Certificate-based Binding Update Protocol (CBU)

draft-qiu-mip6-certificated-binding-update-02.txt

Feng Bao

Robert Deng

Ying Qiu

Jianying Zhou

Institute for Infocomm Research (I2R)

Do we trust SSL?• Of Course. • SSL is successful and efficient.

What are the features of SSL?• Use strong cryptosystem

• Fewer certificates involved (only servers are required certificates and the correspondent clients are not)

SSL Framework

Server (Certificate distributed)

Internet

Client (without Certificate)

SSL tunnelSSL tunnel

Certificate signed by a CA, e.g.

GlobalSignMS SecureNetVeriSign… …

Embedded the public certificates of CAs, i.c.

GlobalSignMS SecureNetVeriSign… …

VeriSign

S1 … … Si

MS

Sa … … Sn

… …

Fragment PKI

SSL framework

SSL vs CBU

Server (Certificate distributed)

Internet

Client (without Certificate)

SSL tunnelSSL tunnel

CBU framework

HA Internet

CN

Certificate signed by a CA, e.g.

GlobalSignMS SecureNetVeriSign… …

Embedded the public certificates of CAs, i.c.

GlobalSignMS SecureNetVeriSign… …

VeriSign

S1 … … Si

MS

Sa … … Sn

… …

Fragment PKI

MN

Design Consideration/Goal

• MN authenticates itself to CN & sets up a

key for secure BU

• Employs PKC, secure against powerful

intruder

• No PKC operations performed at MNs

• Issue certificate for home link, not MNs (i. e., public key binds with home link, not with

individual IP address)

Protocol

HA is a security proxy of MN, it’s transparent to CN

EXCH0 contains HA’s signature on HoA, gx and a time stamp; it testifies that HoA belongs to HA, authenticates gx to CN

MN HA CN

REQ COOKIE0

COOKIE1

REP EXCH1 (gy)

EXCH0 (gx) k= (gx)y

BU

BA

BC

Long term messages

Short term messages

Benefits

• Strong cryptosystem• Do not need the certificates of mobile devices • Against session hijacking• Against MN flooding• More suitable for fast handover• Reduce the computing and communication

requirements on the mobile devices• High overall performance