Smart Card Based Protocol for Secure and Controlled Access Of Mobile Host in IPv6 Compatible Foreign Network 954203020 郭啟揚...
Outline(1/1) <ul><li>Introduction </li></ul><ul><li>Smart Card </li></ul><ul><li>Java Card </li></ul><ul><li>AAA architect...
Introduction <ul><li>IPsec +PKI </li></ul><ul><ul><li>耗損運算能力、頻寬 </li></ul></ul><ul><ul><li>難實作 </li></ul></ul><ul><li>Smar...
Smart Card(1/4) <ul><li>Magnetic Stripe cards </li></ul><ul><li>Smart card (IC 卡,晶片卡、智慧卡 ) </li></ul><ul><ul><li>Memory ca...
Smart Card(2/4) <ul><li>Memory Cards </li></ul><ul><ul><li>Memory Cards </li></ul></ul><ul><ul><ul><li>Capacity : 64KB to ...
Smart Card(3/4) <ul><li>Microprocessor Cards </li></ul><ul><ul><li>Contact Cards </li></ul></ul><ul><ul><ul><li>IC 電話卡、 IC...
Smart Card(4/4)
Java  Card(1/2) <ul><li>JAVA 卡之前的智慧卡  </li></ul><ul><ul><li>需求上升,新應用誕生 </li></ul></ul><ul><ul><li>APIs 非常複雜  </li></ul></u...
Java Card(2/2) <ul><li>Java Card </li></ul><ul><ul><li>支援一卡多用途 </li></ul></ul><ul><ul><li>可重用性  </li></ul></ul><ul><ul><li...
AAA architecture <ul><li>AAA  </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Authorization </li></ul></ul...
RADIUS(1/2)
RADIUS(2/2) <ul><li>缺點 </li></ul><ul><ul><li>Low  security guarantee </li></ul></ul><ul><ul><li>Low scalability </li></ul>...
Diameter(1/4)
Diameter(2/4) <ul><li>TCP or SCTP  </li></ul><ul><ul><li>(Stream Control Transmission protocol) </li></ul></ul><ul><ul><li...
Diameter(3/4) <ul><li>CMS (Cryptographic Message Syntax) </li></ul><ul><ul><ul><li>安全性高 </li></ul></ul></ul><ul><ul><ul><l...
Diameter(4/4) <ul><li>優點 </li></ul><ul><ul><li>較大的  AVP space 2^32 </li></ul></ul><ul><ul><li>用 time stamp 解決 Replay attac...
Network layer security using  IPv6 <ul><li>IP Source Address Filtering  </li></ul><ul><li>IPsec </li></ul>
IP Source Address Filtering  User identity IP Share key  Share key
IPsec(2/5) <ul><li>IPsec 協定 </li></ul><ul><ul><li>AH (Authentication Header) </li></ul></ul><ul><ul><li>ESP (Encapsulating...
IPsec(3/5)
IPsec(4/5)
IPsec(5/5) <ul><li>SA(Security Association) </li></ul><ul><ul><li>Unidirectional </li></ul></ul><ul><ul><ul><li>SAin SBout...
User registration protocol(1/4) <ul><li>AAA server </li></ul><ul><ul><li>AAAh (AAA server in the home network  of  the MH)...
User Registration Protocol(2/4) <ul><li>URP (User Registration Protocol) </li></ul><ul><li>MAP (Mobile Authentication Prot...
User registration protocol(3/4) LSA IPsec TSK TSK TSK
Local challenge VN_ID Care of address AUTH=HMAC-MD5(LC,user_id,VN_ID,SAmh) User Name AVP:user_id Extract LC , user_id , AU...
Implementation detail Extensible Authentication Protocol AAA Registration Request
Comment(1/2) 3 6+3=9 訊息數 其他 技術 本名 縮寫 Mobile Authentication  Protocol Internet key Exchange IPsec +IPv6+ Smart card PKI+IKE...
Comment(2/2) 低 高 成本 不易 容易 key 竊取 易 難 建置 key 定時更新 Key 不能失去 Key 安全性 本名 縮寫 Mobile Authentication  Protocol Public key infrast...
所以 MAP 將會是未來的趨勢 你認為呢? Thank you for attention Q&A
Upcoming SlideShare
Loading in …5
×

Smart Card Based Protocol For Secure And Controlled Access Of Mobile Host In Foreign Network

4,135 views

Published on

This is the presentation in a course named
ECT , the paper is about technique like
AAA ,RADIUS ,smart card ,jave card

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
  • Find coupons for your hosting. Get a promo deal before you purchase hosting http://www.scriptcoupons.com/Vps.net/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
4,135
On SlideShare
0
From Embeds
0
Number of Embeds
45
Actions
Shares
0
Downloads
148
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide
  • Smart Card Based Protocol For Secure And Controlled Access Of Mobile Host In Foreign Network

    1. 1. Smart Card Based Protocol for Secure and Controlled Access Of Mobile Host in IPv6 Compatible Foreign Network 954203020 郭啟揚 954203039 鄭志瑋 954203057 蔡繼正
    2. 2. Outline(1/1) <ul><li>Introduction </li></ul><ul><li>Smart Card </li></ul><ul><li>Java Card </li></ul><ul><li>AAA architecture </li></ul><ul><ul><li>RADIUS </li></ul></ul><ul><ul><li>Diameter </li></ul></ul><ul><li>Network layer security using IPv6 </li></ul><ul><ul><li>IP Source Address Filtering </li></ul></ul><ul><ul><li>IPsec </li></ul></ul><ul><li>User registration protocol </li></ul><ul><li>Comment </li></ul>
    3. 3. Introduction <ul><li>IPsec +PKI </li></ul><ul><ul><li>耗損運算能力、頻寬 </li></ul></ul><ul><ul><li>難實作 </li></ul></ul><ul><li>Smart card+IPv6+ IPsec </li></ul><ul><li>AAA </li></ul><ul><li>(Authentication , Authorization , Accounting) </li></ul><ul><li>MAP </li></ul><ul><li>(Mobile Authentication Protocol) </li></ul><ul><ul><li>AAA 、 Java Applet 、加密 function 、 AR 的實作、 ipv6 、 </li></ul></ul><ul><ul><li>LSA 、 URP 、 IPsec </li></ul></ul>
    4. 4. Smart Card(1/4) <ul><li>Magnetic Stripe cards </li></ul><ul><li>Smart card (IC 卡,晶片卡、智慧卡 ) </li></ul><ul><ul><li>Memory card </li></ul></ul><ul><ul><li>Microprocessor card </li></ul></ul><ul><ul><li>Java Card </li></ul></ul>
    5. 5. Smart Card(2/4) <ul><li>Memory Cards </li></ul><ul><ul><li>Memory Cards </li></ul></ul><ul><ul><ul><li>Capacity : 64KB to 1MB </li></ul></ul></ul><ul><ul><ul><li>Ex : pre-paid telephone card </li></ul></ul></ul><ul><ul><li>Optical memory card </li></ul></ul><ul><ul><ul><li>Capacity : 4MB </li></ul></ul></ul><ul><ul><ul><li>Ex : personal identification card </li></ul></ul></ul>
    6. 6. Smart Card(3/4) <ul><li>Microprocessor Cards </li></ul><ul><ul><li>Contact Cards </li></ul></ul><ul><ul><ul><li>IC 電話卡、 IC 金融卡 </li></ul></ul></ul><ul><ul><li>Contactless Cards </li></ul></ul><ul><ul><ul><li>捷運悠遊卡 </li></ul></ul></ul><ul><ul><li>Combi Cards </li></ul></ul><ul><ul><ul><li>第二代信用卡 </li></ul></ul></ul>
    7. 7. Smart Card(4/4)
    8. 8. Java Card(1/2) <ul><li>JAVA 卡之前的智慧卡 </li></ul><ul><ul><li>需求上升,新應用誕生 </li></ul></ul><ul><ul><li>APIs 非常複雜 </li></ul></ul><ul><ul><li>沒有一個通用的開發環境 </li></ul></ul><ul><ul><li>不同廠商相同應用的卡不相容 </li></ul></ul>
    9. 9. Java Card(2/2) <ul><li>Java Card </li></ul><ul><ul><li>支援一卡多用途 </li></ul></ul><ul><ul><li>可重用性 </li></ul></ul><ul><ul><li>Jave Applets 易實作 </li></ul></ul><ul><ul><li>Applets 可於任何 java-based 環境執行 </li></ul></ul><ul><ul><li>使用 Java API 撰寫的卡片彼此相容 </li></ul></ul>
    10. 10. AAA architecture <ul><li>AAA </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><li>Accounting </li></ul></ul><ul><li>Protocol </li></ul><ul><ul><li>RADIUS </li></ul></ul><ul><ul><ul><li>Remote Authentication Dial In User Service </li></ul></ul></ul><ul><ul><li>Diameter </li></ul></ul>
    11. 11. RADIUS(1/2)
    12. 12. RADIUS(2/2) <ul><li>缺點 </li></ul><ul><ul><li>Low security guarantee </li></ul></ul><ul><ul><li>Low scalability </li></ul></ul><ul><ul><li>Low Transmission reliability </li></ul></ul><ul><ul><li>Low AVP (Attribute Value Pair) space 256 </li></ul></ul><ul><ul><li>Heavy processing requirement </li></ul></ul>
    13. 13. Diameter(1/4)
    14. 14. Diameter(2/4) <ul><li>TCP or SCTP </li></ul><ul><ul><li>(Stream Control Transmission protocol) </li></ul></ul><ul><ul><li>支援 retransmission 和 windowing flow </li></ul></ul><ul><ul><li>Proxy 必需 ack 每一個 packet </li></ul></ul><ul><ul><li>它解決了 Radius 相關問題 </li></ul></ul><ul><ul><ul><li>Connection disruption </li></ul></ul></ul><ul><ul><ul><li>Silent discard </li></ul></ul></ul><ul><ul><ul><li>congestion </li></ul></ul></ul>
    15. 15. Diameter(3/4) <ul><li>CMS (Cryptographic Message Syntax) </li></ul><ul><ul><ul><li>安全性高 </li></ul></ul></ul><ul><ul><ul><li>End to end </li></ul></ul></ul><ul><ul><ul><li>Digital signature and encryption </li></ul></ul></ul>
    16. 16. Diameter(4/4) <ul><li>優點 </li></ul><ul><ul><li>較大的 AVP space 2^32 </li></ul></ul><ul><ul><li>用 time stamp 解決 Replay attack </li></ul></ul><ul><ul><li>擴充性高 </li></ul></ul><ul><ul><li>Payload 調整為 32bit </li></ul></ul>
    17. 17. Network layer security using IPv6 <ul><li>IP Source Address Filtering </li></ul><ul><li>IPsec </li></ul>
    18. 18. IP Source Address Filtering User identity IP Share key Share key
    19. 19. IPsec(2/5) <ul><li>IPsec 協定 </li></ul><ul><ul><li>AH (Authentication Header) </li></ul></ul><ul><ul><li>ESP (Encapsulating Security Payload) </li></ul></ul><ul><li>IPsec 通道 </li></ul><ul><ul><li>Transport mode </li></ul></ul><ul><ul><li>Tunnel mode </li></ul></ul>
    20. 20. IPsec(3/5)
    21. 21. IPsec(4/5)
    22. 22. IPsec(5/5) <ul><li>SA(Security Association) </li></ul><ul><ul><li>Unidirectional </li></ul></ul><ul><ul><ul><li>SAin SBout : SBin SAout </li></ul></ul></ul><ul><ul><ul><li>相同的 key 、加密參數 </li></ul></ul></ul><ul><ul><li>SA bundle </li></ul></ul><ul><ul><li>A triple </li></ul></ul><ul><ul><ul><li>Destination IP address </li></ul></ul></ul><ul><ul><ul><li>Protocol identifier (ESP 、 AH) </li></ul></ul></ul><ul><ul><ul><li>SPI (Security parameter index) </li></ul></ul></ul><ul><ul><li>Store in SADB </li></ul></ul><ul><ul><li>(Security Association Database) </li></ul></ul><ul><li>實作: FreeS/WAN </li></ul>
    23. 23. User registration protocol(1/4) <ul><li>AAA server </li></ul><ul><ul><li>AAAh (AAA server in the home network of the MH) </li></ul></ul><ul><ul><li>AAAv (AAA server in the visited network) </li></ul></ul><ul><li>SA (Security Association) </li></ul><ul><ul><li>Inter-domain SA </li></ul></ul><ul><ul><li>Local SA </li></ul></ul><ul><ul><ul><li>Temporary Shared key (TSK) </li></ul></ul></ul>
    24. 24. User Registration Protocol(2/4) <ul><li>URP (User Registration Protocol) </li></ul><ul><li>MAP (Mobile Authentication Protocol ) </li></ul><ul><ul><li>Implementation of URP </li></ul></ul><ul><ul><li>Use EAPoUDP (EAP format) </li></ul></ul><ul><ul><li>Communicate with clients </li></ul></ul><ul><ul><li>TSK </li></ul></ul><ul><li>Diameter (AAA) </li></ul><ul><ul><li>Communicate with AAA server </li></ul></ul>MH AR AAAh
    25. 25. User registration protocol(3/4) LSA IPsec TSK TSK TSK
    26. 26. Local challenge VN_ID Care of address AUTH=HMAC-MD5(LC,user_id,VN_ID,SAmh) User Name AVP:user_id Extract LC , user_id , AUTH,VN_ID, MH_Ipaddr EAP AVP:AUTH Care of IP:MH_Ipaddr AAA Registration Request Challenge AVP:LC AUTH==HMAC-MD5(LC,user_id,VN_ID,SAmh ) HC,AUTHNET,Randtsk AUTHNET=HMAC-MD5(HC,user_id,VN_ID,SAmh) TSK=3DES(Randtsk,SAmh) ARA (Randtsk,HC,TSK,VN_ID,user_id,Authnet) EAP format AUTH=HMAC-MD5(HC,user_id,VN_ID,SAmh) AUTH==AUTHNET EAP format
    27. 27. Implementation detail Extensible Authentication Protocol AAA Registration Request
    28. 28. Comment(1/2) 3 6+3=9 訊息數 其他 技術 本名 縮寫 Mobile Authentication Protocol Internet key Exchange IPsec +IPv6+ Smart card PKI+IKE Temporary share key Two phase MAP IKE
    29. 29. Comment(2/2) 低 高 成本 不易 容易 key 竊取 易 難 建置 key 定時更新 Key 不能失去 Key 安全性 本名 縮寫 Mobile Authentication Protocol Public key infrastructure 高 低 MAP PKI
    30. 30. 所以 MAP 將會是未來的趨勢 你認為呢? Thank you for attention Q&A

    ×