1 - 3 - 6 - 8 - 9 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W

home agent

Click on the red underlined text to get to the source

... between the Mobile Node (MN) and Home Agent (HA) to be secured by the IPsec Security Associations ...

... Binding Acknowledgment messages between the Mobile Node and Home Agent using a mobility message authentication option that is included ...

... without having to establish an IPsec SA with its Home Agent. A Mobile Node can implement Mobile IPv6 ...

... is done by an authentication server in the home network via the home agent. The security association is established by the network operator (provisioning methods ...

... deployment environments, the mobile node needs dynamic assignment of a home agent and home address. The assignment of such can be on a per-session ...

... Network deployments in which not all Mobile Nodes and Home Agents have IKEv2 implementations and support for the integration of IKEv2 ...

2. Overview

... authenticate the Mobile Node at the Home Agent or at the Authentication, Authorization, and Accounting (AAA) server in Home network ...

... authentication of the Mobile Node to the Home Agent or AAAH server. The confidentiality ...

... authentication of the Mobile Node to the Home Agent. Thus, unless the network can guarantee such protection (for instance, like in 3GPP2 ...

3. Terminology

... Security relation between the Mobile Node and its Home Agent, used to authenticate the Mobile Node ...

... mobility security association between Mobile Node and Home Agent consists of a mobility Security Parameter Index (SPI ...

4. Operational Flow

... MN-NAI mobility option as defined in [RFC4283] to identify itself while authenticating with the Home Agent. The Mobile Node uses the Mobile Node Identifier option as defined in [RFC4283 ...

... authentication data when the Mobile Node and the Home Agent are utilizing a mobility SPI (a number in the range ...

5. Mobility Message Authentication Option

... security association between the Mobile Node and the Home Agent. The shared-key-based ...

... shared-key-based mobility security association between Mobile Node and Home Agent used within this specification consists of a mobility SPI, a key, an authentication algorithm ...

... shared-key-based security association with the Home Agent. The Mobile Node MUST include this option in a BU ...

... BU if it has a shared-key-based mobility security association with the Home Agent. The Home Agent MUST include this option in the BA ...

... shared-key-based mobility security association with the Home Agent. The Home Agent MUST include this option in the BA if it received this option in the ...

... BA if it received this option in the corresponding BU and Home Agent has a shared-key-based mobility security association with the Mobile Node ...

... The Mobile Node or Home Agent receiving this option MUST verify the authentication data ...

... authentication data in the option. If authentication fails, the Home Agent MUST send BA with Status Code MIPV6 ...

... Status Code MIPV6-AUTH-FAIL. If the Home Agent does not have shared-key-based mobility SA, Home Agent ...

... Home Agent does not have shared-key-based mobility SA, Home Agent MUST discard the BU. The Home Agent ...

... Home Agent MUST discard the BU. The Home Agent MAY log such events. ...

... Mobile Node Identifier option [RFC4283] to enable the Home Agent to make use of available AAA infrastructure. ...

... AAA server is beyond the scope of this document. When the Home Agent receives a Binding Update with the MN-AAA ...

... authenticated by an entity external to the Home Agent, typically a AAA server. ...

... In case of authentication failure, the Home Agent MUST send a Binding Acknowledgement with status code MIPV6 ...

... mobility security association to be used between Mobile Node and Home Agent for authentication exists. If there is no shared-key-based ...

... Mobile Node SHOULD stop sending new Binding Updates to the Home Agent. ...

6. Mobility Message Replay Protection Option

... The mobility message replay protection option is used to let the Home Agent verify that a Binding Update has been freshly generated by the Mobile Node ...

... by an attacker from some previous Binding Update. This is especially useful for cases where the Home Agent does not maintain stateful information about the Mobile Node after the binding ...

... after the binding entry has been removed. The Home Agent does the replay protection check after the Binding Update ...

... mobility security association. If the policy at Home Agent mandates replay protection using this option (as opposed to the sequence number ...

... Binding Update from the Mobile Node does not include this option, the Home Agent discards the BU and sets the Status Code ...

... MIPV6-MESG-ID-REQD. When the Home Agent receives the mobility message replay protection ...

... authentication of Binding Update (either locally at the Home Agent or when a success indication is received from the AAA server), the Home Agent MUST check the Timestamp ...

... the Home Agent or when a success indication is received from the AAA server), the Home Agent MUST check the Timestamp field for validity. ...

... timestamp contained in the Timestamp field MUST be close enough to the Home Agent's time-of-day clock and the timestamp ...

... If the timestamp is valid, the Home Agent copies the entire Timestamp field into the Timestamp ...

... Mobile Node. If the timestamp is not valid, the Home Agent copies only the low-order 32 bits into the BA ...

... authentication of the BU succeeds, the Home Agent MUST send a Binding Acknowledgement with status code ...

... status code MIPV6-ID-MISMATCH. The Home Agent does not create a binding cache entry ...

7. Security Considerations

... authenticate the control message between Mobile Node, Home Agent, and/or home AAA (as an alternative to IPsec ...

11. Appendix A. Rationale for Mobility Message Replay Protection Option

... replay attacks. First, the specification states that the Home Agent should accept a BU with a Sequence Number ...

... Sequence Number from the previous Binding Update. This implicitly assumes that the Home Agent has some information regarding the Sequence Number from the previous ...

... BU (even when the binding cache entry is not present). Second, the specification states that if the Home Agent has no binding cache entry for the indicated home address, it MUST accept any Sequence Number ...

... Mobile Node to register with a different Home Agent during each mobility session. Thus, it is unreasonable to expect each Home Agent ...

... Home Agent during each mobility session. Thus, it is unreasonable to expect each Home Agent in the network to maintain state ...

... state about the Mobile Node. Also, if the Home Agent does not cache information regarding sequence number, as ...

... sequence number, as per the second point above, a replayed BU can cause a Home Agent to create a binding cache entry ...

... replay attack. One solution to this problem (when the Home Agent does not save state information for every Mobile Node ...

... state information for every Mobile Node) would be for the Home Agent to reject the first BU and assign a (randomly generated) starting ...

1 - 3 - 6 - 8 - 9 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org