fred
Uploaded by
7 SLIDES
234 VUES
70LIKES

Certificate-Based Binding Update Protocol (CBU): Enhancements for Secure Mobile Networks

DESCRIPTION

The Certificate-Based Binding Update Protocol (CBU) offers a robust framework for secure communication in mobile networks, leveraging strong cryptosystems without the burden of client certificates. This protocol ensures that Mobile Nodes (MNs) authenticate themselves and establish secure bindings with Correspondent Nodes (CNs) effectively. With reduced computational requirements and enhanced session security against hijacking and flooding, CBU is designed for efficient handovers and overall high performance in dynamic environments. The approach aligns with modern security demands while ensuring streamlined operations.

1 / 7

Télécharger la présentation

Certificate-Based Binding Update Protocol (CBU): Enhancements for Secure Mobile Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

Playing audio...

  1. Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute for Infocomm Research (I2R)

  2. Do we trust SSL? • Of Course. • SSL is successful and efficient. What are the features of SSL? • Use strong cryptosystem • Fewer certificates involved (only servers are required certificates and the correspondent clients are not)

  3. Client (without Certificate) Server (Certificate distributed) Internet SSL tunnel SSL tunnel VeriSign MS S1 … … Si Sa … … Sn SSL Framework Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … … Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … … … … Fragment PKI

  4. Certificate signed by a CA, e.g. GlobalSign MS SecureNet VeriSign … … Embedded the public certificates of CAs, i.c. GlobalSign MS SecureNet VeriSign … … Fragment PKI … … MS Client (without Certificate) Server (Certificate distributed) Internet SSL tunnel Sa … … SSL tunnel Sn MN VeriSign CN S1 … … Si Internet HA SSL vs CBU SSL framework CBU framework

  5. Design Consideration/Goal • MN authenticates itself to CN & sets up a key for secure BU • Employs PKC, secure against powerful intruder • No PKC operations performed at MNs • Issue certificate for home link, not MNs (i. e., public key binds with home link, not with individual IP address)

  6. MN HA CN Long term messages EXCH0 (gx) k= (gx)y REQ COOKIE0 REP EXCH1 (gy) COOKIE1 BU Short term messages BA BC Protocol EXCH0 contains HA’s signature on HoA, gx and a time stamp; it testifies that HoA belongs to HA, authenticates gx to CN HA is a security proxy of MN, it’s transparent to CN

  7. Benefits • Strong cryptosystem • Do not need the certificates of mobile devices • Against session hijacking • Against MN flooding • More suitable for fast handover • Reduce the computing and communication requirements on the mobile devices • High overall performance

More Related