Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [802.21] Two categories of "security"

To: "Yoshihiro Ohba" <yohba@tari.toshiba.com>
Subject: Re: [802.21] Two categories of "security"
From: "Clint Chaplin" <clint.chaplin@gmail.com>
Date: Mon, 15 Oct 2007 15:27:38 -0700
Cc: STDS-802-21@LISTSERV.IEEE.ORG
In-Reply-To: <20071015182302.GB817@steelhead.localdomain>
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-802-21>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-802-21>
List-Owner: <mailto:STDS-802-21-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:STDS-802-21-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:STDS-802-21-unsubscribe-request@LISTSERV.IEEE.ORG>
References: <d4083f660710111757u6ff7f6dbi573d876e9e8648a0@mail.gmail.com> <20071015182302.GB817@steelhead.localdomain>
Sender: stds-802-21@LISTSERV.IEEE.ORG

I think at a minimum we should specify a set of requirements for
security for these MIH-MIH security bindings and secure
communications; otherwise the client would have no way to trust that
it was talking to a legitimate architecture.

Of course, all MIH-MIH links should have a set of security binding and
secure communication requirements, both MIH-MIH links directly linked
to the client and in the infrastructure.  Ideally, the set of
requirements should be identical for all MIH-MIH links; in fact I
strongly suggest that that be part of the PAR.

Actually defining a security protocol for all MIH-MIH links is, of
course, a different ocean to boil.  As you point out, 802.21 probably
doesn't need to define security protocols for most of the
infrastructure links; hopefully the existing security implementations
will meet our requirements.  Defining security protocols for the
MIH-MIH links that directly involve the client may be a task that
needs to be done; I would note, however, that hokey punted on doing
that, and we need to carefully think if this is a task we want to put
on whatever group is formed out of this study group.

On 10/15/07, Yoshihiro Ohba <yohba@tari.toshiba.com> wrote:
> I understand the general problem of security bindings in roaming
> architecture.  As far as I know, the problem has been solved by each
> roaming architecture that require security bindings among
> communication components.  In a roaming architecture where EAP is used
> for network access authentication, a bootstrapping mechanism has been
> defined for each roaming application such as link-layer security and
> Mobile IPv6, using EAP keying.  On the other hand, 3GPP has GBA for
> bootstrapping 3GPP application security from UMTS AKA.
>
> A bigger question in terms of 802.21: In which roaming architecture(s)
> should MIH services be provided?
>
> Yoshihiro Ohba
>
>
> On Thu, Oct 11, 2007 at 05:57:49PM -0700, Clint Chaplin wrote:
> > All,
> >
> > The 802.21 architecture as it currently exists has two problems in the
> > security domain to be solved.
> >
> > One is the problem of handing off the security of communication
> > channel as the device roams; it looks like most of the current effort
> > in the study group is focused on this problem (use cases, roam cases,
> > etc.)
> >
> > The other problem that needs to be solved is binding the various
> > components of the roaming architecture with secure bindings.  The
> > 802.21 draft architecture has several components as part of the
> > infrastructure, and we need to solve the problem of making sure these
> > components are securly bound together and their inter-component
> > communications is secure.
> >
> >
> > --
> > Clint (JOATMON) Chaplin
> > Principal Engineer
> > Corporate Standardization (US)
> > SISA
> >
>

-- 
Clint (JOATMON) Chaplin
Principal Engineer
Corporate Standardization (US)
SISA

References:
- Two categories of "security"
  - From: Clint Chaplin
- Re: [802.21] Two categories of "security"
  - From: Yoshihiro Ohba

Prev by Date: MRPM SG Call on Nov. 1st
Next by Date: Call for Security SG Secretary
Previous by thread: Re: [802.21] Two categories of "security"
Next by thread: Security Study Group teleconference
Index(es):
- Date
- Thread