Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.21] Two categories of "security"



I think at a minimum we should specify a set of requirements for
security for these MIH-MIH security bindings and secure
communications; otherwise the client would have no way to trust that
it was talking to a legitimate architecture.

Of course, all MIH-MIH links should have a set of security binding and
secure communication requirements, both MIH-MIH links directly linked
to the client and in the infrastructure.  Ideally, the set of
requirements should be identical for all MIH-MIH links; in fact I
strongly suggest that that be part of the PAR.

Actually defining a security protocol for all MIH-MIH links is, of
course, a different ocean to boil.  As you point out, 802.21 probably
doesn't need to define security protocols for most of the
infrastructure links; hopefully the existing security implementations
will meet our requirements.  Defining security protocols for the
MIH-MIH links that directly involve the client may be a task that
needs to be done; I would note, however, that hokey punted on doing
that, and we need to carefully think if this is a task we want to put
on whatever group is formed out of this study group.

On 10/15/07, Yoshihiro Ohba <yohba@tari.toshiba.com> wrote:
> I understand the general problem of security bindings in roaming
> architecture.  As far as I know, the problem has been solved by each
> roaming architecture that require security bindings among
> communication components.  In a roaming architecture where EAP is used
> for network access authentication, a bootstrapping mechanism has been
> defined for each roaming application such as link-layer security and
> Mobile IPv6, using EAP keying.  On the other hand, 3GPP has GBA for
> bootstrapping 3GPP application security from UMTS AKA.
>
> A bigger question in terms of 802.21: In which roaming architecture(s)
> should MIH services be provided?
>
> Yoshihiro Ohba
>
>
> On Thu, Oct 11, 2007 at 05:57:49PM -0700, Clint Chaplin wrote:
> > All,
> >
> > The 802.21 architecture as it currently exists has two problems in the
> > security domain to be solved.
> >
> > One is the problem of handing off the security of communication
> > channel as the device roams; it looks like most of the current effort
> > in the study group is focused on this problem (use cases, roam cases,
> > etc.)
> >
> > The other problem that needs to be solved is binding the various
> > components of the roaming architecture with secure bindings.  The
> > 802.21 draft architecture has several components as part of the
> > infrastructure, and we need to solve the problem of making sure these
> > components are securly bound together and their inter-component
> > communications is secure.
> >
> >
> > --
> > Clint (JOATMON) Chaplin
> > Principal Engineer
> > Corporate Standardization (US)
> > SISA
> >
>


-- 
Clint (JOATMON) Chaplin
Principal Engineer
Corporate Standardization (US)
SISA