The evolution of 3G is currently being specified in the Third Generation Partnership Project (3GPP). The concept of a trusted non-3GPP access would consist on allowing the link layer subscriber authentication to be performed by the home AAA server. (A non-3GPP access is defined as any access other than GERAN/UTRAN/EUTRAN). The authentication for non-3GPP accesses is done by first authenticating on the link layer, e.g., running Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement (EAP/AKA) which requires several round trips. The Access Router (AR) in the trusted access network is typically the pass through authenticator in the EAP/AKA run. This is followed by another authentication on the IP layer between the Mobile Node (MN) and the Mobile IP Home Agent (HA) which is located in the Packet Data Network Gateway (PDN GW). The PDN GW is also the anchor point for 3GPP accesses. The IP layer authentication also results in security parameters and keys necessary to secure the mobility signaling. Consequently, the IP layer authentication will add latency to the link layer authentication.
In particular, it is wasteful to run two authentications in handover situations, where the delay is critical for real time applications. The authentication process in non-3GPP accesses is clearly inefficient and multiple authentication protocol runs are made.
Proxy Mobil IPv6 (PMIPv6) protocol is proposed to be used as a network initiated mobility protocol in System Architecture Evolution—Long Term Evolution (SAE/LTE). The suggestion is to run this protocol on the S5 interface (between the PDN GW and the S-GW) and S8b interface (between the PDN GW and the visited S-GW) reference points (See 3GPP TS 23.401).
PMIPv6 consists of allowing a Mobile Access Gateway (MAG) to advertise the 64-bit home prefix to the mobile node (MN), so that the MN believes that it is still attached to the home network, and thus, keeps its home address. The MAG is located in the access router (AR). In parallel the MAG sends a Proxy Binding Update (PBU) to the MN's HA, and request a binding between the MN's Home Address (HoA) and the MAG's egress interface address (i.e., the MAG's egress interface will play the role of the Care of Address (CoA)).
The MAG fetches the MN's HA's address and the MN's home prefix as well as the type of the address configuration, during or after a successful link layer authentication.
Compared to regular Mobile IP, this has the advantage of keeping the MN unaware of mobility events, and does not require any explicit security association between the MN and its HA (this is now taken care of by the MAG, and is assuming that the link between the HA the MAG is secure).
For more information on PMIPv6 refer to www.ietf.org/internet-drafts/draft-ietf-netlmm-proxy-mobileipv6-17.txt.
When multiple terminals share the same access link, e.g., as in WLAN, all terminals on that link see each others packets, and packets are, in a sense, transmitted directly between terminals. This has several implications for security. We below assume IPv6.
When a terminal first appears on the link, it will send a Router Solicitation message (RtSol), and is expecting the access router (AR) to respond with a Router Advertisement (RtAdv). The RtAdv contains the address prefix, which the terminal shall use to configure its IP address. An attacker present on the link may spoof the RtAdv in reply to the RtSol.
Assuming the terminal has received a RtAdv, and has built its IP address, it is supposed to send an address duplication detection message on the link, containing its IP address. If this address is already in use by someone else on the link, the terminal should generate a new address and perform the address duplication detection procedure again. Again, an attacker on the same link, may respond to all address duplication detection messages sent on the link, effectively denying all other terminals service.
A terminal wishing to send a packet to another terminal on the same link needs to resolve the IP addresses to a link layer addresses. This is done by the terminal, by asking on the link for the link layer address belonging to a certain IP address. The intention of the protocol used, is that only the true owner of the IP address will respond, but clearly any attacker may respond to this query.
These messages are part of the Neighbor Discovery protocols (see RFC2461 and RFC2462). To counter the above mentioned attacks, IETF has specified the Secure Neighborhood Discovery (SEND) protocol. The protocol is based on public key cryptography, where the addresses are bound to a private/public key pair (Cryptographically Generated Addresses, or CGAs), and all messages involved in the address management are digitally signed.
Generation of CGAs is somewhat heavy weight. Signing all address management messages induces quite some processing load on both terminals and the access router. Message sizes increases significantly when signatures and certificates needs to be added. Verification of revoked certificates induces more round trips, and load on the terminals and the access routers.
It would be advantageous to have a system and method for combining internet protocol authentication and mobility signaling. The present invention provides such a system and method.