--- Begin Message ---
Hello Yoshihiro,
In the IEEE mentor database (https://mentor.ieee.org/802.21/documents?is_group=0sec), I couldn't find any details about the teleconf (such as phone numbers etc.). Therefore, I am sharing my answers to the questions below with you with the expectation that you will be able to share then with the working group during the meeting.
> - How message authentication based on short-term certificate generated
> from long-term certificate (i.e., your scheme) is different from
> message authentication based on an establishing SA with generating
> shor-term symmetric key?
>
There are couple major differences:
- Short-term certificate may be used for multiple connections with different
PoAs, as long as the certificate is valid. Short-term symmetric key would always
be used for a single connection.
- In our scheme there is no need to establish explicit SA between PoA and the
MN. Trust relationships are: CA1 (certificate authority) - MN (user), CA1 -
PoA.
And in a case of multiple operators: CA1 - MN, CA2 - PoA, CA1 - CA2.
This makes our scheme more lightweight, changing PoA does not require
establishment of a new explicit SA.
> - Providing confidentiality is a functional requirement for 802.21a
> according to the 802.21a Technical Report.
As the network layer protocol used for this scheme (PLA) is integrity
protected, therefore diffie hellman parameters can be easily exchanged
during the first few PLA packet exchange and thus a symmetric key can be
established when there is a need for confidentiality.
>
> - In multi-operator case, sharing credentials between old and new
> PoAs, seems to have a security issue.
>
Our proposed scheme is based on public key cryptography. Therefore, PoAs do not
need to exchange shared secrets. It is enough that PoAs trust in their own
certificate authority (and for increased efficiency certificate authorities of
nearby operators). The PoA can verify a message arriving from another PoA by:
- Verifying the signature
- Verifying that the sender-PoA has been authorized by a trusted CA. This
authorization can also be indirect, in which case the sender-PoA would need to
attach the complete certificate chain to the message (e.g., CA -> X -> Y ->
PoA)
Additionally, if you require a further explanation of the features of the solution
we will be happy to share a more detailed document about this idea as well as a
detailed document describing PLA. Please let me know if any further information is required.
Best regards,
Sumanta Saha
----- Original Message ----
> From: Yoshihiro Ohba <yohba@xxxxxxxxxxxxxxxx>
> To: Sumanta <sumanta.saha@xxxxxx>
> Cc: Dmitrij Langutin <dmitrij.lagutin@xxxxxxx>
> Sent: Tuesday, June 2, 2009 2:08:35 PM
> Subject: Re: [FW: Security TG teleconference schedule]
>
> Sumanta,
>
> In the teleconference, you are expected to address the issues /
> questions raised on your proposal during May meeting, such as:
>
> - How message authentication based on short-term certificate generated
> from long-term certificate (i.e., your scheme) is different from
> message authentication based on an establishing SA with generating
> shor-term symmetric key?
>
> - Providing confidentiality is a functional requirement for 802.21a
> according to the 802.21a Technical Report.
>
> - In multi-operator case, sharing credentials between old and new
> PoAs, seems to have a security issue.
>
> Regards,
> Yoshihiro Ohba
>
>
> On Mon, Jun 01, 2009 at 11:42:29PM -0700, Sumanta wrote:
> >
> > Hello Yoshihiro,
> >
> > Hopefully, I will be able to join the teleconf. Looking forward to it. Please
> let me know the details.
> >
> > Best regards,
> > Sumanta Saha
> >
> >
> >
> >
> >
> > ----- Original Message ----
> > > From: Yoshihiro Ohba
> > > To: Sumanta
> > > Cc: Dmitrij Langutin
> > > Sent: Monday, June 1, 2009 9:25:03 PM
> > > Subject: Re: [FW: Security TG teleconference schedule]
> > >
> > > Sumanta,
> > >
> > > It's gonna be 5pm-7pm in Helsinki Time. I hope it works for you.
> > >
> > > Yoshihiro Ohba
> > >
> > >
> > > On Mon, Jun 01, 2009 at 11:15:51AM -0700, Sumanta wrote:
> > > >
> > > > Hello Yoshihiro,
> > > >
> > > > It would be great to join the teleconf on 10th.?However, as we have a?big
> > > difference in time?so?I need to know?the time of the meeting to check
> whether I
> > > can join. If not possible, I can provide my?response?through writing.
> > > >
> > > > Best regards,
> > > > Sumanta Saha
> > > >
> > > >
> > > >
> > > >
> > > > ----- Original Message ----
> > > > > From: Yoshihiro Ohba
> > > > > To: Sumanta
> > > > > Sent: Monday, June 1, 2009 8:40:08 PM
> > > > > Subject: [FW: Security TG teleconference schedule]
> > > > >
> > > > > Sumanta,
> > > > >
> > > > > In the next 802.21a teleconfernece on June 10, your proposal is on the
> > > > > discussion agenda.? Are you planning to join in the teleconf and
> > > > > present your response to the feedback about your proposal obtained in
> > > > > May IEEE 802 meeting (please see the meeting minutes for the
> > > > > feedback)?
> > > > >
> > > > > Best Regards,
> > > > > Yoshihiro Ohba
> > > > >
> > > > >
> > > > >
> > > > > ----- Forwarded message from Yoshihiro Ohba -----
> > > > >
> > > > > From: Yoshihiro Ohba
> > > > > To: STDS-802-21@xxxxxxxxxxxxxxxxx
> > > > > Subject: Security TG teleconference schedule
> > > > > User-Agent: Mutt/1.5.18 (2008-05-17)
> > > > > X-UIDL: __4!!TBE"!MpI!!V*i!!
> > > > >
> > > > > As discussed in the WG Closing Plenary of May Interim meeting, the
> > > > > following three teleconferences are scheduled for the Security TG
> > > > > before July meeting:
> > > > >
> > > > > May 27 (Wed) 10am-noon Eastern Time
> > > > > June 10 (Wed) 10am-noon Eastern Time
> > > > > June 24 (Wed) 10am-noon Eastern Time
> > > > >
> > > > > Call-in: +1-732-336-6000
> > > > > Pin: 2483
> > > > >
> > > > > The main purpose of the teleconferences is to discuss major specific
> > > > > issues identified during Proposal Presentation I.? Please see Security
> > > > > TG meeting minutes as part of WG minutes for detailed discussions as
> > > > > well as 21-09-0085 and 21-09-0086 for summary of discussions.
> > > > >
> > > > > Agenda for May 27 teleconference:
> > > > > - Distributed IS server model (by proposer of 21-09-0059)
> > > > > - Authenticator architecture (by proposer of 21-09-0066)
> > > > >
> > > > > Agenda for June 10 teleconference:
> > > > > - MIH_SEC_SAP vs integrated security modules (by proposer of 21-09-0062)
> > > > > - Message authentication with short-term cert vs. SA establishment (by
> > > proposer
> > > > > of 21-09-0065)
> > > > >
> > > > > Agenda for June 24 teleconference:
> > > > > - Update on EAP-FRM (by proposer of 21-09-0064)
> > > > > - Update on Security-related IEs (by proposer of 21-09-0060)
> > > > > - Update on authenticator discovery (by proposer of 21-09-0063)
> > > > >
> > > > > If you have other discussion topics for these teleconferences, please
> > > > > let me know.
> > > > >
> > > > > Best Regards,
> > > > > Yoshihiro Ohba
> > > > >
> > > > >
> > > > >
> > > > > ----- End forwarded message -----
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
> >
> >
--- End Message ---