Secure Service and Network Framework for Mobile Ethernet

Secure cellular data services have become more popular in the Japanese market. These services are based on 2G/3G cellular networks and are expected to move into the next-generation wireless networks, called Beyond 3G. In the Beyond 3G, wireless communication available at a user's location is selected based on the type of the service. The user downloads an application from one wireless network and executes it on another. Beyond 3G expects core and wireless operators and allows to plug-in new wireless access. A security model that can accommodate these requirements needs to be sufficiently flexible for end users to utilize with ease. In this paper, we explain the Mobile Ethernet architecture for all IP networks in terms of the Beyond 3G. We discuss usage scenario/operator models and identify entities for the security model. We separate a mobile device into a personal identity card (PIC) containing cryptographic information and a wireless communications device that offers security and flexibility. We propose a self-delegation protocol for device authentication and use a delegated credential for unified network- and service-level authentication. We also propose proactive handover authentication using the security context between different types of wireless access, such as Third Generation Partnership Project (3GPP) and WLAN, so that the secure end-to-end communication channels established by service software on the TCP/IP are not terminated. Lastly, we raise security issues regarding the next-generation platform.

[1]  Ramachandran Ramjee,et al.  IP Micro-Mobility Support Using HAWAII , 1999 .

[2]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[3]  Lars Richter,et al.  Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[4]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[5]  Masahiro Kuroda,et al.  Design of Secure Mobile Application on Cellular Phones , 2002, IEEE Pacific Rim Conference on Multimedia.

[6]  Fumiyuki Adachi,et al.  Scalable Mobile Ethernet and fast vertical handover , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[7]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[8]  Stefano Faccin,et al.  Mobile IPv6 Authentication, Authorization, and Accounting Requirements , 2004 .

[9]  David A. Cooper,et al.  A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[10]  Simon Blake-Wilson,et al.  EAP Tunneled TLS Authentication Protocol (EAP-TTLS) , 2004 .

[11]  Jouni Mikkonen,et al.  Wireless LAN access network architecture for mobile operators , 2001 .

[12]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13]  Mahbubul Alam,et al.  Interworking and Handover Mechanism Between WLAN and UMTS , 2001 .

[14]  Fumiyuki Adachi,et al.  The Overview of the New Generation Mobile Communication System and the Role of Software Defined Radio Technology , 2003 .

[15]  David Chaum,et al.  Showing Credentials without Identification Transfeering Signatures between Unconditionally Unlinkable Pseudonyms , 1990, AUSCRYPT.

[16]  David A. Cooper A more efficient use of delta-CRLs , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Claude Castelluccia,et al.  Hierarchical MIPv6 mobility management , 2000 .

[18]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[19]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[20]  Birgit Pfitzmann,et al.  Self-Delegation with Controlled Propagation - or - What If You Lose Your Laptop , 1998, CRYPTO.