1 / 5

URP Usage Scenarios for Mobility

URP Usage Scenarios for Mobility. James Kempf Sun Microsystems, Inc. Problem Statement:Service Authorization.

carter-mays
Télécharger la présentation

URP Usage Scenarios for Mobility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. URP Usage Scenarios for Mobility James Kempf Sun Microsystems, Inc.

  2. Problem Statement:Service Authorization • Protocol exchange involved in authorizing a Mobile Node for particular network services after handover is often more extensive than actually setting up the service itself (ex. COPS flows in draft-thomas-seamoby-rsvp-analysis-00.txt). • Could seriously delay Mobile Node obtaining authorized service. • Possible to solve efficiently at edge with context transfer. • Difficult to solve back in network, alternatives unappealing: • Context transfer flooding. • Selective context transfer based on tracking of mobile node’s routes. • Initial URP registration provides Mobile Node with something like a lightweight encrypted capabilities token, the possession of which is sufficient to identify the Mobile Node as authorized for a collection of network level services. • Each router examines token, grants Mobile Node’s packets the requested service if allowed. • Router acts as both PDP and PEP since Mobile Node’s initial packets contain authorization token.

  3. Problem Statement: Authentication Challenge • The network requires some means to issue a lightweight challenge the Mobile Node to authenticate, for example, after handover • The Mobile Node requires some means to challenge the network. • Especially true for 802.11, where anybody can set up an access point (e.g. fake bank teller problem). • Initial URP exchange sets up. • URP RA provides the Mobile Node with a cryptographically protected response token to present when challenged. • Mobile Node provides URP RA with a cryptographically protected response token with which to reply when challenged.

  4. Motivation: Privacy • Network operator or user may want to hide the fact that a particular mobile is in a particular subnet. • Can’t use IPv6 <subnet id,interface id> for IP address. • Draft talks about using an identity token. • Possible but better ways to do this (e.g. SUCV, BAKE, etc.). • Somewhat half baked. • BUT...URP can provide the vehicle for setting up initial conditions (keying, etc.).

  5. Requirements • Provide a means whereby a Mobile Node’s packets can securely prove authorization for a particular network level service after handover without requiring an extensive protocol exchange. • Provide a secure authentication tokens whereby a Mobile Node can challenge the network after handover, and the network can challenge the Mobile Node. • Set up initial conditions for masking Mobile Node’s location and origin.

More Related