WO2006102565A3 - Optimized derivation of handover keys in mobile ipv6 - Google Patents

Optimized derivation of handover keys in mobile ipv6 Download PDF

Info

Publication number
WO2006102565A3
WO2006102565A3 PCT/US2006/010691 US2006010691W WO2006102565A3 WO 2006102565 A3 WO2006102565 A3 WO 2006102565A3 US 2006010691 W US2006010691 W US 2006010691W WO 2006102565 A3 WO2006102565 A3 WO 2006102565A3
Authority
WO
Grant status
Application
Patent type
Prior art keywords
key
access router
access
access terminal
public key
Prior art date
Application number
PCT/US2006/010691
Other languages
French (fr)
Other versions
WO2006102565A2 (en )
Inventor
Mohamed Khalil
Haseeb Akhtar
Original Assignee
Nortel Networks Ltd
Mohamed Khalil
Haseeb Akhtar
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/04Key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data session or connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data session or connection
    • H04W36/0033Control or signalling for completing the hand-off for data session or connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data session or connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation, e.g. WAP [Wireless Application Protocol]
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Abstract

The invention consists of an optimized protocol for deriving handover keys to authenticate communication between an access terminal and an access router during a fast handoff protocol. An encryption public key generated using a private key for the access terminal and the access router is transmitted, each public key derived using the private key in an encryption algorithm. The public key for the access terminal is transmitted encapsulated in a binding update message that is received by the access router. The access router uses the received access terminal public key and its private key to generate a shared authentication key. The access router transmits its public key encapsulated in a message to the access terminal, which uses its private key and the access router public key to generate the shared authentication key. The shared authentication key is then used to authenticate communication between the access terminal and the access router. The messages transmitting the public keys are also secured using a security association for the routing links between the access terminal and the access router. The messages transmitting the keys are control messages used in the handover protocol and do not impose any additional messaging overhead to establish the authenticated communication link.
PCT/US2006/010691 2005-03-23 2006-03-23 Optimized derivation of handover keys in mobile ipv6 WO2006102565A3 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US66457805 true 2005-03-23 2005-03-23
US60/664,578 2005-03-23

Publications (2)

Publication Number Publication Date
WO2006102565A2 true WO2006102565A2 (en) 2006-09-28
WO2006102565A3 true true WO2006102565A3 (en) 2007-12-13

Family

ID=37024665

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/010691 WO2006102565A3 (en) 2005-03-23 2006-03-23 Optimized derivation of handover keys in mobile ipv6

Country Status (1)

Country Link
WO (1) WO2006102565A3 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335985B (en) * 2007-06-29 2011-05-11 华为技术有限公司 Method and system for safe fast switching
CN101102600B (en) 2007-06-29 2012-07-04 中兴通讯股份有限公司 Secret key processing method for switching between different mobile access systems
CN101431753B (en) * 2007-11-09 2010-11-10 华为技术有限公司 Protection method and apparatus for mobile IPv6 fast switching
US9924416B2 (en) 2013-08-01 2018-03-20 Nokia Technologies Oy Methods, apparatuses and computer program products for fast handover
CN105763517A (en) * 2014-12-17 2016-07-13 联芯科技有限公司 Router security access and control method and system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5930362A (en) * 1996-10-09 1999-07-27 At&T Wireless Services Inc Generation of encryption key
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US20020118674A1 (en) * 2001-02-23 2002-08-29 Faccin Stefano M. Key distribution mechanism for IP environment
US20020147820A1 (en) * 2001-04-06 2002-10-10 Docomo Communications Laboratories Usa, Inc. Method for implementing IP security in mobile IP networks
WO2003051072A1 (en) * 2001-12-07 2003-06-19 Qualcomm, Incorporated Apparatus and method of using a ciphering key in a hybrid communications network
US6587680B1 (en) * 1999-11-23 2003-07-01 Nokia Corporation Transfer of security association during a mobile terminal handover
US20040166857A1 (en) * 2003-02-20 2004-08-26 Nec Laboratories America, Inc. Secure candidate access router discovery method and system
US6856800B1 (en) * 2001-05-14 2005-02-15 At&T Corp. Fast authentication and access control system for mobile networking
US20050055576A1 (en) * 2003-09-04 2005-03-10 Risto Mononen Location privacy in a communication system
EP1562340A1 (en) * 2004-02-05 2005-08-10 Siemens Aktiengesellschaft Method and apparatus for establishing a temporary secure connection between a mobile network node and an access network node during a data transmission handover
US7046647B2 (en) * 2004-01-22 2006-05-16 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5930362A (en) * 1996-10-09 1999-07-27 At&T Wireless Services Inc Generation of encryption key
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US6587680B1 (en) * 1999-11-23 2003-07-01 Nokia Corporation Transfer of security association during a mobile terminal handover
US20020118674A1 (en) * 2001-02-23 2002-08-29 Faccin Stefano M. Key distribution mechanism for IP environment
US20020147820A1 (en) * 2001-04-06 2002-10-10 Docomo Communications Laboratories Usa, Inc. Method for implementing IP security in mobile IP networks
US6856800B1 (en) * 2001-05-14 2005-02-15 At&T Corp. Fast authentication and access control system for mobile networking
WO2003051072A1 (en) * 2001-12-07 2003-06-19 Qualcomm, Incorporated Apparatus and method of using a ciphering key in a hybrid communications network
US20040166857A1 (en) * 2003-02-20 2004-08-26 Nec Laboratories America, Inc. Secure candidate access router discovery method and system
US20050055576A1 (en) * 2003-09-04 2005-03-10 Risto Mononen Location privacy in a communication system
US7046647B2 (en) * 2004-01-22 2006-05-16 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
EP1562340A1 (en) * 2004-02-05 2005-08-10 Siemens Aktiengesellschaft Method and apparatus for establishing a temporary secure connection between a mobile network node and an access network node during a data transmission handover

Also Published As

Publication number Publication date Type
WO2006102565A2 (en) 2006-09-28 application

Similar Documents

Publication Publication Date Title
Keoh et al. Securing the internet of things: A standardization perspective
Arbaugh et al. Your 80211 wireless network has no clothes
US20070153739A1 (en) Wireless router assisted security handoff (WRASH) in a multi-hop wireless network
US20100293372A1 (en) Asymmetric cryptography for wireless systems
EP1001570A2 (en) Efficient authentication with key update
Shin et al. Wireless network security and interworking
US8503376B2 (en) Techniques for secure channelization between UICC and a terminal
US20080167003A1 (en) Method and apparatus for base station self-configuration
US8122249B2 (en) Method and arrangement for providing a wireless mesh network
US7356145B2 (en) Arranging data ciphering in a wireless telecommunication system
US20020147820A1 (en) Method for implementing IP security in mobile IP networks
US20080046732A1 (en) Ad-hoc network key management
US20070271606A1 (en) Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN
US20060233376A1 (en) Exchange of key material
US8812833B2 (en) Wireless multiband security
US20080141031A1 (en) Eap method for eap extension (eap-ext)
US20110305339A1 (en) Key Establishment for Relay Node in a Wireless Communication System
US20080175393A1 (en) Kerberized handover keying
US20060274695A1 (en) System and method for effectuating a connection to a network
US9215075B1 (en) System and method for secure relayed communications from an implantable medical device
US20080212783A1 (en) Kerberized handover keying improvements
US20080178277A1 (en) Bootstrapping Kerberos from EAP (BKE)
US20090132806A1 (en) Method for agreeing between at least one first and one second communication subscriber to security key for securing communication link
US20040236939A1 (en) Wireless network handoff key
US20130091556A1 (en) Method for establishing a secure and authorized connection between a smart card and a device in a network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06748619

Country of ref document: EP

Kind code of ref document: A2