certificate-based binding update protocol (cbu) draft-qiu-mip6-certificated-binding-update-02.txt...
TRANSCRIPT
![Page 1: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/1.jpg)
Certificate-based Binding Update Protocol (CBU)
draft-qiu-mip6-certificated-binding-update-02.txt
Feng Bao
Robert Deng
Ying Qiu
Jianying Zhou
Institute for Infocomm Research (I2R)
![Page 2: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/2.jpg)
Do we trust SSL?• Of Course. • SSL is successful and efficient.
What are the features of SSL?• Use strong cryptosystem
• Fewer certificates involved (only servers are required certificates and the correspondent clients are not)
![Page 3: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/3.jpg)
SSL Framework
Server (Certificate distributed)
Internet
Client (without Certificate)
SSL tunnelSSL tunnel
Certificate signed by a CA, e.g.
GlobalSignMS SecureNetVeriSign… …
Embedded the public certificates of CAs, i.c.
GlobalSignMS SecureNetVeriSign… …
VeriSign
S1 … … Si
MS
Sa … … Sn
… …
Fragment PKI
![Page 4: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/4.jpg)
SSL framework
SSL vs CBU
Server (Certificate distributed)
Internet
Client (without Certificate)
SSL tunnelSSL tunnel
CBU framework
HA Internet
CN
Certificate signed by a CA, e.g.
GlobalSignMS SecureNetVeriSign… …
Embedded the public certificates of CAs, i.c.
GlobalSignMS SecureNetVeriSign… …
VeriSign
S1 … … Si
MS
Sa … … Sn
… …
Fragment PKI
MN
![Page 5: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/5.jpg)
Design Consideration/Goal
• MN authenticates itself to CN & sets up a
key for secure BU
• Employs PKC, secure against powerful
intruder
• No PKC operations performed at MNs
• Issue certificate for home link, not MNs (i. e., public key binds with home link, not with
individual IP address)
![Page 6: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/6.jpg)
Protocol
HA is a security proxy of MN, it’s transparent to CN
EXCH0 contains HA’s signature on HoA, gx and a time stamp; it testifies that HoA belongs to HA, authenticates gx to CN
MN HA CN
REQ COOKIE0
COOKIE1
REP EXCH1 (gy)
EXCH0 (gx) k= (gx)y
BU
BA
BC
Long term messages
Short term messages
![Page 7: Certificate-based Binding Update Protocol (CBU) draft-qiu-mip6-certificated-binding-update-02.txt Feng Bao Robert Deng Ying Qiu Jianying Zhou Institute](https://reader036.vdocument.in/reader036/viewer/2022082714/5697bfc81a28abf838ca824d/html5/thumbnails/7.jpg)
Benefits
• Strong cryptosystem• Do not need the certificates of mobile devices • Against session hijacking• Against MN flooding• More suitable for fast handover• Reduce the computing and communication
requirements on the mobile devices• High overall performance