MIH protocol security
Maryna Komarova (ENST)
21-07-xxxx-00-0000
1
General security issues and threats
• Both the MIH User and NE MIHF may be the subject of an
attack, therefore purposes are:
• MIH user protection from a fake MIH IS
• MIH IS protection form malicious users
• Information received by the MIH User from MIHF is used to
perform next steps and, hence, it is critical to protect it from
altering, modification and provide message origin
authentication.
• Due to the short battery life on the MN it is essentially to avoid
processing of fake information by the MN.
21-07-xxxx-00-0000
2
Requirements
• Security of MIHF discovery
• There are two kinds of transport mechanisms: the first one is
the lower layer transport (L2) and the second one is the
higher layer transport (L3).
• MIHF discovery: over media-specific L2 or L3 mechanism
• MIH Capability discovery – either over MIH or over mediaspecific broadcast messages
• Security of MIH Protocol
• Re-using existing transport protocols
• Re-using existing solutions for authentication,
confidentiality, message authentication and integrity
providing;
• Channel security protocol selection may be implementation
dependent;
• Minimum impact on the handover latency
21-07-xxxx-00-0000
3
MIHF services
• To discover MIHF either MIH or link-specific broadband
transport is used.
• No authentication is assumed in the process of MIHF discovery
and MIH Capability discovery.
• MIH pairing, from the MN’s point of view, means authorization
for the MIHF to send commands. Hence, the MN authorizes
some important actions to an unauthenticated entity.
• MIHF registration assumes only identification of peers but it
assumes any authentication and any means for integrity
protection and message authentication of commands and events
sent.
21-07-xxxx-00-0000
4
MIHF service-specific security requirements
• Information Service
• Discovery may operate as well as within as outside administrative
domain boundaries.
• “It is important to note that, with certain access networks an MN should
be able to obtain IEEE 802.21 related information elements before the
MN is authenticated with the PoA.”
• In order to protect the user from wrong information receiving, the IS
should be authenticated to the user (MIHF-to-user authentication);
• Definition of different sets of information available for users in
authenticated and non-authenticated states;
• Event Service and Command Service
• Mutual authentication between the MIHF and the MIH User (simple
authentication is not sufficient, particularly in case of communication
with the remote MIHF);
• Secure channel establishment;
• Providing confidentiality, integrity protection and message origin
authentication.
21-07-xxxx-00-0000
5
Authorization rights management
• The user should be able to select the most reliable IS among all
available;
• After authentication different users are allowed to access
different services.
• Per-user management of access rights is
• Costly;
• Users may not be known in advance (if belonging to a
different administrative domain);
• User may not disclose its identity to the visiting network;
• Role-based management of access rights may be implemented
instead.
• The role may be based on the user’s state
(unauthenticated/authenticated) or subscription
(home/visiting).
21-07-xxxx-00-0000
6
Choice of MIIS
• The current 802.21 draft does not specify the location of the MIIS. Such a
way, the IS may be located in the serving, candidate or home network or
even it can be managed by the third party authority.
• To choose the set of candidate networks the MN must use only trusted and
verified information.
• The MN may receive contradictory or conflicting information. That is why it
is desirable to define some trust rating for IS.
• This trust rating may be based on the previous experience: it is positive
when the provided information was correct and it is negative if provided
information was not correct. For handover decision making the MN
chooses the set of IS with the highest rating.
• Is the evaluation of trust to the IS is in the scope of the SG?
• May some score be added to the IS according to the quality of the previous
information provided to the MN?
21-07-xxxx-00-0000
7
Related works
• Mobility Services Transport: Problem Statement draft-ietfmipshop-mis-ps-04 considers
• End-to-end signalling and transport over IP
• End-to-end signalling and partial transport over IP
• End-to-end Network-to-Network signalling
• Transport of Media Independent Handover Messages Over
IP draft-rahman-mipshop-mih-transport-03.txt
• Proposes use of IPSec for transport and IKE
• Design Considerations for the Common MIH Protocol
Functions draft-hepworth-mipshop-mih-designconsiderations-01
• Necessity of Authentication, Authorization ans credential
management.
21-07-xxxx-00-0000
8