1 / 18

Fast and Secure Universal Roaming Service for Mobile Internet

Fast and Secure Universal Roaming Service for Mobile Internet. Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen. Outline. Introduction AAA-enabled Mobile IP Architecture Forming an AAA-enabled Roaming Alliance U-Mobile Token Conclusion Future Work. 1. Introduction.

mikkel
Download Presentation

Fast and Secure Universal Roaming Service for Mobile Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen

  2. Outline • Introduction • AAA-enabled Mobile IP Architecture • Forming an AAA-enabled Roaming • Alliance U-Mobile Token • Conclusion • Future Work

  3. 1. Introduction • Three issues are raised in such a communication environment • All IP-based roaming environment • Security and Accounting management for mobile Internet • AAA will incur extra delay when handoff occur • Our design goal • To provide fast and secure roaming service across multiple service domain • Mobile user carry a U-Mobile Token

  4. 2. AAA-enabled Mobile IP Architecture • Mobile IP and AAA

  5. A simple AAA+ Mobile IP Protocol (1)

  6. A simple AAA+ Mobile IP Protocol (2) • AAA framework need to establish two security relationship in advance • Between MN and Home AAA • Between Foreign AAA and Home AAA

  7. 3. Forming an AAA-enabled Roaming • Roaming alliance is pre-configured to share administratively created security associations • Roaming alliance have two actors • Master domain • Creator of the alliance • Alliance membership management • Member domain • Master invite to join the alliance

  8. Two phases to join roaming alliance

  9. 4. Alliance U-Mobile Token • MN will get the authentication package from its home AAA • U-Mobile token • U-Mobile token has three tasks • Authentication of the issuing party • Authentication of the token holder • Integrity check

  10. U-Mobile Token • Two security mechanisms are proposed • Alliance key pair • Alliance service key

  11. Alliance key pair Master domain contains three parameters Alliance public key Yalliance Diffie-Hellman q ( a very large prime number) α( a primitive root of q) Master is responsible for rekeying after member join or leave

  12. Alliance Service key • Mobile User get the fast roaming authentication package • Xalliance and q and α • AAA server determines a random integer XAAA as private key and YAAA as public key • send YAAA out in the route advertisement message • In the AAA server side • KallianceSvckey = (Yalliance)XAAA mod q • In the Mobile User side • KallianceSvckey = (YAAA)Xalliance mod q

  13. U-Mobile Token content design • U-Mobile Token = (roamAllianceID, YAAA, homeDomainID, nonce, {userID, serviceClass,homeDomainID,{userID}homedomainKey, {serviceClass, servieLifeTime, alliancePrivateKey,allianceSvcIndex}userPrivateKey}allianceSvcKey)

  14. Fast Roaming Authentication

  15. The alliance key pair update and distribution structure

  16. How to distribute alliance private key to mobile nodes • MN’s alliance private key is out of date, when first time to login service • AAAF forward the token to MN’s AAAH for update • MN periodically send an alliance private key update request to AAAH • AAA server keep a window of the valid alliance key pair

  17. Conclusions • We proposed a service model called universal roaming service • Mobile users belonging to different service operators can fast and securely access network resource with U-Mobile token • U-Mobile token successfully achieves the authentication of the AAA server(AAAF,AAAH) and token holder(MN)

  18. 6. Future Works • Simulation

More Related