WO2006102565A3 - Optimized derivation of handover keys in mobile ipv6 - Google Patents

Optimized derivation of handover keys in mobile ipv6 Download PDF

Info

Publication number
WO2006102565A3
WO2006102565A3 PCT/US2006/010691 US2006010691W WO2006102565A3 WO 2006102565 A3 WO2006102565 A3 WO 2006102565A3 US 2006010691 W US2006010691 W US 2006010691W WO 2006102565 A3 WO2006102565 A3 WO 2006102565A3
Authority
WO
WIPO (PCT)
Prior art keywords
access router
access
key
access terminal
public key
Prior art date
Application number
PCT/US2006/010691
Other languages
French (fr)
Other versions
WO2006102565A2 (en
Inventor
Mohamed Khalil
Haseeb Akhtar
Original Assignee
Nortel Networks Ltd
Mohamed Khalil
Haseeb Akhtar
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks Ltd, Mohamed Khalil, Haseeb Akhtar filed Critical Nortel Networks Ltd
Publication of WO2006102565A2 publication Critical patent/WO2006102565A2/en
Publication of WO2006102565A3 publication Critical patent/WO2006102565A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0019Control or signalling for completing the hand-off for data sessions of end-to-end connection adapted for mobile IP [MIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Abstract

The invention consists of an optimized protocol for deriving handover keys to authenticate communication between an access terminal and an access router during a fast handoff protocol. An encryption public key generated using a private key for the access terminal and the access router is transmitted, each public key derived using the private key in an encryption algorithm. The public key for the access terminal is transmitted encapsulated in a binding update message that is received by the access router. The access router uses the received access terminal public key and its private key to generate a shared authentication key. The access router transmits its public key encapsulated in a message to the access terminal, which uses its private key and the access router public key to generate the shared authentication key. The shared authentication key is then used to authenticate communication between the access terminal and the access router. The messages transmitting the public keys are also secured using a security association for the routing links between the access terminal and the access router. The messages transmitting the keys are control messages used in the handover protocol and do not impose any additional messaging overhead to establish the authenticated communication link.
PCT/US2006/010691 2005-03-23 2006-03-23 Optimized derivation of handover keys in mobile ipv6 WO2006102565A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66457805P 2005-03-23 2005-03-23
US60/664,578 2005-03-23

Publications (2)

Publication Number Publication Date
WO2006102565A2 WO2006102565A2 (en) 2006-09-28
WO2006102565A3 true WO2006102565A3 (en) 2007-12-13

Family

ID=37024665

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/010691 WO2006102565A2 (en) 2005-03-23 2006-03-23 Optimized derivation of handover keys in mobile ipv6

Country Status (1)

Country Link
WO (1) WO2006102565A2 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102600B (en) * 2007-06-29 2012-07-04 中兴通讯股份有限公司 Secret key processing method for switching between different mobile access systems
CN101335985B (en) * 2007-06-29 2011-05-11 华为技术有限公司 Method and system for safe fast switching
CN101431753B (en) * 2007-11-09 2010-11-10 华为技术有限公司 Protection method and apparatus for mobile IPv6 fast switching
US9924416B2 (en) 2013-08-01 2018-03-20 Nokia Technologies Oy Methods, apparatuses and computer program products for fast handover
CN105763517B (en) * 2014-12-17 2019-09-13 联芯科技有限公司 A kind of method and system of Router Security access and control
US11316667B1 (en) 2019-06-25 2022-04-26 Juniper Networks, Inc. Key exchange using pre-generated key pairs
US11924341B2 (en) 2021-04-27 2024-03-05 Rockwell Collins, Inc. Reliable cryptographic key update

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5930362A (en) * 1996-10-09 1999-07-27 At&T Wireless Services Inc Generation of encryption key
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US20020118674A1 (en) * 2001-02-23 2002-08-29 Faccin Stefano M. Key distribution mechanism for IP environment
US20020147820A1 (en) * 2001-04-06 2002-10-10 Docomo Communications Laboratories Usa, Inc. Method for implementing IP security in mobile IP networks
WO2003051072A1 (en) * 2001-12-07 2003-06-19 Qualcomm, Incorporated Apparatus and method of using a ciphering key in a hybrid communications network
US6587680B1 (en) * 1999-11-23 2003-07-01 Nokia Corporation Transfer of security association during a mobile terminal handover
US20040166857A1 (en) * 2003-02-20 2004-08-26 Nec Laboratories America, Inc. Secure candidate access router discovery method and system
US6856800B1 (en) * 2001-05-14 2005-02-15 At&T Corp. Fast authentication and access control system for mobile networking
US20050055576A1 (en) * 2003-09-04 2005-03-10 Risto Mononen Location privacy in a communication system
EP1562340A1 (en) * 2004-02-05 2005-08-10 Siemens Aktiengesellschaft Method and apparatus for establishing a temporary secure connection between a mobile network node and an access network node during a data transmission handover
US7046647B2 (en) * 2004-01-22 2006-05-16 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5930362A (en) * 1996-10-09 1999-07-27 At&T Wireless Services Inc Generation of encryption key
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US6587680B1 (en) * 1999-11-23 2003-07-01 Nokia Corporation Transfer of security association during a mobile terminal handover
US20020118674A1 (en) * 2001-02-23 2002-08-29 Faccin Stefano M. Key distribution mechanism for IP environment
US20020147820A1 (en) * 2001-04-06 2002-10-10 Docomo Communications Laboratories Usa, Inc. Method for implementing IP security in mobile IP networks
US6856800B1 (en) * 2001-05-14 2005-02-15 At&T Corp. Fast authentication and access control system for mobile networking
WO2003051072A1 (en) * 2001-12-07 2003-06-19 Qualcomm, Incorporated Apparatus and method of using a ciphering key in a hybrid communications network
US20040166857A1 (en) * 2003-02-20 2004-08-26 Nec Laboratories America, Inc. Secure candidate access router discovery method and system
US20050055576A1 (en) * 2003-09-04 2005-03-10 Risto Mononen Location privacy in a communication system
US7046647B2 (en) * 2004-01-22 2006-05-16 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
EP1562340A1 (en) * 2004-02-05 2005-08-10 Siemens Aktiengesellschaft Method and apparatus for establishing a temporary secure connection between a mobile network node and an access network node during a data transmission handover

Also Published As

Publication number Publication date
WO2006102565A2 (en) 2006-09-28

Similar Documents

Publication Publication Date Title
KR101331515B1 (en) Method and appaeatus for base station self-configuration
US8385269B2 (en) Enabling IPv6 mobility with sensing features for AD-HOC networks derived from long term evolution networks
KR101270342B1 (en) Exchange of key material
US20160127903A1 (en) Methods and systems for authentication interoperability
JP2019512942A (en) Authentication mechanism for 5G technology
CA2650050A1 (en) Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices
JP5398877B2 (en) Method and apparatus for generating a radio base station key in a cellular radio system
WO2006102565A3 (en) Optimized derivation of handover keys in mobile ipv6
US8959333B2 (en) Method and system for providing a mesh key
AU2003255093A1 (en) A method for the access of the mobile terminal to the wlan and for the data communication via the wireless link securely
KR20000017575A (en) Method for establishing session key agreement
EP3210404B1 (en) Authentication interoperability in a wireless communication system
Qiu et al. Secure group mobility support for 6lowpan networks
CN111527762A (en) System and method for end-to-end secure communication in a device-to-device communication network
CN101379801A (en) EAP method for EAP extension (EAP-EXT)
KR20000062153A (en) Efficient authentication with key update
WO2002068418A3 (en) Authentication and distribution of keys in mobile ip network
CN101309503A (en) Wireless switching method, base station and terminal
CN101552984B (en) Base station secure accessing method of mobile communication system
EP3231151B1 (en) Commissioning of devices in a network
CN104581715B (en) The sensor-based system cryptographic key protection method and radio reception device of Internet of Things field
Taha et al. EM 3 A: Efficient mutual multi-hop mobile authentication scheme for PMIP networks
JP4757723B2 (en) Wireless terminal authentication method and wireless communication system
Namal et al. Secure and multihomed vehicular femtocells
Southern et al. Wireless security: securing mobile UMTS communications from interoperation of GSM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06748619

Country of ref document: EP

Kind code of ref document: A2