Smart Card Based Protocol For Secure And Controlled Access Of Mobile Host In Foreign Network

  • 3,720 views
Uploaded on

This is the presentation in a course named …

This is the presentation in a course named
ECT , the paper is about technique like
AAA ,RADIUS ,smart card ,jave card

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Find coupons for your hosting. Get a promo deal before you purchase hosting http://www.scriptcoupons.com/Vps.net/
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
3,720
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
144
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Smart Card Based Protocol for Secure and Controlled Access Of Mobile Host in IPv6 Compatible Foreign Network 954203020 郭啟揚 954203039 鄭志瑋 954203057 蔡繼正
  • 2. Outline(1/1)
    • Introduction
    • Smart Card
    • Java Card
    • AAA architecture
      • RADIUS
      • Diameter
    • Network layer security using IPv6
      • IP Source Address Filtering
      • IPsec
    • User registration protocol
    • Comment
  • 3. Introduction
    • IPsec +PKI
      • 耗損運算能力、頻寬
      • 難實作
    • Smart card+IPv6+ IPsec
    • AAA
    • (Authentication , Authorization , Accounting)
    • MAP
    • (Mobile Authentication Protocol)
      • AAA 、 Java Applet 、加密 function 、 AR 的實作、 ipv6 、
      • LSA 、 URP 、 IPsec
  • 4. Smart Card(1/4)
    • Magnetic Stripe cards
    • Smart card (IC 卡,晶片卡、智慧卡 )
      • Memory card
      • Microprocessor card
      • Java Card
  • 5. Smart Card(2/4)
    • Memory Cards
      • Memory Cards
        • Capacity : 64KB to 1MB
        • Ex : pre-paid telephone card
      • Optical memory card
        • Capacity : 4MB
        • Ex : personal identification card
  • 6. Smart Card(3/4)
    • Microprocessor Cards
      • Contact Cards
        • IC 電話卡、 IC 金融卡
      • Contactless Cards
        • 捷運悠遊卡
      • Combi Cards
        • 第二代信用卡
  • 7. Smart Card(4/4)
  • 8. Java Card(1/2)
    • JAVA 卡之前的智慧卡
      • 需求上升,新應用誕生
      • APIs 非常複雜
      • 沒有一個通用的開發環境
      • 不同廠商相同應用的卡不相容
  • 9. Java Card(2/2)
    • Java Card
      • 支援一卡多用途
      • 可重用性
      • Jave Applets 易實作
      • Applets 可於任何 java-based 環境執行
      • 使用 Java API 撰寫的卡片彼此相容
  • 10. AAA architecture
    • AAA
      • Authentication
      • Authorization
      • Accounting
    • Protocol
      • RADIUS
        • Remote Authentication Dial In User Service
      • Diameter
  • 11. RADIUS(1/2)
  • 12. RADIUS(2/2)
    • 缺點
      • Low security guarantee
      • Low scalability
      • Low Transmission reliability
      • Low AVP (Attribute Value Pair) space 256
      • Heavy processing requirement
  • 13. Diameter(1/4)
  • 14. Diameter(2/4)
    • TCP or SCTP
      • (Stream Control Transmission protocol)
      • 支援 retransmission 和 windowing flow
      • Proxy 必需 ack 每一個 packet
      • 它解決了 Radius 相關問題
        • Connection disruption
        • Silent discard
        • congestion
  • 15. Diameter(3/4)
    • CMS (Cryptographic Message Syntax)
        • 安全性高
        • End to end
        • Digital signature and encryption
  • 16. Diameter(4/4)
    • 優點
      • 較大的 AVP space 2^32
      • 用 time stamp 解決 Replay attack
      • 擴充性高
      • Payload 調整為 32bit
  • 17. Network layer security using IPv6
    • IP Source Address Filtering
    • IPsec
  • 18. IP Source Address Filtering User identity IP Share key Share key
  • 19. IPsec(2/5)
    • IPsec 協定
      • AH (Authentication Header)
      • ESP (Encapsulating Security Payload)
    • IPsec 通道
      • Transport mode
      • Tunnel mode
  • 20. IPsec(3/5)
  • 21. IPsec(4/5)
  • 22. IPsec(5/5)
    • SA(Security Association)
      • Unidirectional
        • SAin SBout : SBin SAout
        • 相同的 key 、加密參數
      • SA bundle
      • A triple
        • Destination IP address
        • Protocol identifier (ESP 、 AH)
        • SPI (Security parameter index)
      • Store in SADB
      • (Security Association Database)
    • 實作: FreeS/WAN
  • 23. User registration protocol(1/4)
    • AAA server
      • AAAh (AAA server in the home network of the MH)
      • AAAv (AAA server in the visited network)
    • SA (Security Association)
      • Inter-domain SA
      • Local SA
        • Temporary Shared key (TSK)
  • 24. User Registration Protocol(2/4)
    • URP (User Registration Protocol)
    • MAP (Mobile Authentication Protocol )
      • Implementation of URP
      • Use EAPoUDP (EAP format)
      • Communicate with clients
      • TSK
    • Diameter (AAA)
      • Communicate with AAA server
    MH AR AAAh
  • 25. User registration protocol(3/4) LSA IPsec TSK TSK TSK
  • 26. Local challenge VN_ID Care of address AUTH=HMAC-MD5(LC,user_id,VN_ID,SAmh) User Name AVP:user_id Extract LC , user_id , AUTH,VN_ID, MH_Ipaddr EAP AVP:AUTH Care of IP:MH_Ipaddr AAA Registration Request Challenge AVP:LC AUTH==HMAC-MD5(LC,user_id,VN_ID,SAmh ) HC,AUTHNET,Randtsk AUTHNET=HMAC-MD5(HC,user_id,VN_ID,SAmh) TSK=3DES(Randtsk,SAmh) ARA (Randtsk,HC,TSK,VN_ID,user_id,Authnet) EAP format AUTH=HMAC-MD5(HC,user_id,VN_ID,SAmh) AUTH==AUTHNET EAP format
  • 27. Implementation detail Extensible Authentication Protocol AAA Registration Request
  • 28. Comment(1/2) 3 6+3=9 訊息數 其他 技術 本名 縮寫 Mobile Authentication Protocol Internet key Exchange IPsec +IPv6+ Smart card PKI+IKE Temporary share key Two phase MAP IKE
  • 29. Comment(2/2) 低 高 成本 不易 容易 key 竊取 易 難 建置 key 定時更新 Key 不能失去 Key 安全性 本名 縮寫 Mobile Authentication Protocol Public key infrastructure 高 低 MAP PKI
  • 30. 所以 MAP 將會是未來的趨勢 你認為呢? Thank you for attention Q&A