AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility

AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility

Volumn , Issue , 2006, Pages 1-295

  Nakhjiri, Madjid ^a   Nakhjiri, Mahsa ^a  

^a MOTOROLA INC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84889360026     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1002/0470017465     Document Type: Book

References (146)

1. Laat, C. et al., "Generic AAA Architecture", IETF, RFC 2903, August 2000.
2. Vollbrecht, J. et al., "AAA Authorization Framework", IETF, RFC 2904, August 2000.
3. Farrell, S. et al., "AAA Authorization Requirements", IETF, RFC 2906, August 2000.
4. Vollbrecht, J. et al., "AAA Authorization Application Examples", IETF, RFC 2905, August 2000.
5. Hares, S. and Katz, D., "Administrative Domains and Routing Domains, A Model for Routing in the Internet", IETF, RFC 1136, December 1989.
6. Aboba, B. et al., "Introduction to Accounting Management", RFC 2975, October 2000.
7. Calhoun, P. et al., "RADIUS Accounting Interim Accounting Record Extension", draft, January 1998.
8. Zseby, T. et al., "Policy Based Accounting", RFC 3334, October 2002.
9. Beadles, M. and Mitton, D., "Criteria for Evaluating Network Access Server Protocols", IETF, RFC 3169, September 2001.
10. Rescorla, E., "A Survey of Authentication Mechanisms", Internet Architecture Board (IAB), work in progress, draft-iab-auth-mech-02.txt, October 2003.
11. Haller, N., "The S/Key One-Time Password System", RFC 1760, February 1995.
12. Bellovin, S. and Merritt, M., "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks", Proceedings of IEEE Symposium on Research in Security and Privacy, May 1992.
13. Carlson, J., "PPP Design, Implementation and Debugging", Addison-Wesley, 2000.
14. Simpson, W., "The Point to Point Protocol", IETF, RFC 1661, July 1994.
15. Simpson, W., "PPP Challenge Handshake Authentication Protocol", IETF, RFC 1994, August 1996.
16. Rivest, R., "The MD5 Message Digest Algorithm", IETF, RFC 1321, April 1992.
17. Blunk, L. and Volbrecht, J., "PPP Extensible Authentication Protocol", IETF, RFC 2284, March 1998.
18. Krawczyk, H. et al., "HMAC, Keyed-Hashing for Message Authentication", IETF, RFC 2104, February 1997.
19. NIST, "Secure Hash Standards", FIPS PUB 180-1, April 1995.
20. US Department of Commerce, "Entity Authentication Using Public Key Cryptography", FIPS 196, Federal Information Processing Standards publication, February 1997, http://www.mirrors.wiretapped.net/security/info/reference/nist/fips/fips-196.pdf.
21. "Key Management Guidelines, Part 1: General Guidance", second draft, NIST, June 2002.
22. Aboba, B., et al. "Extensible Authentication Protocol (EAP) Key Management Framework", IETF work in progress, Internet draft, draft-ietf-eap-keying-03.txt, July 2004.
23. Institute of Electrical and Electronics Engineers, "Supplement to Standard for Telecommunications and Information Exchange Between Systems -LAN/MAN Specific Requirements -Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security", IEEE 802.11i, July 2004.
24. Edney, J. and Arbaugh, W., "Real 802.11 Security, Wi-Fi Protected Access and 802.11i", Addison-Wesley, March 2004.
25. Kohl, J. and Neuman, C., "The Kerberos Network Authentication Service (V5)", IETF, RFC 1510, September 1993.
26. Rescorla, E., "Diffie-Hellman Key Agreement Method", IETF, RFC 2631, June 1999.
27. Harkins, D. and Carrel, D., "The Internet Key Exchange (IKE)", IETF, RFC 2409, November 1998.
28. Borella, M., "Methods and Protocols for Secure Key Negotiation Using IKE", IEE Network Magazine, July/August 2000.
29. Tung, B. et al., "Public Key Cryptography for Initial Authentication in Kerberos", IETF work in progress, draft-ietf-cat-kerberos-pk-init-20.txt, July 2004.
30. Mihai, B., "Packet Cable Security Architecture", Helsinki University of Technology, November 2000, http://members.fortunecity.com/burli2/packetcable0.html.
31. Schneier, B., "Applied Cryptography: Protocols, Algorithms and Source Code in C", 2nd Ed., John Wiley & Sons, 1996.
32. Kaufman, C., Perlman, R. and Speciner, M., "Network Security: Private Communication in a Public World", 2nd Ed., Prentice Hall PTR, 2002.
33. Wi-Fi Alliance website, http://www.wi-fi.org/OpenSection/index.asp.
34. Mills, D., Network Time Protocol (Version 3), IETF, RFC 1305, March 1992.
35. Kent, S. and Atkinson, R., "Security Architecture for the Internet Protocol", IETF, RFC 2401, November 1998.
36. Kent, S. and Atkinson, R., "IP Authentication Header", RFC 2402, November 1998.
37. Kent, S. and Atkinson, R., "IP Encapsulating Security, Payload (ESP)", IETF, RFC 2406, November 1998.
38. Orman, H., "The Oakley Key Determination Protocol", IETF, RFC 2412, November 1998.
39. Krawczyk, H., "SKEME: A Versatile Secure Key Exchange Mechanism for Internet", from IEEE Proceedings of the 1996 Symposium on Network and Distributed Systems Security.
40. Maughan, D. et al., "Internet Security Association and Key Management Protocol (ISAKMP)", IETF, RFC 2408, November 1998.
41. Piper, D., "The Internet IP Security Domain of Interpretation for ISAKMP", RFC 2407, November 1998.
42. Thayer, R. et al., "IP Security Document Roadmap", IETF, RFC 2411, November 1998.
43. Harkins, D. and Carrel, D., "The Internet Key Exchange (IKE)", IETF, RFC 2409, November 1998.
44. Borella, M., "Methods and Protocols for Secure Key Negotiation Using IKE", IEE Network Magazine, July/August 2000.
45. Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", IETF work in progress, draft-ietf-ipsecikev2-17.txt, September 2004.
46. IETF IPsec working group website, http://ietf.org/html.charters/ipsec-charter.html.
47. Kent, S. and Seo, K., "Security Architecture for the Internet Protocol", IETF work in progress, draft-ietf-ipsec-rfc2401bis-04.txt, October 2004.
48. IETF website for "Profiling Use of PKI in IPsec", working group, http://ietf.org/html.charters/pki4ipse-charter.html.
49. IETF website for "IKEv2 for Mobility and Multi-homing", working group, http://ietf.org/html.charters/mobike-charter.html.
50. Linux FreeS/WAN project website, http://www.freeswan.org/.
51. Dierks, T. and Allen, C., "The TLS Protocol", RFC 2246, January 1999.
52. IETF website for Transport Layer Security working group, http://ietf.org/html.charters/tlscharter.html.
53. Saarinen, M.J., "Attacks Against the WAP WTLS Protocol", University of Jyvaskyla, September 1999.
54. Open SSL project web site, http://www.openssl.org/.
55. C. Perkins, "IP Mobility Support for Ipv4", RFC 3344, August 2002.
56. G. Montenegro, "Reverse Tunneling for Mobile IP", RFC 3024, January 2001.
57. C. Perkins, and P. Calhoun, "Mobile IPv4 Challenge/Response Extensions", RFC 3012, November 2000.
58. C. Perkins et al. "Mobile IPv4 Challenge/Response Extensions (revised)", draft-ietf-mipv4-rfc3012bis-02.txt, June 2004.
59. M. Liebsch et al., "Candidate Access Router Discovery", IETF Internet draft, draft-ietf-seamobycard-protocol-07.txt, IETF work in progress, June 2004.
60. Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting (seamoby), concluded IETF working group, http://ietf.org/html.charters/OLD/seamoby-charter.html.
61. A. Patel, "Problem Statement for Bootstrapping Mobile IPv6", IETF work in progress, draft-ietfmip6-bootstrap-ps-00.txt, IETF, July 2004.
62. IETF Mobile IPv4 working group website, http://ietf.org/html.charters/mip4-charter.html.
63. M. Kulkarni et al., "Mobile IPv4 Dynamic Home Agent Assignment", IETF work in progress, Internet draft, draft-ietf-mip4-dynamic-assignment-02.txt, June 2004.
64. K. El Malki, "Low Latency Handoffs in Mobile IPv4", IETF work in progress, Internet draft, draft-ietf-mobileip-lowlatency-handoffs-v4-09.txt, June 2004.
65. R. Koodli, "Fast Handovers for Mobile IPv6", IETF work in progress, Internet draft, draft-ietfmipshop-fast-mipv6-03.txt, October 2004.
66. J. Kempf et al., "Problem Description: Reasons for Performing Context Transfers Between Nodes in an IP Access Network", IETF, RFC 3374, September 2002.
67. F. Johansson and T. Johansson, "Mobile IPv4 Extensions for Carrying Network Access Identifiers", IETF, RFC 3846, June 2004.
68. E. Gustafsson et al., "Mobile IPv4 Regional Registration", IETF work in progress, Internet draft, draft-ietf-mip4-reg-tunnel-00.txt, November 2004.
69. H. Soliman et al., "Hierarchical Mobile IPv6 Mobility Management (HMIPv6)", draft-ietfmipshop-hmipv6-03.txt, October 2004.
70. M. Nakhjiri, "Time-efficient Context Transfer", Internet draft, draft-nakhjiri-seamoby-text-ct-03.txt, March 2003.
71. M. Nakhjiri, "A Time Efficient Context Transfer Method with Selective Reliability for Seamless IP Mobility", IEEE 58th, VTC proceedings, Orlando, October 2003.
72. J. Manner, and M. Kojo, "Mobility Related Terminology", IETF, RFC 3753, June 2004.
73. C. Rigney et al., "Remote Authentication Dial In User Service (RADIUS)", IETF Draft Standard, RFC 2865, June 2000.
74. C. Rigney, "RADIUS Accounting", IETF Informational RFC, RFC 2866, June 2000.
75. C. Rigney, "RADIUS Extensions", IETF Information RFC, RFC 2869, June 2000.
76. G. Zorn et al., "RADIUS Attributes for Tunnel Protocol Support", IETF Informational RFC, RFC 2868, June 2000.
77. B. Aboba, and P. Calhoun, RADIUS (Remote Authentication Dial In User Service) Support for Extensible Authentication Protocol (EAP), RFC 3579, September 2003.
78. Roaming Operations Working group website URL, http://www.ietf.org/html.charters/OLD/roamops-charter.html, IETF WG, concluded January 2001.
79. B. Aboba, and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", IETF, RFC 2607, June 1999.
80. IETF RADIUS extension working group, Web URL, http://ietf.org/html.charters/radextcharter.html.
81. RADIUS working group website URL, http://www.ietf.org/html.charters/OLD/radiuscharter.html, IETF, concluded July 2000.
82. FreeRADIUS Server Project, http://www.freeradius.org/.
83. J. Hassell, "RADIUS", O'Reilly, ISBN 0-596-00322-6, 2003.
84. M. Chiba et al., "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", IETF, RFC 3576, July 2003.
85. B. Aboba et al., "Criteria for Evaluating AAA Protocols for Network Access", IETF, RFC 2989, November 2000.
86. M. Beadles, D. Mitton, "Criteria for Evaluating Network Access Server Protocols", Internet Engineering Task Force, RFC 3169, September 2001.
87. IETF 48th Proceedings website, AAA Working Group meeting minutes, http://www.ietf.org/proceedings/00jul/00july-58.htm, Pittsburg, July 31-August 4, 2000.
88. D. Mitton et al., "Authentication, Authorization and Accounting Protocol Evaluation", IETF, RFC 3127, June 2001.
89. P. Calhoun, "Diameter Base Protocol", RFC 3588, IETF, September 2003.
90. P. Calhoun et al., "Diameter Network Access Server Application", Internet draft, IETF work in progress, draft-ietf-aaa-diameter-nasreq-16.txt, June 2004.
91. B. Aboba, J. Wood, "Authentication, Authorization and Accounting (AAA) Transport Profile", IETF, RFC 3539, June 2003.
92. P. Calhoun, W. Bulley, S. Farrell, "Diameter CMS Security Application", Internet draft, IETF work in progress, draft-ietf-aaa-diameter-cms-sec-04.txt, March 2002.
93. R. Housley, "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, IETF, August 2002.
94. B. Aboba et al., "Introduction to Accounting Management", IETF, RFC 2975, October 2000.
95. N. Brownlee, A. Blount, "Accounting Attributes and Record Format", IETF, RFC 2924, September 2000.
96. Internet Assigned Number Authority, website URL, http://www.iana.org/.
97. H. Hakala et al., "Diameter Credit Control Application", IETF work in progress, Internet draft, draft-ietf-aaa-diameter-cc-06.txt, August 2004.
98. P. Calhoun et al., "Diameter Mobile IPv4 Application", IETF work in progress, draft-ietf-aaadiameter-mobileip-20.txt, August 2004.
99. P. Eronen et al., "Diameter Extensible Authentication Protocol (EAP) Application", IETF work in progress, Internet draft, draft-ietf-aaa-eap-07.txt, June 2004.
100. M. Chiba et al., "Dynamic Authorization Extensions to RADIUS", IETF, RFC 3576, July 2003.
101. C. Rigney et al., "RADIUS Extensions", IETF, RFC 2869, June 2000.
102. J. Loughney, "Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5", IETF, RFC 3589, September 2003.
103. "Diameter Applications, 3G Specific Codes and Identifiers", 3rd Generation Partnership Project, June 2004.
104. C. Perkins, P. Calhoun, "Mobile IPv4 Challenge/Response Extensions", RFC 3012, November 2000.
105. C. Perkins et al., "Mobile IPv4 Challenge/Response Extensions (revised)", IETF work in progress, draft-ietf-mipv4-rfc3012bis-02.txt, June 2004.
106. C. Perkins, P. Calhoun, "AAA Registration Keys for Mobile IPv4", IETF, RFC 3957 March 2005.
107. P. Calhoun et al., "Diameter Mobile IPv4 Application", IETF work in progress, draft-ietf-aaadiameter-mobileip-20.txt, August 2004.
108. 3GPP2, "CDMA2000 Wireless IP Network Standards: Simple IP and Mobile IP Access Service", 3GPP2 X.S 0011-002C, V 1.0 August 2003.
109. A. Patel et al., "Problem Statement for Bootstrapping Mobile IPv6", IETF work in progress, draftietf-mip6-bootstrap-ps-00, July 2004.
110. C. Perkins, "IP Mobility Support for Ipv4", RFC 3344, August 2002.
111. M. Nakhjiri et al., "RADIUS mobile IPv4 extensions", IETF, Internet draft, draft-nakhjiriradius-vnip4-00.txt, February 2005.
112. P. Calhoun, J. Loughney, E. Guttman, G. Zorn and J. Arkko, "Diameter base protocol", IETF, RFC 3588, Sept. 2003.
113. R. Housley et al, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, IETF, April 2002.
114. M. Myers et al., "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -OCSP", RFC 2560, IETF, June 1999.
115. US Department of Commerce, "Entity Authentication Using Public Key Cryptography", FIPS 196, Federal Information Processing Standards publication, February 1997, http://www.mirrors.wiretapped.net/security/info/reference/nist/fips/fips-196.pdf.
116. RSA Security®, http://www.rsasecurity.com/rsalabs/pkcs/.
117. B. Kaliski, "PKCS #10: Certification Request Syntax, Version 1.5", RFC 2314, IETF, 1998.
118. B. Kaliski, "PKCS #7: Cryptographic Message Syntax, Version 1.5", RFC 2315, IETF, 1998.
119. B. Kaliski, "An Overview of PKCS Standards", An RSA technical laboratories note, RSA, November 1993.
120. C. Adam, and S. Farrell, "Internet X.509 Public Key Infrastructure, Certificate Management Protocols", IETF, RFC 2510, March 1999.
121. M. Myers et al. "Internet X.509 Certificate Request Message Format", IETF, RFC 2511, March 1999.
122. D. Maughan et al., "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408, IETF, November 1998.
123. IETF PKI4IPsec working group website URL, http://www.ietf.org/html.charters/pki4ipseccharter.html.
124. D. Eastlake, "Domain Name System Security Extensions", RFC 2535, March 1989.
125. P. Guttman, "PKI: It's Not Dead, Just Resting", IEEE computer magazine, August 2002.
126. L. Blunk, J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", IETF standards track, RFC 2284, March 1998.
127. B. Aboba et al., "Extensible Authentication Protocol (EAP)", IETF standards track, RFC 3748, June 2004.
128. Institute of Electrical and Electronics Engineers, "Supplement to Standard for Telecommunications and Information Exchange Between Systems -LAN/MAN Specific Requirements -Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security", IEEE 802.11i, July 2004.
129. J. Edney, W. Arbaugh, Real 802.11 Security, Wi-Fi Protected Access and 802.11i, Addison-Wesley, March 2004.
130. D. Stanley et al., "EAP Method Requirements for Wireless LANs", IETF, Internet draft accepted for Informational RFC, draft-walker-ieee802-req-04.txt, August 2004.
131. P. Eronen et al., "Diameter Extensible Authentication Protocol (EAP) Application", IETF work in progress, Internet draft, draft-ietf-aaa-eap-07.txt, June 2004.
132. B. Aboba et al., "Extensible Authentication Protocol (EAP) Key Management Framework", IETF work in progress, Internet draft, draft-ietf-eap-keying-03.txt, July 2004.
133. type numbers for EAP specified by IANA, http://www.iana.org/assignments/eap-numbers.
134. C. Rigney et al., "RADIUS Extensions", IETF, RFC 2869, June 2000.
135. B. Aboba, P. Calhoun, "RADIUS (Remote Authentication Dial In User Service) Support for Extensible Authentication Protocol (EAP)", RFC 3579, September 2003.
136. B. Aboba, D. Simon, "PPP EAP TLS Authentication Protocol", IETF, RFC 2716, October 1999.
137. P. Funk, S. Blake-Wilson, "EAP Tunneled TLS Authentication Protocol (EAP-TTLS)", IETF Internet draft, draft-ietf-pppext-ttls-05.txt, April 2004.
138. A. Palekar et al., "Protected EAP Protocol (Version 2)", IETF Internet draft, draft-josefsson-pppexteap-tls-eap-07.txt, October 2004.
139. "Standard for Local and Metropolitan Area Networks -Port-Based Network Access Control", IEEE, Dec. 14, 2004 (supersedes 802.1X-2001).
140. H. Havarinen, et al., "Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)", IETF individual draft, draft-haverinen-pppext-eap-sim-15.txt, November 2004.
141. "Part 1: NGN Definition, Requirements and Architecture", Issue 1.0, ATIS Next Generation Network Framework, November 2004.
142. T. Wason, "Liberty ID-FF Architecture Overview, V 1.2", Liberty Alliance Project.
143. J. Tourzan, Y. Koga, "Liberty ID-WSF Web Services Framework Overview, V 1.0", Liberty Alliance Project.
144. Liberty Alliance Specifications web site URL, http://www.projectliberty.org/resources/specifications.php#box1.
145. "Introduction to the Liberty Alliance Identity Architecture", Rev. 1.0, Liberty Alliance Project, March 2003.
146. M. Gudgin et al., "SOAP Version 1.2, Part 1: Messaging Framework", http://www.w3.org/2000/xp/Group/2/06/LC/soap12-part1.xml, January 2005.