Transcript PPT Version

Thoughts on Bootstrapping
Mobility Securely
Chairs, with help from James Kempf,
Jari Arkko
MIP6 WG/BOF
57th IETF Vienna
Wed. July 16, 2003
What are we Bootstrapping?
• Not just a HA nor just a MN
• It takes two to tango
• Bootstrapping a security association between two
devices, such that one is enabled as an MN and
the other as its HA
• Bootstrapping a Mobility Security Association
(MSA)
Why Bootstrapping Mobility
Securely?
• Reduces RTT on HA/MN tunnels (optimal HA for distant
locations)
• Hides MN topological location (though this precludes route
optimization).
• Reduced configuration required (on either the MN or the
HA)
• MN resilience to network renumbering
• Enables network to assign MN's to HA administratively
• Allows for HA load balancing by assigning MN according to
load
• Authorizes a device to become an MN (security-wise)
Possible scenarios (1/2)
• No previous credential: Not a MIP6
issue?
– Leap-of-faith:
• Too risky (the whole RO was predicated on some
genuine trust or accountability between MN&HA)
– Enrollment
• out-of-band model (separate path for
confirmation via email, human exchange)
• Transitive Trusted Introduction (visa/mcard,
merchant, consumer) – reusable models?
Possible scenarios (2/2)
• Rolling over a Non-Mobile Security Association
(e.g., Enterprise PKI, AAA infrastructure etc.)
– Probably work on this
• Rolling over an existing MSA:
– Existing HA with a new MN (RFC3041 private
address scenario)
– Existing MN to acquire a new HA (Dynamic HA
scenario)
– Yes, work on this
Existing MSA Certificate
• Possible meanings of bootstrap:
– Complete the MN's Cert with info on HA
– Change its HA info from HA_orig to HA_new
(temp, permanent)
– Complete the HA's Cert with info on MN
– Change its MN info from MN_orig to MN_new
(temp, permanent)
MIPv6 Dynamic MSA Outline
• Mobile Node comes up in a foreign domain,
renumbering, creates an RFC3041, etc
• Performs authentication and is authorized to enter
network as a roamer.
– Authentication via EAPoL2
– PANA
– EAP over IKEv2
• Results in authentication and configuration info
perhaps via a credential provisioning process
Further thoughts on Dynamic MSA’s
• Secure location of dynamic HA?
–
–
–
–
Protocol in Section 11.4.1 of base draft is not secure.
IKE required w. anycast address – is this possible?
Issues w. IPsec on ICMP messages.
Encourage trend toward standardized, securable configuration/service
discovery mechanisms.
• Establish an SA for draft-ietf-mobileip-mipv6-ha-ipsec-06.txt but…
• Is the MN authorized for HA service?
– Binding between IKE and AAA.
• Not standardized in IKEv1.
– Use IKEv2 EAP over IKE (Section 2.16).
• IDi instead of IKE AUTH in Message 2 from MN to HA.
• HA responds with EAP to initiate the EAP exchange.
• Shared key may be established as part of exchange (e.g. preshared secret).
• How to securely assign MN a HoA?
– IKEv2 CFG_REQUEST (Section 2.19)?
– DHCP in IKE (draft-ietf-ipsec-dhcp-over-ike-00.txt)?
Credential Provisioning
• What to create: Mobile IP variant of draft-ietf-ipsec-pki
profile: "Certificate Extensions and Attributes for Mobile
IP" ??
• How to create them? Variant of:
– draft-ietf-ipsra-pic* (over IKE) (which is a variant of
draft-bellovin-ipsra-getcert-* )
– EAP to an auth server, which provisions credentials to
the MN which can be used later
• MN and private addresses:
– concept of a session
– during the session, an MN-issued rfc3281 Attrib
Cert(ideally a real authorization cert via SPKI) enables
the rfc3041 address
– communication outside of scope?