Transcript Folie 1 - unibe.ch

University of Bern
A novel and flexible
Architecture for CAHN
Marc Danzeisen
University of Bern
Outline
 CAHN with CANs only
– The Building Blocs, features and responsibilities
 CAHN with CANs and N-CANs
– Distribution of the Building Blocs
 CAHN Communication
– Between Nodes
– With CAHN Service Provider
 Open Issues / Ongoing work
Marc Danzeisen
28.05.2003
2
University of Bern
CAHN with CANs only
plane
Signalingplane
Signaling
HLR/
AuC
GSM
WLAN
Cellular
Cellular
or Bluetooth
Data
plane
Dataplane
Marc Danzeisen
28.05.2003
3
University of Bern
Building Blocs of CAHN
CAHN GUI:
GUI
CAHN Services:
• For User Interaction with
CAHN Services
• Heterogeneous VPN
• Secure File Transfer, etc.
Het. VPN
File Transfer
Key Management
• For CAHN Protocol
• For CAHN Services
CCM:
CAHN Communication Module (CCM)
• CAHN Protocol
• Identity Management
• MSISDN
• MAC / IP Addr.
• CAHN Service Mgnt
CAHN Adapters:
• Translation of CAHN
PDUs (Messages) to the
lower layers
Physical
Communication
Devices
Marc Danzeisen
28.05.2003
Key Management:
CAHN Connectors:
USSD
• Configuration of
Physical Devices
• Secure Links
SMS
Cellular
BLT
WLAN
Inter Module
Communication:
• Local or Remote
Cellular Aware Node (CAN)
4
University of Bern
CAHN Communication (I)
4) Pop-up of the File Transfer Service,
GUI, accept of request
1) Start GUI of File Transfer Service,
Invite Peer
GUI
Het. VPN
GUI
File Transfer Key Management
CAHN Communication Module (CCM)
USSD
3) Translation of the CAHN Request
to fit the signaling channel (SMS /
USSD / BLT / WLAN, etc.)
SMS
Cellular
2) Create CAHN Request (Service,
MSISDN (Own / Peer),
Capabilities, Devices, etc.)
BLT
WLAN
Het. VPN
File Transfer Key Management
CAHN Communication Module (CCM)
USSD
SMS
Cellular
BLT
WLAN
6) Secured Link establishment
5) Negotiation of Config and Security Settings
Marc Danzeisen
28.05.2003
5
University of Bern
CAHN Communication (II)
CAHN Service Provider
5) Calculation of Config and Security Settings
Service Management
Het. VPN
File Transfer Key Management
CAHN Communication Module (CCM)
1) Connects to the File Transfer Service,
Invite Peer
USSD SMS
Cellular
GUI
Het. VPN
User /
Session Billing
DB
GUI
2) Create CAHN Service Request
Het. VPN
File Transfer Key Management
CAHN Communication Module (CCM)
BLT
File Transfer Key Management
CAHN Communication Module (CCM)
6) Config & Key
distribution
USSD SMS
Cellular
4) Pop-up of the File Transfer Service,
GUI, accept of request
3) Invite Peer
USSD SMS
Cellular
WLAN
BLT
WLAN
7) Secured Link establishment
Marc Danzeisen
28.05.2003
6
University of Bern
CAHN with CANs and N-CANs
Signalingplane
plane
Signaling
HLR/
AuC
GSM
toot
Blue
h
th
B
too
lue
Cellular
Cellular
NonNon-Cellular
WLAN
NonNon-Cellular
Data
Dataplanes
planes
Marc Danzeisen
28.05.2003
7
University of Bern
Distribution of the Building Blocs
(CAN / N-CAN / CAHN Server)
?
Main requirement:
• CAHN should work, also if the N-CANs are not always on
Protocols?
CAHN
Server
GUI
Het. VPN
File Transfer Key Management
CAHN Communication Module (CCM)
USSD
SMS
Cellular
CAN
Marc Danzeisen
28.05.2003
BLT
WLAN
N-CAN
8
University of Bern
Open Issues / Ongoing Work
 Inter-module Communication (Protocol, Local / Remote)
 CAHN Protocol Definition
 CAHN Services:
– Service Definition for Service Detection / Registration
– Information to be exchanged
– VPN / File Transfer: Heterogeneous Network design
– Service monitoring
Marc Danzeisen
28.05.2003
9
University of Bern
Open Issues / Ongoing Work (II)
 CAHN Security
– Loosely coupled security
– CAHN as a pure application on top of the cellular system
– No direct interaction within the key generation (CAHN Key
Management)
– CAHN uses the secured communication channels of the
cellular system (implicit authentication)
– Tightly coupled security
– Reuse of SIM Security for CAHN Key Generation (CAHN
Messages and Data Channels)
To consider:
– Operator is always man-in-the-middle (like CA)
– Cellular Systems are not designed to handle inter-node
security (SA only between SIM and AuC)
Marc Danzeisen
28.05.2003
10
University of Bern
Questions?
Thank you!
Marc Danzeisen
28.05.2003
11