A Proposal for Next Generation Cellular Network Authentication and Authorization Architecture James...

A Proposal for Next Generation Cellular Network Authentication and Authorization Architecture

James KempfResearch FellowDoCoMo USA [email protected], November 4, 2004

04/18/23 2Copyright © 2004 DoCoMo Communications Laboratories USA, Inc. All Rights Reserved. James Kempf

Outline

• Existing solutions for auth/authz and their problems– Pre-IP L2.5

– Universal Access Method (UAM)

• SEND and PANA• A Different Way - Hyperoperator• Obstacles to Acceptance• Summary

Existing solutions for auth/authz and their problems


Pre-IP Layer 2.5

• Terminal and network authenticate each other prior to establishing IP service

• Typically thru a Layer 2.5 flow between the terminal and a network access server

– PPP for some cellular protocols– Proprietary for others– 802.1x EAPOL for 802.11

• Network access server routes auth request back into the home network via local AAA server

– Radius or Diameter across the Internet

• Home network AAA server authenticates• Authorization for network access from home network AAA server to local

AAA server– If a terminal is authenticated, then it is authorized for IP service– If the network/base station is authenticated, then it is authorized to take the

terminal’s traffic


Example: 802.1x

Border Router

AR

AP/NAS

Access Network

Mobile Terminal

Internet

AAA-H

AAA-F

EAP + EAPoL + 802.11/3

EAP+Radius +

IP

EAP+Radius +

IP

PMK pushed to

AP


802.1x Terminal to Access Network Detail

802.1X/EAP-Request Identity

802.1X/EAP-Response Identity (EAP type specific)

RADIUS Access Request/Identity

EAP type specific mutual authentication

(e.g. TLS)

802.1X/EAP-SUCCESS

APSTA

802.1X RADIUS

AP 802.1X blocks port for data traffic

STA 802.1X blocks port for data traffic

AS

Derive Pairwise Master Key (PMK)

Derive Pairwise Master Key (PMK)

RADIUS Accept + PMK


Problems

• Handover requires lengthy PMK rekeying, delaying handover• Implicit authorization model for network access is difficult to

extend to other services– Example: multicast

• Authenticated and authorized terminals that are compromised or otherwise decide to behave badly


Universal Access Method

• Terminal establishes restricted IP access– Can’t route to the Internet– Only HTTP

• HTTP GET redirected to Public Access Control (PAC) Gateway– PAC pushes login page to terminal

• User types in login/password for account access or credit card number for one time access

• PAC routes auth request back into the home network via local AAA server or credit card auth/authz to credit card provider

– Radius or Diameter across the Internet for AAA– Ecommerce protocol (SET, Mondex, secure channel card payment, GeldKarte,

etc.) for credit card.• Home network AAA server authenticates or credit card provider

authorizes• Authorization for network access from home network AAA server to local

AAA server– If a terminal is authenticated, then it is authorized for IP service– If the network/base station is authenticated, then it is authorized to take the

terminal’s traffic


UAM Architecture

Border Router

AR

AP

Access Network

Mobile Terminal

Internet

AAA-H

AAA-F

HTTP + SSL + IP

Radius +IP

Radius +IP

PAC

Secure Credit Card Auth/Authz


UAM Terminal to Access Network Detail

HTTP GET + User URL

Redirect Login URL

HTTP POST credentials

RADIUS Accept + UAM AVPs*Redirect User URL

User types in account login/password or credit card

number

PACSTA

UAM RADIUS

PAC blocks Internet access

AS

RADIUS Access Request/Identity + UAM

AVPs*

* Credit card auth/authz protocol if used

User URL Displayed


Problems

• If the user isn’t using HTML or the device isn’t capable of Web browsing, the procedure fails

• Piecewise, asymmetric security with many opportunities for compromise– Network authenticates user through user name/password or credit card

number– Terminal authenticates network through SSL– RADIUS security depends on VPN or other

• No support for handover at all

• For other services:– For AAA, implicit authorization model for network access is difficult to extend

to other services, – For credit card, authorization for other services requires user to type in credit

card information again

• Authenticated and authorized terminals that are compromised or otherwise decide to behave badly

SEND and PANA


SEcure Neighbor Discovery (SEND)

• Recently standardized addition to IPv6 Neighbor Discovery (RFC 2461) for securing:

– Local link address resolution– Router discovery– No RFC number yet

• Prevents a fully authenticated and authorized terminal from behaving badly for a limited set of actions

– DoSing nodes on the same link– MiM attacks by spoofing access router

• Local link address resolution secured by using cryptographically generated addresses

– Ties the IP address to the node’s public key– Together with a signature, establishes the node’s authorization to claim the

address• Router discovery secured by certified public keys on the router, together

with certificates– Node checks router certificate against a certification path for which the node

has a certificate for trust anchor– Router’s certified public key used to check signature on Router

Advertisements


AR

AP

Mobile Terminal

SEND Details – Obtaining Router Certificate

CertificationPath

Solicitation + Names of

Trust Anchors Certification

Path Advertisement +

Certification Paths to Trust

Anchor

Router’s Certified Pubic Key


AR

AP

Mobile Terminal

SEND Details – Secure Router Discovery

Router Solicitation

Router Advertisement +

Signature

Validate Signature


SEND Details – Secure Link Address Resolution

AR

AP

Mobile Terminal

Terminal’s RSA Key

Subnet Prefix

Hash!

Cryptographically Generated IPv6

Address

Neighbor Solicitation for CGA + Signature

Internet Traffic


Network Access Authentication and SEND

• SEND solves half the problem– Allows the terminal to authenticate the network

• Adding a certificate on the terminal would allow the network to authenticate the terminal– But no way to check terminal’s authorization nor provide accounting

so network service can be billed

• SEND WG discussed using a terminal certificate for address resolution security but issue was dropped– Want to see whether any market acceptance for SEND first

• Authentication of terminal using certificate provided by home network would provide a lighter weight alternative to AAA flows– No need to do AAA on handover, just check certificate

• Or an authorization token issued by the access network after authentication and authorization are complete


Protocol carrying Authentication for Network Access (PANA)

• PANA is an IP level encapsulation for Extensible Authentication Protocol (EAP)

• Provides authentication transport if no Layer 2.5 transport is available.

• PANA framework contains a network access enforcement point to limit types of traffic until terminal is authenticated.– Router solicitation/advertisement– Address autoconfiguration– DHCP– PANA

• Enforcement point may also provide cryptographic protection for traffic if unavailable from link layer– IKE/IPsec

• Replaces use of HTML in UAM


PANA Protocol – Host to Network

Border Router

AR

AP

Access Network

Mobile Terminal

Internet

AAA-H

AAA-F

PAC

Radius/Diameter +IP

Radius/Diameter +EAP

+IP

EC

PANA + EAP +

IP


PANA Protocol – Network to Host

Border Router

AR

AP

Access Network

Mobile Terminal

Internet

AAA-H

AAA-F

PAC

Radius/Diameter +IP

Radius/Diameter +EAP

+IP

EC

SNMPPANA + EAP +

IP


Controversy over PANA

• Arguments against PANA– Layer 2 protocols all have their own ways of doing authentication– Terminal should authenticate before obtaining an IP address– PANA is architecturally wrong– ...

• PANA is really a replacement for UAM– UAM is really architecturally wrong

• Forces the terminal to support HTTP

• HTTP is really the wrong stack layer for network access authentication signaling

– Widespread deployment of UAM indicates market interest in using IP as network access authentication transport

• Primary issue: PANA only solves a very small part of the problem– If the link layer is not secure, then IKE/IPsec must be used for confidentiality

on the link• Too heavy weight

– Many of the problems surrounding other authentication methods remain

Different Way - Hyperoperator


The Problem

• Infrastructure deployment costs for a managed microcellular network like 802.11 are really high

• Nobody has managed to make a viable business out of subscription based hot-spots

• Well, maybe T-Mobile, but...

• Best business model seems to be a managed network model– 802.11 provider sells network management service to hotels, convention

centers, etc.

• For B3G or 4G, deployment, infrastructure, and network management costs of standard cellular business model might be steep to unaffordable

– Low end distruptors based on cheap, unmanaged spectrum devices with macrocellular characteristics are a threat

• Private individuals and small businesses with 802.11 really don’t want the hassles of managing security in a wireless network

– And some people who might want 802.11 always on might not want to pay for it until they really use it


The Goal

• Multiple federated, independent, small access networks– Maybe your neighbor, maybe you

• They contract with an operator to provide wireless service in exchange for discount on their network access or payment

– Like solar power in California – PG&E doesn’t pay you but you sell them power during the day/summer and buy back at night/winter

– Or maybe like solar power in Germany where the power company pays you for power you generate

• Operator provides them with:– Security and management software and expertise to make their network more

secure than if they had to manage it themselves– Software for user service provisioning, charging and accounting so the

operator’s users are properly charged– Software to regulate usage of the federated network so that the owner is

guaranteed some percentage of the bandwidth

→ We call this model Hyperoperator


HyperOperator

AP

Hyperoperator

kempf-and-associates AR

wakerley-house

AR

AP

Foxborough Drive

Mountain View


Two Possibly Useful Components

• Mobile Firewall• Authorization Certificates


Mobile Firewall

• Previous work– SEND handles some threats on the last hop

– IETF 56 DefCon BOF • Discussed protocol for distributed firewall but no agreement on forming a

WG

• Firewall on the access router protects network from virus and worm traffic originating on a fully authenticated and authorized host

• Firewall detects mal-traffic, cuts off host’s network service• Other uses

– Bandwidth control

– Differential service provisioning


Mobile Firewall Details

AR

Mobile Firewall

Mobile Terminal

Compromised host starts

spewing mal-traffic

Real time traffic analysis

identifies threat

X

Virus traffic is blocked

G. Fu, D. Funato, J. Wood, and T. Kawahara, "Mobile Firewall", The Fifth International Conference on Mobile and Wireless Communications Networks (MWCN 2003) , Singapore, October 2003.


Authorization Certificates

• Home network provides terminal with proof of authorization for a service

• Terminal presents proof of authorization to foreign network for initial access

• Access network grants terminal a token for handover• Terminal presents token on each handover (including between

federated operators)


Authorization Certificate/Microcredits Example

Border Router

AP

Access Network

Mobile Terminal

Hyperopertor

Home AccountingServer

Send Authorization Certificate

ForeignAccounting

Server 10

Send Access Token

10

Send Access Token

Radius Flow

(ugh! Do we really need this?)

Obstacles to Acceptance *

*Or why this idea might not get traction


Research Problems

• Risk analysis of how much the operator stands to lose if the federated system cheats


Business Problem

• THE issue!• This is a disruptive business model

– Either low end if the customers are overserved by 3G network

– Or nonconsumption if the customers are people who are not using existing 3G networks or are not using them for particular jobs

• The cellular providers can’t disrupt themselves– Unless they establish a separate business unit

Summary


Summary

• Reviewed existing methods of doing wireless auth/authz– Pre-IP Layer 2.5– UAM

• Discussed problems with existing technologies

• Reviewed two new IETF protocols that may provide some benefit– SEND mitigates some threats on the local link, could be expanded to include

network access authentication– PANA removes HTTP hack in UAM

• Described a more radical proposal – hyperoperator– Federated model of many small operators, with privately owned access points– Mobile firewall between host and the network to control traffic from

compromised hosts– Authentication certificates and access tokens for authorization and accounting

• Discussed problems in – Existing infrastructural and intellectual investment in traditional AAA

Questions?

A Proposal for Next Generation Cellular Network Authentication and Authorization Architecture James...

Documents

Transcript of A Proposal for Next Generation Cellular Network Authentication and Authorization Architecture James...