180 likes | 340 Views
Fast and Secure Universal Roaming Service for Mobile Internet. Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen. Outline. Introduction AAA-enabled Mobile IP Architecture Forming an AAA-enabled Roaming Alliance U-Mobile Token Conclusion Future Work. 1. Introduction.
E N D
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen
Outline • Introduction • AAA-enabled Mobile IP Architecture • Forming an AAA-enabled Roaming • Alliance U-Mobile Token • Conclusion • Future Work
1. Introduction • Three issues are raised in such a communication environment • All IP-based roaming environment • Security and Accounting management for mobile Internet • AAA will incur extra delay when handoff occur • Our design goal • To provide fast and secure roaming service across multiple service domain • Mobile user carry a U-Mobile Token
2. AAA-enabled Mobile IP Architecture • Mobile IP and AAA
A simple AAA+ Mobile IP Protocol (2) • AAA framework need to establish two security relationship in advance • Between MN and Home AAA • Between Foreign AAA and Home AAA
3. Forming an AAA-enabled Roaming • Roaming alliance is pre-configured to share administratively created security associations • Roaming alliance have two actors • Master domain • Creator of the alliance • Alliance membership management • Member domain • Master invite to join the alliance
4. Alliance U-Mobile Token • MN will get the authentication package from its home AAA • U-Mobile token • U-Mobile token has three tasks • Authentication of the issuing party • Authentication of the token holder • Integrity check
U-Mobile Token • Two security mechanisms are proposed • Alliance key pair • Alliance service key
Alliance key pair Master domain contains three parameters Alliance public key Yalliance Diffie-Hellman q ( a very large prime number) α( a primitive root of q) Master is responsible for rekeying after member join or leave
Alliance Service key • Mobile User get the fast roaming authentication package • Xalliance and q and α • AAA server determines a random integer XAAA as private key and YAAA as public key • send YAAA out in the route advertisement message • In the AAA server side • KallianceSvckey = (Yalliance)XAAA mod q • In the Mobile User side • KallianceSvckey = (YAAA)Xalliance mod q
U-Mobile Token content design • U-Mobile Token = (roamAllianceID, YAAA, homeDomainID, nonce, {userID, serviceClass,homeDomainID,{userID}homedomainKey, {serviceClass, servieLifeTime, alliancePrivateKey,allianceSvcIndex}userPrivateKey}allianceSvcKey)
How to distribute alliance private key to mobile nodes • MN’s alliance private key is out of date, when first time to login service • AAAF forward the token to MN’s AAAH for update • MN periodically send an alliance private key update request to AAAH • AAA server keep a window of the valid alliance key pair
Conclusions • We proposed a service model called universal roaming service • Mobile users belonging to different service operators can fast and securely access network resource with U-Mobile token • U-Mobile token successfully achieves the authentication of the AAA server(AAAF,AAAH) and token holder(MN)
6. Future Works • Simulation