Re: [802.21] Two categories of "security"
I think at a minimum we should specify a set of requirements for
security for these MIH-MIH security bindings and secure
communications; otherwise the client would have no way to trust that
it was talking to a legitimate architecture.
Of course, all MIH-MIH links should have a set of security binding and
secure communication requirements, both MIH-MIH links directly linked
to the client and in the infrastructure. Ideally, the set of
requirements should be identical for all MIH-MIH links; in fact I
strongly suggest that that be part of the PAR.
Actually defining a security protocol for all MIH-MIH links is, of
course, a different ocean to boil. As you point out, 802.21 probably
doesn't need to define security protocols for most of the
infrastructure links; hopefully the existing security implementations
will meet our requirements. Defining security protocols for the
MIH-MIH links that directly involve the client may be a task that
needs to be done; I would note, however, that hokey punted on doing
that, and we need to carefully think if this is a task we want to put
on whatever group is formed out of this study group.
On 10/15/07, Yoshihiro Ohba <firstname.lastname@example.org> wrote:
> I understand the general problem of security bindings in roaming
> architecture. As far as I know, the problem has been solved by each
> roaming architecture that require security bindings among
> communication components. In a roaming architecture where EAP is used
> for network access authentication, a bootstrapping mechanism has been
> defined for each roaming application such as link-layer security and
> Mobile IPv6, using EAP keying. On the other hand, 3GPP has GBA for
> bootstrapping 3GPP application security from UMTS AKA.
> A bigger question in terms of 802.21: In which roaming architecture(s)
> should MIH services be provided?
> Yoshihiro Ohba
> On Thu, Oct 11, 2007 at 05:57:49PM -0700, Clint Chaplin wrote:
> > All,
> > The 802.21 architecture as it currently exists has two problems in the
> > security domain to be solved.
> > One is the problem of handing off the security of communication
> > channel as the device roams; it looks like most of the current effort
> > in the study group is focused on this problem (use cases, roam cases,
> > etc.)
> > The other problem that needs to be solved is binding the various
> > components of the roaming architecture with secure bindings. The
> > 802.21 draft architecture has several components as part of the
> > infrastructure, and we need to solve the problem of making sure these
> > components are securly bound together and their inter-component
> > communications is secure.
> > --
> > Clint (JOATMON) Chaplin
> > Principal Engineer
> > Corporate Standardization (US)
> > SISA
Clint (JOATMON) Chaplin
Corporate Standardization (US)