1 / 7

Certificate-based Binding Update Protocol (CBU)

Certificate-based Binding Update Protocol (CBU). draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute for Infocomm Research (I 2 R). Do we trust SSL?. Of Course. SSL is successful and efficient. What are the features of SSL?.

fred
Télécharger la présentation

Certificate-based Binding Update Protocol (CBU)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute for Infocomm Research (I2R)

  2. Do we trust SSL? • Of Course. • SSL is successful and efficient. What are the features of SSL? • Use strong cryptosystem • Fewer certificates involved (only servers are required certificates and the correspondent clients are not)

  3. Client (without Certificate) Server (Certificate distributed) Internet SSL tunnel SSL tunnel VeriSign MS S1 … … Si Sa … … Sn SSL Framework Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … … Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … … … … Fragment PKI

  4. Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … … Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … … Fragment PKI … … MS Client (without Certificate) Server (Certificate distributed) Internet SSL tunnel Sa … … SSL tunnel Sn MN VeriSign CN S1 … … Si Internet HA SSL vs CBU SSL framework CBU framework

  5. Design Consideration/Goal • MN authenticates itself to CN & sets up a key for secure BU • Employs PKC, secure against powerful intruder • No PKC operations performed at MNs • Issue certificate for home link, not MNs (i. e., public key binds with home link, not with individual IP address)

  6. MN HA CN Long term messages EXCH0 (gx) k= (gx)y REQ COOKIE0 REP EXCH1 (gy) COOKIE1 BU Short term messages BA BC Protocol EXCH0 contains HA’s signature on HoA, gx and a time stamp; it testifies that HoA belongs to HA, authenticates gx to CN HA is a security proxy of MN, it’s transparent to CN

  7. Benefits • Strong cryptosystem • Do not need the certificates of mobile devices • Against session hijacking • Against MN flooding • More suitable for fast handover • Reduce the computing and communication requirements on the mobile devices • High overall performance

More Related