Wireless Personal Communications

, Volume 29, Issue 3–4, pp 161–190 | Cite as

Secure Service and Network Framework for Mobile Ethernet

  • Masahiro Kuroda
  • Mariko Yoshida
  • Ryoji Ono
  • Shinsaku Kiyomoto
  • Toshiaki Tanaka
Article

Abstract

Secure cellular data services have become more popular in the Japanese market. These services are based on 2G/3G cellular networks and are expected to move into the next-generation wireless networks, called Beyond 3G. In the Beyond 3G, wireless communication available at a user's location is selected based on the type of the service. The user downloads an application from one wireless network and executes it on another. Beyond 3G expects core and wireless operators and allows to plug-in new wireless access. A security model that can accommodate these requirements needs to be sufficiently flexible for end users to utilize with ease. In this paper, we explain the Mobile Ethernet architecture for all IP networks in terms of the Beyond 3G. We discuss usage scenario/operator models and identify entities for the security model. We separate a mobile device into a personal identity card (PIC) containing cryptographic information and a wireless communications device that offers security and flexibility. We propose a self-delegation protocol for device authentication and use a delegated credential for unified network- and service-level authentication. We also propose proactive handover authentication using the security context between different types of wireless access, such as Third Generation Partnership Project (3GPP) and WLAN, so that the secure end-to-end communication channels established by service software on the TCP/IP are not terminated. Lastly, we raise security issues regarding the next-generation platform.

security authentication security context handover certificate Beyond 3G 4G authentication protocol mutual authentication smart card self-delegation access control 3GPP WLAN MIDP 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    http://www.itu.int/home/imt.html.Google Scholar
  2. 2.
    http://www.3gpp.org/.Google Scholar
  3. 3.
    “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Robust Security”, (draft), IEEE Std 802.11i/D3.3, May 2003.Google Scholar
  4. 4.
    "3G Security; Security Architecture (Release 5)”, 3GPP TS 33.102 V5.1.0, December 2002.Google Scholar
  5. 5.
    "Mobile Information Device Profile (MIDP) 2.0”, JSR 118, http://jcp.org/jsr/detail/118.jsp.Google Scholar
  6. 6.
    O. Goldreich, B. Pftzmann and R.L. Rivest, “Self-delegation with Controlled Propagation-or-What If You Lose Your Laptop”, in Proceedings of Crypto 98, Springer LNCS, Vol. 1462, pp. 153–168, 1998.Google Scholar
  7. 7.
    D. Chaum, “Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms”, in Proceedings of Auscrypt '90, Springer LNCS, Vol. 453, pp. 246–264, 1990.Google Scholar
  8. 8.
    D. Chaum, “Achieving Electronic Privacy”, Scientific American, pp. 96–101, August 1976.Google Scholar
  9. 9.
    H. Harada, M. Kuroda, H. Morikawa, H. Wakana and F. Adachi, “The Overview of the New Generation Mobile Communication System and the Role of Software Defined Radio Technology”, IEICE Transactions on Communication, col. E86-B, no. 12, pp. 3374–3384, December 2003.Google Scholar
  10. 10.
    M. Kuroda, M. Inoue, A. Okubo, T. Sakakura, K. Shimizu and F. Adachi, “Scalable Mobile Ethernet and Fast Vertical Handover”, in Proceedings of the IEEE Wireless Communications and Networking Conference 2004, A27 3, March 2004.Google Scholar
  11. 11.
    T. Narten, E. Nordmark and W. Simpson, “Neighbor Discovery for IP Version 6 (IPv6)”, RFC 2461, IETF, December 1998.Google Scholar
  12. 12.
    J. Ala-Laurila, J. Mikkonen and J. Rinnemaa, “Wireless LAN Access Network Architecture for Mobile Operators”, IEEE Communications Magazine,Vol. 39, No. 11, 2001.Google Scholar
  13. 13.
    M. Kuroda, M. Yoshida, S. Sakurai and T. Munaka, “Design of Secure Mobile Application on Cellular Phones”, PCM2002, December 2002.Google Scholar
  14. 14.
    “Mobile Information Device Profile for the J2ME TM Platform”, JSR 37, http://jcp.org/jsr/detail/37.jsp.Google Scholar
  15. 15.
    “J2ME TM Connected, Limited Device Configuration”, JSR 30, http://jcp.org/jsr/detail/30.jsp.Google Scholar
  16. 16.
    “Mobile Execution Environment (MExE); Service Description, Stage 1 (Release 5)”, 3GPP TS 22.057 V5.4.0, June 2002.Google Scholar
  17. 17.
    M. Yoshida, M. Kuroda, S. Kiyomoto and T. Tanaka, “A Secure Service Architecture for Beyond 3G Wireless Network”, WPMC2003, V2, pp. 579–583, October 2003.Google Scholar
  18. 18.
    S. Kiyomoto, T. Tanaka, M. Yoshida and M. Kuroda, “Design and Evaluation of Security Architecture for Beyond 3G Mobile Terminals”, WPMC2003, V1, pp. 19–195, October 2003.Google Scholar
  19. 19.
    M. Kuroda, M. Yoshida and R. Ono, “Double Stuff Security for Beyond 3G Wireless Network”, WPMC2003, V2, pp. 32–331, October 2003.Google Scholar
  20. 20.
    “Public Key Cryptography for the Financial Services Industry: Elliptic Curve Digital Signature Algorithm (ECDSA)”, ANSI X9.62, 1999.Google Scholar
  21. 21.
    W. Diffie and M. Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, IT-22, vol. 6, 1976.Google Scholar
  22. 22.
    “Secure Hash Standard”, NIST, FIPS 180-1, April 1995.Google Scholar
  23. 23.
    H. Krawczyk, M. Bellare and R. Canetti, “HMAC: Keyed-hashing for Message Authentication”, RFC 2104, IETF, February 1997.Google Scholar
  24. 24.
    “Public-key and Attribute Certificate Frameworks”, Draft Revised ITU-T Recommendation X.509, ISO/IEC 9594-8, 2000.Google Scholar
  25. 25.
    D.A. Cooper, “A Model of Certificate Revocation”, in Proceedings of ACSAC '99, December 1999.Google Scholar
  26. 26.
    D. A. Cooper, “A More Efficient Use of Delta-CRLs”, in Proceedings of 2000 IEEE Symposium on Security and Privacy, May 2000.Google Scholar
  27. 27.
    M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP”, RFC 2560, IETF, June 1999.Google Scholar
  28. 28.
    O. Goldreich, B. Pftizmann and R.L. Rivest, “Self-Delegation with Controlled Propagation-or-What If You Lose Your Laptop”, in Proceedings of Crypto 98, Springer LNCS, Vol. 1462, pp.153–168, 1998.Google Scholar
  29. 29.
    C. Rigney and S. Willens, “Remote Authentication Dial in User Service (RADIUS)”, RFC 2865, IETF, June 2000.Google Scholar
  30. 30.
    “Port-Based Network Access Control”, IEEE Std 802.1X-2001.Google Scholar
  31. 31.
    P. Funk and S.B. Wilson, “EAP Tunneled TLS Authentication Protocol (EAP-TTLS)”, Internet-Draft, draft-ietf-pppext-eap-ttls-02.txt, November 2002.Google Scholar
  32. 32.
    M. Alam, “Interworking and Handover Mechanism between WLAN and UMTS”, Wireless IP and Building the Mobile Internet, Artech House Publishers, November 2002.Google Scholar
  33. 33.
    R. Ramjee, T. LaPorta, S. Thuel, K. Varadhan and L. Salgarelli, “IP Micro-Mobility Support Using HAWAII”, Internet-Draft, June 1999.Google Scholar
  34. 34.
    MIPv6 Handoff Design Team, “Fast Handoffs for Mobile IPv6”, Internet-Draft, draft-ietf-mobileip-fast-mipv6-01.txt, April 2001.Google Scholar
  35. 35.
    H. Soliman, C. Castelluccia, K. Malki and L. Bellier, “Hierarchical MIPv6 Mobility Management”, draft-ietf-mobileip-hmipv6-05.txt, July 2001.Google Scholar
  36. 36.
    “One-Way Transmission Time”, ITU-T G.114, February 1996.Google Scholar
  37. 37.
    “Feasibility Study on 3GPP System to Wireless Local Area Network (WLAN) Interworking (Release 6)”, 3GPP TR 22.934 V6.1.0, December 2002.Google Scholar
  38. 38.
    “3GPP System to Wireless Local Area Network (WLAN) Interworking: System Description (Release 6)”, 3GPP TS 23.234 V1.10.0, May 2003.Google Scholar
  39. 39.
    H. Yokota, T. Kubo and A. Idoue, “A Study on IP Mobility Service Provisioning in Cooperation with IEEE 802.1X Authentication”, IPSJ SIGNotes, MBL No. 24-009, March 2003.Google Scholar
  40. 40.
    “Japan Standard Time”, http://www2.nict.go.jp/cgi-bin/JST E.pl.Google Scholar
  41. 41.
    N. Asokan, C. Perkins and T. Eklund, “AAA for IPv6 Network Access”, draft-perkins-aaav6-02.txt, January 2000.Google Scholar
  42. 42.
    S. Faccin, B. Patil, C. Perkins, F. Dupont, M. Maknavicius and J. Bournelle, “Mobile IPv6 Authentication, Authorization, and Accounting Requirements”, draft-le-aaa-mipv6-requirements-02.txt, April 2003.Google Scholar
  43. 43.
    G. Giaretta, I. Guardini and E. Demaria "MIPv6 Authorization and Configuration based on EAP”, draft-giaretta-mip6-authorization-eap-00.txt, February 2004.Google Scholar

Copyright information

© Kluwer Academic Publishers 2004

Authors and Affiliations

  • Masahiro Kuroda
    • 1
  • Mariko Yoshida
    • 1
    • 2
  • Ryoji Ono
    • 2
  • Shinsaku Kiyomoto
    • 3
  • Toshiaki Tanaka
    • 3
  1. 1.National Institute of Information and Communications TechnologyKanagawaJapan.
  2. 2.Mitsubishi Electric CorporationKanagawaJapan
  3. 3.KDDI R&D Laboratories Inc.SaitamaJapan

Personalised recommendations