IP Security: IPSec

Download Report

Transcript IP Security: IPSec 

MobiHealth Security Requirements
and Proposal
Madrid
2002/11/12-13
© Ramon Martí, DMAG, Universitat Pompeu Fabra
1
Security Issues
•
GPRS/UMTS and Bluetooth [Zigbee]
Data Link Layer Hop-to-hop security
 Data encryption and terminal authentication, with no user or
application authentication
 Link layer security independent from the node address
 Security suitable for MobiHealth communications

© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 2
Security Issues
•
IPsec





Network Layer node-to-node security
node-to-node data encryption and node authentication, with
no user or application authentication
The node-to-node protection can be host-to-host, end-to-end
or end-to-host protection
Comm. security based on client and server node addresses
Not suitable for comm. security from MBU with dynamic IP
 MBU<->WSB, MBU<->SH, etc

Suitable for comm. security between hosts with static IP
 GPRS/UMTS Op.<->WSB, WSB <-> SH and GPRS/UMTS Op<> SH, SH<->WS, etc.
© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 3
Security Issues
•
SSL and HTTPS




•
Transport Layer end-to-end application-to-application security
End-to-end data encryption and user authentication
Suitable for transport-level security from the MBU
Suitable for transport-level security between hosts with static
IP
S-HTTP
Extension to HTTP: HTTP superset
Application Layer application-to-application and
application_user-to-application_user security
 Cryptography to Application layer messages
 Allows various messages encapsulation ways
 Not particular key certification scheme. Support for RSA


© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 4
Security Issues
•
OpenSSL


Application Layer application-to-application and
application_user-to-application_user security
Application data encryption or/and user authentication
© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 5
Functionality of the WSB
Central Authentication and Authorization
• Broker Management facilities:
•



•
•
•
•
•
•
Statistics
Services
Billing
Data compression
Proxy functionality
WAP 2.0 Standard
End to End security (HTTPS)
Wireless TCP
Push functionality
© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 6
Security Proposal
© Ramon Martí, DMAG, Universitat Pompeu Fabra
Page 7