1 / 9

MN-HA Authenticator Command Issue

MN-HA Authenticator Command Issue. Nobuyuki Uchida QUALCOMM Inc., December 10, 2003. Background.

hasad-dean
Download Presentation

MN-HA Authenticator Command Issue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MN-HA Authenticator Command Issue Nobuyuki Uchida QUALCOMM Inc., December 10, 2003

  2. Background • A bug exists in RFC 2002 where it fails to include the SPI in the calculation of the MN-HA authenticator. SPI was not included in the MN-HA authenticator in IS-835-A, but it was modified in IS-835-B/C. (no compatibility between IS-835-A and B/C) IS-835 doesn’t consider 2002bis yet. • Currently, IS-820-A supports MN-HA authenticator based on RFC 2002. We need to come up with a method to support #3.

  3. MN-HA Authenticator in IS-820-A P2 contains chaining information as follows: P2 = ‘00’ or ‘02’: Command parameters/data: P2 = ‘01’ or ‘03’: Command parameters/data:

  4. OTA Flow (3GPD)

  5. Mobile IP Capability Parameter • Section 3.5.8.4 of IS-683-C • Block ID = 0x03 • Parameters • MAX_NUM_NAI • MAX_NAI_LENGTH • MAX_MN-AAA_SS_LENGTH • MN-AAA_AUTH_ALGORITH • MAX_MN-HA_SS_LENGTH • MN-HA_AUTH_ALGORITH • RESERVED • MN-HA_AUTH_ALGORITH • Authentication Algorithm (MN-HA) Supported by the R-UIM • MD5 is only supported in IS-683-C

  6. Mobile IP User Profile Parameter • Section 3.5.8.6 of IS-683-C • Block ID = 0x05 • Parameters • RETRY_INFO_INCLUDED • MAX_NUM_ENTRY • FIRST_ENTRY_TIMEOUT • REREG_THRESHOLD • NUM_NAI • NAI_ENTRY_INDEX • NAI_LENGTH • NAI • T_BIT • HOME_ADRESS • PRRIMAY_HOME_AGENT • SECONDARY_HOME_AGENT • MN-AAA_ALGORITHM • MN-AAA_SPI_Indicator • MN-AAA_SPI • MN-HA_ALGORITHM • MN-HA_SPI_Indicator • MN-HA_SPI • RESERVED • MN-HA_AUTH_ALGORITH • Authentication Algorithm (MN-HA) used by the R-UIM • MD5 is only supported in IS-683-C

  7. Current Proposal • Assign a new value for MN-HA_AUTH_ALGORITHM in IS-683 • Mobile IP Capability Parameter (EF6F4B) • Mobile IP User Profile Parameter (EF6F4D)

  8. Requirements • If the Service n38 (3GPD-MIP) in EF6F32 (CDMA Service Table) is allocated and activated, and B2 of Byte 1 in EF6F48 (ME 3GPD Operation Capability) is set to 1, the R-UIM shall set both MD5 with SPI and MD5 without SPI to 1 in the Mobile IP Capability Parameters. • All MEs supporting RFC 2002 shall also support the capability to include SPI into the protected field based on the setting of MN-HA_AUTH_ALGORITH in the Mobile IP User Profile Parameters.

  9. Operation • MN-AAA_AUTH_ALGORITHM in EF6F4D = 0001 (MD5 without SPI) The protected fields (Registration-Data) in the MN-HA Authenticator command are: • the UDP payload • all prior Extensions in their entirety, and • the Type and Length of this Extension • MN-AAA_AUTH_ALGORITHM in EF6F4D = 0010 (MD5 with SPI) The protected fields (Registration-Data) in the MN-HA Authenticator command are: • the UDP payload • all prior Extensions in their entirety, and • the Type, Length and SPI of this Extension

More Related