1 / 10

PANA Mobopts Analysis draft-bournelle-pana-mobopts-analysis-00.txt

PANA Mobopts Analysis draft-bournelle-pana-mobopts-analysis-00.txt. Julien Bournelle Maryline Laurent-Maknavicius Rafa Marin Lopez Dan Forsberg Jean-Michel Combes. 1. Goals. Provide an analysis of solutions specified in: draft-ietf-pana-mobopts-01.txt draft-ietf-pana-cxtp-00.txt

july
Download Presentation

PANA Mobopts Analysis draft-bournelle-pana-mobopts-analysis-00.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PANA Mobopts Analysisdraft-bournelle-pana-mobopts-analysis-00.txt Julien Bournelle Maryline Laurent-Maknavicius Rafa Marin Lopez Dan Forsberg Jean-Michel Combes 1

  2. Goals • Provide an analysis of solutions specified in: • draft-ietf-pana-mobopts-01.txt • draft-ietf-pana-cxtp-00.txt • Focus on WLAN deployments (AP + AR), Reactive case and intra-domain • Discuss Key transfer issue • AAA considerations • Do not define any new protocols 2

  3. Intermediary Key Transfer • PANA_MAC_Key (PaC-pPAA)derived from AAA-Key • pPAA sends AAA-Key-int to nPAA • nPAA derives AAA-Key-new (Nonces exchanges between PaC and nPAA) • Issue: if pPAA compromised and if attacker gets Nonces, she can derive the new PANA_MAC_Key

  4. R AP pPAA pEP AR PaC nPAA/EP pPAA/EP nPAA AP nEP AR PSR AP AP PSA AP CT-Req PaC AP CT-Rep PBR PBA EP=AR and PAA=AR – Case 1.0 L3 Filtering 4

  5. R AP pPAA pEP AR PaC nPAA/EP pPAA/EP nPAA AP nEP AR PSR AP AP PSA AP CT-Req PaC AP CT-Rep PBR PBA IKE EP=AR and PAA=AR – Case 1.1 IPsec Tunnelling 5

  6. R PAA_1 AP EP_1 AR AP EP_2 AR AP AP AP AP EP=AR and PAA>AR – Case 2.0 L3 Filtering EP_2 doesn’t know PaC • PAA_1 uses same IP src address in PSR • PUR/PUA • PAA_1 uses different IP src address in PSR • Local PANA-mobopts EP_2 knows PaC • How ? PaC 6

  7. R PAA_1 AP EP_1 AR AP EP_2 AR AP AP AP AP EP=AR and PAA>AR – Case 2.1 IPsec Tunnelling EP_2 doesn’t know PaC • PAA_1 uses same IP src address in PSR • PUR/PUA + IKE • PAA_1 uses different IP src address in PSR • Local PANA-mobopts + IKE EP_2 knows PaC • How ? PaC 7

  8. AAA considerations - I • PaC is authenticated by its home EAP/AAA server • AAAH may need to know PaC’s position: • Reauthentication (RFC 4005) • Delegate to local AAA server ? • Current NAS may need to know AAAH • Session Management (Termination) • Accounting =>current NAS needs to share a AAA session with AAAH (or AAAL). 8

  9. AAA Considerations - II • How long do the pPAA keep state of PaC to forward AAA requests from AAAH to the nPAA ? • How to handle ping-pong of the PaC ? AAA aspects of PANA Mobility Optimizations should be further defined 9

  10. Thanks for your attention 10

More Related