAA) • Remote PAA Candidate PAA (CPAA) • Changed the name of PANA SA between PaC and CPAA • Pre-authentication SA  Pre-authorization SA • Changed the name of PANA SA bewteen PaC and SPAA • Active SA  Post-authorization SA • Removed non-important terms • {Local,Remote} PaC, {Preparing,Active} PAA • Added reference to I-D.ietf-hokey-preauth-ps IETF70 PANA WG

  3. Example Call Flow(PaC-initiated pre-authentication) Candidate PAA (CPAA) PaC The first PCI message is omitted in the case of PAA-initiated pre-authentication Pre-authentication trigger PCI w/ ‘E’ bits set PAR w/ ‘S’ and ‘E’ bits set PAN w/ ‘S’ and ‘E’ bits set PAR/PAN exchange w/ ‘E’ bits set : Pre-authorization PAR/PAN exchange w/ ‘C’ and ‘E’ bits set Movement PNR w/ ‘P’ bit set and ‘E’ bit cleared Post-authorization PNA w/ ‘P’ bit set and ‘E’ bit cleared IETF70 PANA WG

  4. Example Call Flow (IP address update for pre-authorized SA) Candidate PAA (CPAA) PaC Movement PNR w/ ‘P’ and ‘E’ bit set IP Address Update PNA w/ ‘P’ and ‘E’ bit set Issue: MiTM attack with is possible because source IP address is not protected IETF70 PANA WG

  5. Thank You! IETF70 PANA WG

More Related