IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: 21-08-0154-00-0000
Title: Discussion of risk and architecture in MIH Authentication
Date Submitted: May 15, 2008
Presented at IEEE 802.21 session #26 in Jacksonville, FL
Authors or Source(s):
Michael Glenn Williams
Abstract: This is a discussion of MIH authentication.
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE 802.21 Working Group. It is
offered as a basis for discussion and is not binding on the contributing
individual(s) or organization(s). The material in this document is subject to
change in form and content after further study. The contributor(s) reserve(s)
the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate
material contained in this contribution, and any modifications thereof, in the
creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this
contribution; and at the IEEE’s sole discretion to permit others to reproduce in
whole or in part the resulting IEEE Standards publication. The contributor also
acknowledges and accepts that this contribution may be made public by IEEE
802.21.
The contributor is familiar with IEEE patent policy, as stated
outlined
in in
Section
Section
6 of
6.3the
of
the IEEE-SA
IEEE-SA
Standards
Standards
Board
Board
bylaws
Operations Manual
<http://standards.ieee.org/guides/opman/sect6.html#6.3> and
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6>
and in
in
Understanding Patent Issues During IEEE Standards Development
http://standards.ieee.org/board/pat/guide.html>
http://standards.ieee.org/board/pat/faq.pdf>
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
Providing MIH authentication
• MIH Security Study Group wants to define authentication
between MIH peers for providing:
• MIH service access control
• MIH protocol message protection
• The MIH authentication provides the basis for MIH access
control and message protection
• There is discussion on various network architecture and service
architecture combinations
• There is discussion on how can the network architecture can
affect the MIH authenticaton, access control or message
protection
• Also discussion on how the service architecture can affect the
MIH authenticaton, access control or message protection
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
MIH-relevant
network and service architecture
elements
• Different proposals and discussion papers suggest elements of network and
service architecture to be involved in the MIH authentication process
• Network
• Home, visited, 3rd party networks
• Administrative domain
• AAA domain
• Service provider
• Network access control
• Key management domain
• MIH Service
• MIHF
• PoS
• PoA
• Service discovery
• MIH access control
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
Concept of risk in relation to
MIH services
• MIH services within the network are part of the network
infrastructure
• They are non-critical services for the network as a whole
• They are optional to deploy in all architectural definitions
• Risk exposure to the network from MIH services failing is much
less than routing failure, DNS failure, DHCP or AAA failure
•
•
Not much loss of revenue caused by slower handover
Perhaps lower connection quality perception
• MIH services within the MN are part of mobility management
• They are also non critical
• They are optional to deploy and use
• Not all access types support MIH services
• Risk exposure to the MN from MIH services failing are low
•
Less efficient H/O
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
Concept of trust in relation to the
network architectural elements
• Home, visited, 3rd party network domain and MIH domain
• Allows assignment of trust level of the network MIH services towards the MN as
a whole
• AAA domain
• Establishes authentication between network domain and MN and between MIH
domain and MN
• Administrative domain
• Enables MN to recognize a network domain or MIH domain as trusted or
untrusted
• Service provider, service provider domain
• A collection of Administrative domains.
• NOTE: Do we need to have separate notion of trust from administrative domain
for this?
• Service discovery
• Process of locating MIH domain before authentication. Trust not yet established.
• Network access control
• Standard process to establish trust between MN and network
• Key management domain
• ???
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication
Concept of trust in relation to the MIH
architectural elements
• MIHF
• Entity in MN or NN that establishes trust in the MIH domain
• PoS
• An element in the MIH domain that implements MIHF
• is MIH peer of MN MIHF or another NN MIHF
• PoA
• A network domain element that provides network access
• MIH access control
• Enforcing and regulating service delivery from the PoS to the
peer
21-08-0154-00-0000-discussion of risk and architecture in MIH-authentication