1 / 9

Thoughts on Bootstrapping Mobility Securely

Thoughts on Bootstrapping Mobility Securely. Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003. What are we Bootstrapping?. Not just a HA nor just a MN It takes two to tango

ileanag
Télécharger la présentation

Thoughts on Bootstrapping Mobility Securely

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57th IETF Vienna Wed. July 16, 2003

  2. What are we Bootstrapping? • Not just a HA nor just a MN • It takes two to tango • Bootstrapping a security association between two devices, such that one is enabled as an MN and the other as its HA • Bootstrapping a Mobility Security Association (MSA)

  3. Why Bootstrapping Mobility Securely? • Reduces RTT on HA/MN tunnels (optimal HA for distant locations) • Hides MN topological location (though this precludes route optimization). • Reduced configuration required (on either the MN or the HA) • MN resilience to network renumbering • Enables network to assign MN's to HA administratively • Allows for HA load balancing by assigning MN according to load • Authorizes a device to become an MN (security-wise)

  4. Possible scenarios (1/2) • No previous credential: Not a MIP6 issue? • Leap-of-faith: • Too risky (the whole RO was predicated on some genuine trust or accountability between MN&HA) • Enrollment • out-of-band model (separate path for confirmation via email, human exchange) • Transitive Trusted Introduction (visa/mcard, merchant, consumer) – reusable models?

  5. Possible scenarios (2/2) • Rolling over a Non-Mobile Security Association (e.g., Enterprise PKI, AAA infrastructure etc.) • Probably work on this • Rolling over an existing MSA: • Existing HA with a new MN (RFC3041 private address scenario) • Existing MN to acquire a new HA (Dynamic HA scenario) • Yes, work on this

  6. Existing MSA Certificate • Possible meanings of bootstrap: • Complete the MN's Cert with info on HA • Change its HA info from HA_orig to HA_new (temp, permanent) • Complete the HA's Cert with info on MN • Change its MN info from MN_orig to MN_new (temp, permanent)

  7. MIPv6 Dynamic MSA Outline • Mobile Node comes up in a foreign domain, renumbering, creates an RFC3041, etc • Performs authentication and is authorized to enter network as a roamer. • Authentication via EAPoL2 • PANA • EAP over IKEv2 • Results in authentication and configuration info perhaps via a credential provisioning process

  8. Further thoughts on Dynamic MSA’s • Secure location of dynamic HA? • Protocol in Section 11.4.1 of base draft is not secure. • IKE required w. anycast address – is this possible? • Issues w. IPsec on ICMP messages. • Encourage trend toward standardized, securable configuration/service discovery mechanisms. • Establish an SA for draft-ietf-mobileip-mipv6-ha-ipsec-06.txt but… • Is the MN authorized for HA service? • Binding between IKE and AAA. • Not standardized in IKEv1. • Use IKEv2 EAP over IKE (Section 2.16). • IDi instead of IKE AUTH in Message 2 from MN to HA. • HA responds with EAP to initiate the EAP exchange. • Shared key may be established as part of exchange (e.g. preshared secret). • How to securely assign MN a HoA? • IKEv2 CFG_REQUEST (Section 2.19)? • DHCP in IKE (draft-ietf-ipsec-dhcp-over-ike-00.txt)?

  9. Credential Provisioning • What to create: Mobile IP variant of draft-ietf-ipsec-pki profile: "Certificate Extensions and Attributes for Mobile IP" ?? • How to create them? Variant of: • draft-ietf-ipsra-pic* (over IKE) (which is a variant of draft-bellovin-ipsra-getcert-* ) • EAP to an auth server, which provisions credentials to the MN which can be used later • MN and private addresses: • concept of a session • during the session, an MN-issued rfc3281 Attrib Cert(ideally a real authorization cert via SPKI) enables the rfc3041 address • communication outside of scope?

More Related