RE: [802.21] Secure Link Indications
Hi Folks: We are looking for constructive feedback on the following,
very young, very embryonic "mini-proposal." Jesse Walker made a good
presentation on security in 802.21 back in the January meeting in
Monterey. We are interested in following up by adding information
fields to some 802.21 messages to enable terminals to incorporate
security factors into potential handover decisions. Representatives
from from DoCoMo USA Labs (including Phil MacKenzie and Fujio Watanabe)
will be attending the 802 meeting next week, so in addition to or in
place of replying to this email, please feel free to provide them with
comments that you might have.
Sincerely,
Neil Daswani
http://www.neildaswani.com/
http://www.docomousalabs.com/
---
802.21 Secure Link Indications
Background
In a media-independent handover (MIH), a mobile station switches from
using a pre-handover link to post-handover link. These links may have
either no mechanism or different mechanisms for link-layer
authentication, confidentiality, and/or data integrity. The MIH layer
is expected to provide link-event indications to a policy engine to
allow the policy engine to determine whether or not a handover should
take place. For example, the MIH layer tells the policy engine when
links come up, go down, are about to go down, and/or are available.
Problem
While there are many factors that may be involved in determining whether
or not a handover should take place, one of those factors may be
security. For instance, a policy engine may decide that a handover from
a "more secure" link to a "less secure" link should not take place.
However, currently, there are no fields defined in the event data
structures in the joint harmonized 802.21 proposal that a policy engine
can access to determine any information about the security of the links
involved in a potential handover.
Contribution
In this contribution, we propose one possible way of annotating
link-event indication data structures with information about the
security of the links, such that a policy engine may use the annotations
to help make decisions about whether or not handovers should take place
based on the security of the links.
In the harmonized MIH proposal dated May 2005
(21-05-0253-02-0000-Harmonized_MIH_Proposal_Draft_Text.doc ), a
MIH_LLEVENT indication sent from the link layer typically serves as a
precursor to a possible handover. The structure for the MIH_LLEVENT is
as below.
MIH_LLEVENT.indication
(
UserId
NET-SAPId
BindingId
BindResult
MIHReference
RemoteBindingId
RemoteMIHReference
EventDescriptor
InformationDescriptor
)
A MIH_LLEVENT can be used, for example, to indicate a "LINK UP" event.
We propose adding information about the security of the link to
EventDescriptor or InformationDescriptor fields. In particular, one can
use a data structure similar to the following to represent the security
of the link:
SecurityDescriptor (
SecurityServiceName
SecurityServicesProvided
Algorithm
KeyLength
Mode
)
For example, an instance of a security descriptor might be populated
with the following values:
SecurityDescriptor (
SecurityServiceName = "Secure WiFi HotSpot"
SecurityServicesProvided = CONFIDENTIALITY | DATA_INTEGRITY |
AUTHENTICATED
Algorithm = "EAP-TLS; RSA/AES"
KeyLengths = "2048/256"
Mode = "RSA-SHA1/CBC"
)
The SecurityDescriptor may be a nested value within the EventDescriptor
or InformationDescriptor fields. A Policy Engine can then make a
determination if the newly available "Secure WiFi HotSpot" link is
secure enough for the terminal. Of course, the Policy Engine may also
take into account other factors such as signal strength to make a
handover decision.