Abstract
Currently there are no Internet access authentication protocols available that support both symmetric and asymmetric cryptographic techniques, can be carried over arbitrary access networks, and are flexible enough to be re-used in all the likely future ubiquitous mobility access contexts. This article proposes the PANA/IKEv2 authentication protocol for heterogeneous network access as a step towards filling this gap. A security analysis of the PANA/IKEv2 protocol is also provided. This article aims primarily at contributing to the design of authentication protocols suitable for use in future heterogeneous Internet access environments supporting ubiquitous mobility.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Guenther, C.: Pioneering advanced mobile privacy and security (PAMPAS) refined roadmap. Deliverable D03 IST-2001-37763, PAMPAS Project (February 2003), http://www.pampas.eu.org/
Institute of Electrical and Electronics Engineers. IEEE P802.1aa/D5-2003 DRAFT Standard for Local and Metropolitan Area Networks - Port Based Network Access Control - Amendment 1: Technical and Editorial Corrections (February 2003)
Simpson, W.: The point-to-point protocol (PPP). Request For Comments 1661 (STD 51), Internet Engineering Task Force (July 1994)
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.: Protocol for carrying authentication for network access (PANA). Internet draft (work in progress), Internet Engineering Task Force (July 2003)
Blunk, L., Vollbrecht, J., Aboba, B., Carlson, J., Levkowetz, H.: Extensible authentication protocol (EAP). Internet draft (work in progress), Internet Engineering Task Force (June 2003)
Tschofenig, H., Kroeselberg, D.: EAP IKEv2 method. Internet draft (work in progress), Internet Engineering Task Force (June 2003)
Kaufman, C. (ed.): Internet key exchange (IKEv2) protocol. Internet draft (work in progress), Internet Engineering Task Force (May 2003)
Harkins, D., Carrel, D.: The Internet key exchange (IKE). Request For Comments 2409, Internet Engineering Task Force (November 1998)
Blunk, L., Vollbrecht, J.: PPP extensible authentication protocol (EAP). Request For Comments 2284, Internet Engineering Task Force (March 1998)
Perlman, R.: Understanding IKEv2: Tutorial, and rationale for decisions. Internet draft (work in progress), Internet Engineering Task Force (February 2003)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Request For Comments 3280, Internet Engineering Task Force (April 2002)
Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication. In: The Proceedings of the 11th International Workshop on Security Protocols, Cambridge, UK (April 2003) (to be published in the Springer-Verlag LNCS series)
Puthenkulam, J., Lortz, V., Palekar, A., Simon, D., Aboba, B.: The compound authentication binding problem. Internet draft (work in progress), Internet Engineering Task Force (October 2002)
Hiller, T., Zorn, G.: Diameter extensible authentication protocol (EAP) application. Internet draft (work in progress), Internet Engineering Task Force (March 2003)
Calhoun, P., Farrell, S., Bulley, W.: Diameter CMS security application. Internet draft (work in progress), Internet Engineering Task Force (March 2002)
Aboba, B., Simon, D.: EAP keying framework. Internet draft (work in progress), Internet Engineering Task Force (March 2003)
Palekar, A., Simon, D., Zorn, G., Josefsson, S.: Protected EAP protocol (PEAP). Internet draft (work in progress), Internet Engineering Task Force (March 2003)
Haverinen, H., Salowey, J.: EAP SIM authentication. Internet draft (work in progress), Internet Engineering Task Force (February 2003)
Aboba, B., Beadles, M.: The network access identifier. Request For Comments 2486, Internet Engineering Task Force (January 1999)
Parthasarathy, M.: PANA threat analysis and security requirements. Internet draft (work in progress), Internet Engineering Task Force (April 2003)
Parthasarathy, M.: Securing the first hop in PANA using IPsec. Internet draft (work in progress), Internet Engineering Task Force (May 2003)
Eastlake III, D., Crocker, S., Schiller, J.: Randomness recommendations for security. Request For Comments 1750, Internet Engineering Task Force (December 1994)
Salowey, J., Eronen, P.: EAP key derivation for multiple applications. Internet draft (work in progress), Internet Engineering Task Force (June 2003)
ETSI. GSM Technical Specification GSM 04.08 (ETS 300 940): “Digital cellular telecommunication system (Phase 2+); Mobile radio interface layer 3 specification” (version 7.8.0). European Telecommunications Standards Institute (June 2000)
Buckley, A., Satarasinghe, P., Alperovich, V., Puthenkulam, J., Walker, J., Lortz, V.: EAP SIM GMM authentication. Internet draft (work in progress), Internet Engineering Task Force (August 2002)
Walker, J., Housley, R.: The EAP Archie protocol. Internet draft (work in progress), Internet Engineering Task Force (February 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pagliusi, P.S., Mitchell, C.J. (2004). PANA/IKEv2: An Internet Authentication Protocol for Heterogeneous Access. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-24591-9_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20827-3
Online ISBN: 978-3-540-24591-9
eBook Packages: Springer Book Archive