1 / 7

IPsec Synchronization Requirements

IPsec Synchronization Requirements. Operator’s core network. UE. HNB. unsecure link. SeGW. HNB GW. OAM. OAM. IPsec in Mobile Backhaul. Mobile Backhaul normally is a closed network but exceptions exist (e.g. femtocell);

hosea
Télécharger la présentation

IPsec Synchronization Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPsec Synchronization Requirements

  2. Operator’s core network UE HNB unsecure link SeGW HNB GW OAM OAM IPsec in Mobile Backhaul • Mobile Backhaul normally is a closed network but exceptions exist (e.g. femtocell); • In case of a closed network only insiders, i.e., people who have direct access to the Mobile Backhaul network can initiate attacks. • IPsec is being considered in some mobile applications, especially in case of « unsecure links » being involved (e.g. femtocells, see 3GPP TS 33.320) • IPsec can provide: authentication, confidentiality, integrity

  3. IPsec for synchronization • Tictoc has discussed the advantageous to identify the content of a IPsec tunnel as “special” packets from a timing perspective, the conclusion is: • This may allow a specific handling of the packet both for intermediate nodes and slave • The problem is how to identify the timing packet when the content of the timing packet is encrypted

  4. IPsec for E2E synchronization Slave Master IPsec tunnel In end to end synchronization, the intermediate node does not have to support time protocol, could the intermediate nodes know the identifier for timing packet or not?

  5. Discussion • The intermediate nodes should know the identifier: • The identifier should be designed as fixed value • The intermediate nodes should not know the identifier: • The identifier should be private value negotiated between master and slave

  6. Proposal • Proposal 1: • The slave and intermediate nodes identify the time packet with explicit identifier in WESP header which are integrity protected • Proposal 2: • The master and slave identify the time packet with the pre-negotiated privatization identifier.

More Related