Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.21] 802.21 Security PAR: Initial write-up



Hi Ron,

Thank you for the feedback.  Please see my response below.

On Wed, Jan 09, 2008 at 09:43:08PM -0500, Ron Pon wrote:
> Happy New Year folks!
> 
> Yoshi, Here are my suggestions on the initial PAR document.
> 
> 12 Scope of the Proposed Project - The TR includes intra-technology inter-domain handover and I'm not sure if the scope description " ... handovers between heterogeneous 802 systems ..." covers that. It may be easier to show figure 1 from the TR. How about this:
> 
> "This standard defines mechanisms that provide the security signaling optimization during certain handover scenarios between 802 access networks as indicated in the table below and mechanisms that provide security to MIH (Media-Independent Handover) protocol exchange based on a security association that is bound to a pair of mutually authenticated MIH  entities. These mechanisms shall be defined as an amendment to the 802.21 specification.
> 
>           |  Intra-technology  |  Inter-technology  |  Inter-technology
>           |  802 to 802        |  802 to 802        |  non-802 to 802
>  ------------------------------------------------------------------------
>  Intra-   |  out of scope      |  in scope          |  out of scope
>  Domain   |                    |                    | (for future study)
>  ------------------------------------------------------------------------
>  Inter-   |  in scope          |  in scope          |  out of scope
>  Domain   |                    |                    | (for future study)
> "

I understand your point, but it would be better to avoid having a
table in PAR since the final submission of PAR will be web-based input
and not based on submitting a Word document.  Here is my suggestion to
address your comment:

"This standard defines mechanisms that provide the security signaling
optimization during certain handover scenarios between 802 access
networks across different access technologies and/or different
administrative domains, and mechanisms that provide security to MIH
(Media-Independent Handover) protocol exchange based on a security
association that is bound to a pair of mutually authenticated MIH
entities. These mechanisms are currently unspecified and shall be
defined as an amendment to the 802.21 specification."

> 
> 
> 13. Purpose of the Proposed Project - It would probably be helpful if stronger reasoning is given.  Also addressing Vivek's previous comment. How about this (Some snipped from parts of the TR):
> 
> "The purpose of this project is two fold: One is to improve seamless transition between heterogeneous 802 access networks for real time sensitive applications by optimizing network access control when a mobile node transitions from one access network to another. Optimization of security signaling is especially applicable in handover scenarios where the mobile node must briefly break its active connection before being able to make a connection to the target access network. The second purpose is to provide an adequate level of protection for the MIH services and protocols by specifying standard mechanisms for MIH system authentication, access control, protocol integrity protection and protocol data confidentiality. In the current IEEE P802.21 draft [1] the general problem space of security for the MIH protocol and services is unspecified. MIH level security will be an important factor to the providers that wants to deploy these MIH services in their network and is concerned !
 ab!
>  out it negatively affecting existing network services."
> 

- "when a mobile node transitions from one access network to another"
seems redundant.

- We are not sure we need to define access control.  Access control
may be implemented on top of adequate protection for MIH protocol.

- We are not sure we need to specify new mechanisms for MIH system
authentication, protocol integrity protection and protocol data
confidentiality.  It may be sufficient to reuse existing mechanisms
with some additional stuff.

- It would be better to avoid referencing a draft standard.

Here is my suggestion:

"The purpose of this project is two fold: One is to improve seamless
transition between 802 networks across different access technologies
and/or different administrative domains for real time sensitive
applications by optimizing network access authentication signaling.
Optimization of such security signaling is especially applicable in
handover scenarios where the mobile node must briefly break its active
connection before being able to make a connection to the target access
network. The second purpose is to provide an adequate level of
protection for the MIH protocols based on mutually authenticating MIH
entities. MIH level security will be an important factor to the
providers that wants to deploy these MIH services in their networks
without introducing new security threats."

Also, Section 18 problem #1 should be also revised to:

" #1 Security signaling during handover, especially signaling needed
for network access authentication and authorization, is a significant
part of the entire handover latency between between 802 networks
across different access technologies and/or different administrative
domains.  Mechanisms to reduce such a latency are required to improve
the user experience during handover.
"

Best Regards,
Yoshihiro Ohba

> 
> Regards,
> Ron  
> 
> > -----Original Message-----
> > From: Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM]
> > Sent: Monday, December 31, 2007 11:19 AM
> > To: STDS-802-21@LISTSERV.IEEE.ORG
> > Subject: [802.21] 802.21 Security PAR: Initial write-up
> > 
> > Please find the attached file for initial PAR write-up on 802.21
> > Security.  For efficient use of face-to-face meeting in Taipei, I
> > would like to start email discussion on PAR now using this thread, and
> > your feedback is appreciated.
> > 
> > Happy New Year!
> > 
> > Yoshihiro Ohba
> > 
> > P.S. Vivek: Can you upload the file to the server?
> 
>