Mobile IP Security for WiBro (PMIP & CMIP) (12 pages)

Mobile IP Security for WiMAX (PMIP & CMIP)

By Netmanias (tech@netmanias.com)

코멘트 (1)

PMIP(Proxy Mobile IP), CMIP-CoA(Client Mobile IP-Care of Address), CMIP-CCoA(Client Mobile IP-Collocated Careof Address) 환경에서 단말, ASN-GW, HA간에 Mobile IP Security Key 교환과 Integrity Check 과정에 대해서 설명한다.

최재정 2014-11-26 12:53:55

좋은자료 감사합니다.

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.

Comment

Transcript

Mobile IP Security for WiBro
2010년 7월 19일NMC Consulting Group (tech@netmanias.com)
www.netmanias.com
www.nmcgroups.com
Sheet.1
Sheet.2
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.12
(PMIP, CMIP CoA, CMIP CCoA)

MIP Message Security
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
Pre-Configured Static Keys
Sheet.166
Dynamically Generated Keys
MN-FA Key
MN-FA SPI
MN-HA-PMIP4
MN-HA SPI
MN-HA SPI
MN-FA Key
MN-FA SPI
FA-HA Key
FA-HA SPI
MN-HA-PMIP4
FA-HA Key
FA-HA SPI
MN-FA Key
MN-FA SPI
MN-FA Key
MN-FA SPI
FA-HA Key
FA-HA SPI
MN-HA-CMIP4
MN-HA SPI
FA-HA Key
FA-HA SPI
MN-HA-CMIP4
MN-HA SPI
MN-HA Key
MN-HA SPI
MN-HA Key
MN-HA SPI
MN-HA Key
MN-HA SPI
FA
PMIP
CMIP CoA
CMIP CCoA
Sheet.6
Sheet.9
Sheet.88

Sheet.2
Sheet.8
Sheet.168
Sheet.87
Sheet.169
Sheet.1
Sheet.3
Sheet.4
Sheet.5
Sheet.6
PMIP: Mobile IP Key Distribution (Dynamic)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.12
Sheet.13
Sheet.14
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
3
Sheet.17
Sheet.30
Sheet.39
Sheet.48
PMIP Client, FA
HA IP=y.y.y.y
사각형.114
EAP Authentication
Sheet.60
Sheet.61
Sheet.77
Sheet.78
Sheet.79
Sheet.114
Sheet.119
Authenticator
Sheet.64
Sheet.65
\"PMIP4 MN HA\", HA IP, MN-NAI
Sheet.68
Sheet.69
\"SPI CMIP PMIP\"
Sheet.72
SPI-PMIP4 <= MIP-SPI + 1(=1001)
MIP-SPI(1000)
Sheet.83
Sheet.66
Sheet.71
Sheet.80
Sheet.82
Sheet.84
\"FA-RK\"
Sheet.86
Sheet.88
Sheet.89
Sheet.90
Sheet.92
Sheet.94
FA-RK
MN-HA-PMIP4, MN-HA SPI <= SPI-PMIP4(=1001)
FA-RK, FA-RK SPI <= SPI-PMIP4(=1001)
MN-FA SPI <= FA-RK SPI(=1001)
MN-FA SPI <= FA-RK SPI(=1001)
Sheet.103
MN-FA Key
Sheet.104
Sheet.105
FA-RK
MN-FA Key
Sheet.106
Sheet.110
Sheet.111
Sheet.115
\"FA-HA\", HA IP,FA CoA, HA-RK SPI
FA-HA SPI <= HA-RK SPI(=2000)
MN-HA SPI=1001
Sheet.122
\"MN FA\", FA IP, MN-NAI
FA-RK SPI <= SPI-PMIP4(=1001)
Sheet.98
Sheet.125
Sheet.126
Sheet.127
Sheet.128
\"MN FA\", FA IP, MN-NAI
Sheet.131
Sheet.124
Sheet.132
Sheet.136
Sheet.137
MN-HA-PMIP4, MN-HA SPI <= SPI-PMIP4(=1001)
MN-FA Key, MN-FA SPI <= FA-RK SPI(=1001)
Sheet.140
HA-RK, HA-RK SPI=2000
HA-RK, HA-RK SPI=2000
HA-RK
Sheet.145
Sheet.146
FA-HA Key
MN-HA SPI=1001
FA-HA SPI <= HA-RK SPI(=2000)
\"FA-HA\", HA IP,FA CoA, HA-RK SPI
Sheet.150
Sheet.112
FA-HA Key
Sheet.151
Sheet.152
Sheet.153
Sheet.154
Sheet.155
Sheet.156
HA-RK
HA-RK, HA-RK SPI=2000
Sheet.160
MN-HA-PMIP4(MN-HA Key)
Sheet.161
Sheet.162
Sheet.163
MN-HA-PMIP4(MN-HA Key)
MN-HA Key for MN-HA SPI=1001
PMIP: SPI-PMIP4 <= MIP-SPI + 1CMIP: SPI-CMIP4 <= MIP-SPI
Access Accept for unregitered MN
MN-HA-PMIP4(MN-HA Key)
WiMAX Access Authentication Phase(Access Accept)
Sheet.7
Generate itself
Sheet.167
Receive from AAA
Sheet.62
Sheet.63
Sheet.113
EMSK
PMIP Client
FA
Authenticator
EMSK
Sheet.175
Sheet.81
MIP-RK
HA-RK
Sheet.158
Sheet.159

Sheet.15
Sheet.19
Sheet.20
Sheet.21
Sheet.1
Sheet.2
Sheet.3
Sheet.4
CMIP CoA: Mobile IP Key Distribution (Dynamic)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.10
Sheet.11
Sheet.12
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
4
Sheet.35
Sheet.44
Sheet.53
CMIP Client
FA
HA IP=y.y.y.y
사각형.114
EAP Authentication
Sheet.65
Sheet.66
Sheet.67
Sheet.68
Sheet.69
\"SPI CMIP PMIP\"
Sheet.71
\"FA-RK\"
Sheet.74
FA-RK SPI <= SPI-CMIP4(=1000)
SPI-CMIP4 <= MIP-SPI(=1000)
Sheet.77
MN-FA SPI <= FA-RK SPI(=1000)
Sheet.79
Sheet.80
\"MN FA\", FA IP, MN-NAI
Sheet.82
Sheet.83
Sheet.84
Sheet.85
Sheet.86
Sheet.87
\"FA-RK\"
Sheet.90
Sheet.91
\"SPI CMIP PMIP\"
Sheet.93
Sheet.94
Sheet.95
\"FA-HA\", HA IP,FA CoA, HA-RK SPI
Sheet.97
\"FA-HA\", HA IP,FA CoA, HA-RK SPI
Sheet.100
Sheet.102
Sheet.103
Sheet.104
Sheet.105
MN-HA SPI=1000
Sheet.107
\"CMIP4 MN HA\", HA IP, MN-NAI
Sheet.109
Sheet.110
Sheet.111
\"CMIP4 MN HA\", HA IP, MN-NAI
Sheet.113
Sheet.114
\"MN FA\", FA IP, MN-NAI
Sheet.116
Sheet.118
Sheet.120
SPI-CMIP4 <= MIP-SPI(=1000)
Sheet.123
Sheet.124
Sheet.129
Generate itself
Sheet.131
Receive from AAA
Sheet.133
FA-RK
FA-RK
HA-RK
FA-HA Key
HA-RK
FA-HA Key
HA-RK
MN-HA-CMIP4(MN-HA Key)
MN-HA-CMIP4(MN-HA Key)
MN-HA-CMIP4(MN-HA Key)
FA-RK
MIP-RK
MIP-SPI(1000)
Sheet.158
Sheet.159
Sheet.163
Sheet.164
Sheet.165
Sheet.167
Sheet.168
Sheet.169
HA-RK, HA-RK SPI=2000
WiMAX Access Authentication Phase(Access Accept)
FA-RK, FA-RK SPI <= SPI-CMIP4(=1000)
HA-RK,HA-RK SPI=2000
MN-HA Key for MN-HA SPI=1000
Access Accept for unregitered MN
CMIP : SPI-CMIP4 <= MIP-SPIPMIP : SPI-PMIP4 <= MIP-SPI + 1
CMIP : MN-HA SPI <= SPI-CMIP4PMIP : MN-HA SPI <= SPI-PMIP4
CMIP : SPI-CMIP4 <= MIP-SPIPMIP : SPI-PMIP4 <= MIP-SPI + 1
FA-HA SPI <= HA-RK SPI(=2000)
MN-HA SPI <= SPI-CMIP4(<= MIP-SPI=1000)
MN-FA SPI <= FA-RK SPI(=1000)
Sheet.72
MIP-SPI(1000)
Sheet.155
Sheet.119
Sheet.166
MN-FA Key
Sheet.154
Sheet.186
MN-FA Key
Sheet.156
Sheet.5
FA-HA SPI <= HA-RK SPI(=2000)
Sheet.173
Sheet.174
Sheet.16
Sheet.17
Sheet.157
Sheet.162
Sheet.22
MIP-RK
Sheet.187
EMSK
Sheet.160
Sheet.188
EMSK
Sheet.161

Sheet.1
Sheet.2
Sheet.3
Sheet.4
Sheet.5
Sheet.8
CMIP CoA: MIP Registration (1/4)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.12
Sheet.13
Sheet.14
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
5
Sheet.30
Sheet.39
Sheet.48
사각형.114
EAP Authentication
Sheet.60
Sheet.61
Sheet.62
Sheet.68
Sheet.77
Sheet.78
Sheet.79
Sheet.80
Sheet.111
Sheet.112
Sheet.113
Generate itself
Sheet.115
Receive from AAA
Sheet.117
Sheet.135
Sheet.6
Sheet.7
Sheet.72
\"SPI CMIP PMIP\"
Sheet.90
Sheet.91
4MSB
MIP-SPI=1000SPI-CMIP4=MIP-SPI
Sheet.98
FA-RK SPI =SPI-CMIP4
Sheet.99
Sheet.100
Sheet.101
\"MN-FA\"
\"FA-RK\"
Sheet.83
Sheet.85
Sheet.103
\"SPI CMIP PMIP\"
Sheet.118
Sheet.122
Sheet.123
HMAC-SHA1
MIP-SPI=1000SPI-CMIP4=MIP-SPI
HA IP Address
y.y.y.y
Access Accept(EAP Success, Network-Technology=CMIP, HA IP=y.y.y.y, FA-RK, FA-RK SPI=SPI-CMIP4=1000,HA-RK, HA-RK SPI=2000)
Sheet.134
Sheet.137
\"FA-RK\"
Sheet.109
Sheet.89
Sheet.96
Sheet.138
Sheet.84
HMAC-SHA256
Sheet.76
HMAC-SHA1
Sheet.140
Sheet.141
FA IP
MN-NAI
Sheet.71
Sheet.152
Sheet.67
HMAC-SHA1
Sheet.95
HMAC-SHA1
Sheet.161
MN-FA SPI
1000
Sheet.162
MN-HA SPI
1000
MN-FA SPI =FA-RK SPI
Sheet.167
Sheet.168
MIP-RRQ
Sheet.175
Sheet.176
MN-FA AE
Sheet.178
MN-HA AE
Sheet.180
EAP Success
MIP FA Advertisement(CoA=ASN-GW IP)
HA IP 확보
Sheet.107
Sheet.105
HMAC-SHA1
Sheet.184
Sheet.187
Sheet.188
\"MN-FA\"
FA IP
MN-NAI
Sheet.200
Sheet.201
Sheet.143
MN-NAI
Sheet.202
HA IP=y.y.y.y
Sheet.204
\"CMIP4 MN HA\"
HA-RK SPI
HA IP
\"FA-HA\"
Sheet.192
Sheet.193
Sheet.206
Sheet.207
FA CoA
Sheet.209
Sheet.211
Sheet.198
HMAC-SHA1
Sheet.196
HMAC-SHA1
Sheet.213
MN-FA SPI
1000
Sheet.217
FA-HA SPI
2000
Rectangle.224
MN-NAI
MN-HA SPI =SPI-CMIP4
MN-FA SPI =FA-RK SPI=1000
FA-HA SPI =HA-RK SPI=2000
Sheet.232
MN-FA AE
Sheet.234
FA-HA AE
Sheet.170
MIP-RRQ
Sheet.171
HMAC-MD5
Sheet.145
MIP-RRQ
Sheet.228
MIP-RRQ
Sheet.236
Sheet.238
Sheet.240
Sheet.241
Sheet.243
Sheet.225
HMAC-MD5
Sheet.230
HMAC-MD5
Search MN-FA SPI to find out MN-FA Key
Sheet.246
Sheet.247
Sheet.248
Sheet.249
Sheet.250
MN-HA SPI
Rectangle.252
MN-HA Key
Rectangle.254
FA-HA SPI
Rectangle.256
FA-HA Key
Rectangle.258
Sheet.259
Sheet.260
Search MN-HA SPI to find outMN-HA Key: Fail (1000 not registered)
Rectangle.262
MN-NAI
MN-HA SPI
Rectangle.265
MN-HA Key
Rectangle.267
Sheet.268
Sheet.269
Sheet.64
Generate during EAP authentication phase
MN-NAI
IMSI@realm
Sheet.73
Sheet.81
MN-FA Key
MN-HA Key
MN-FA Key
FA-HA Key
FA-RK
MIP-SPI
MIP-RK
FA-RK
HA-RK
MIP-SPI
FA-RK
HA-RK
MIP-RK
Sheet.57
FFFF
MN-FA Key
Sheet.63
FFFF
MN-FA Key
FHFH
FA-HA Key
Sheet.130
HMAC-MD5
Sheet.108
Sheet.127
Sheet.128
CMIP CoA Client
FA, FA IP=d.d.d.d
HA IP=y.y.y.y
Sheet.17
Sheet.270
EMSK
Sheet.271
EMSK
Sheet.136

Sheet.1
Sheet.2
Sheet.3
Sheet.4
Sheet.5
Sheet.6
CMIP CoA: MIP Registration (2/4)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.10
Sheet.11
Sheet.12
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
6
Sheet.28
Sheet.37
Sheet.46
Sheet.72
Sheet.73
MN-FA SPI=1000
H(MIP-RRQ, MN-FA Key)
MIP-RRQ(MN-NAI=IMSI@realm, HoA=0.0.0.0, CoA=ASN-GW IP, HA IP=y.y.y.y)
MN-HA SPI=1000
H(MIP-RRQ, MN-HA Key)
MN-FA AE
MN-HA AE
FA-HA AE
FA-HA SPI=2000
H(MIP-RRQ, FA-HA Key)
MIP-RRQ(MN-NAI=IMSI@realm, HoA=0.0.0.0, CoA=ASN-GW IP, HA IP=y.y.y.y)
MN-HA SPI=1000
H(MIP-RRQ, MN-HA Key)
MN-HA AE
Sheet.80
MIP-RRQ
Sheet.82
MIP-RRQ
Sheet.85
Access Request (IMSI@realm, MN-HA SPI=1000, HA IP=y.y.y.y)
Rectangle.224
MN-NAI
MN-HA SPI
Rectangle.252
MN-HA Key
Rectangle.254
Sheet.97
Sheet.98
Search MN-HA SPI to find out MN-HA Key: Fail (1000 not registered)
HA IP Address
y.y.y.y
\"CMIP4 MN HA\"
HA IP=y.y.y.y
MN-NAI
Sheet.109
Sheet.113
Sheet.120
Sheet.121
Sheet.122
Sheet.123
Sheet.124
Sheet.108
MN-HA SPI
1000
MN-NAI
IMSI@realm
HHHH
Using an IP address of the HA which is actually allocated at the MN
Sheet.130
Sheet.131
MN-HA Key
MN-HA Key
MIP-RK
Sheet.117
HMAC-SHA1
Sheet.95
Sheet.96
Sheet.100
Sheet.101
Sheet.102
Access Accept (IMSI@realm,MN-HA Key=HHHH, HA-RK, HA-RK SPI=2000)
Sheet.132
CMIP CoA Client
HA IP=y.y.y.y
Sheet.53
HA-RK SPI
\"FA-HA\"
FA CoA
Sheet.69
Sheet.94
FA-HA SPI
2000
FA-HA SPI =HA-RK SPI=2000
Sheet.135
FA-HA AE
Sheet.137
MIP-RRQ
Sheet.139
Sheet.140
Sheet.141
Sheet.142
Sheet.143
Sheet.144
Sheet.145
Sheet.146
HMAC-SHA1
HA IP
MN-HA SPI
1000
MN-NAI
IMSI@realm
HHHH
Sheet.154
MN-HA Key
MN-HA Key
FHFH
FA-HA Key
Sheet.159
HMAC-MD5
Sheet.161
FA-HA Key
HA-RK
MIP-RRQ message validity check:FA-HA AE(FA)=FA-HA AE(HA)
Sheet.165
MN-HA AE
Sheet.167
MIP-RRQ
Sheet.169
Sheet.170
Sheet.171
Sheet.172
HMAC-MD5
MIP-RRQ message validity check:MN-HA AE(MN)=MN-HA AE(HA)
Sheet.15
FA, FA IP=d.d.d.d
Replace MN-FA AE(MN) with FA-HA AE(FA)
MIP-RRQ message validity check:MN-FA AE(MN)=MN-FA AE(FA)

Sheet.1
Sheet.2
Sheet.3
Sheet.4
CMIP CoA: MIP Registration (3/4)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.10
Sheet.11
Sheet.12
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
7
Sheet.28
Sheet.37
Sheet.46
Sheet.62
Sheet.63
CMIP CoA Client
HA IP=y.y.y.y
FA-HA SPI
2000
MN-HA SPI
1000
MN-NAI
IMSI@realm
HHHH
MN-HA Key
FHFH
FA-HA Key
Sheet.134
Sheet.135
MIP-RRP
Sheet.137
Sheet.138
Sheet.139
Sheet.140
HMAC-MD5
Sheet.142
Sheet.143
MIP-RRP
Sheet.145
Sheet.146
Sheet.147
Sheet.148
HMAC-MD5
FA-HA AE
MN-HA AE
FA-HA AE
MN-HA AE
FA-HA SPI=2000
H(MIP-RRP, FA-HA Key)
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z, HA IP=y.y.y.y, Lifetime)
MN-HA SPI=1000
H(MIP-RRP, MN-HA Key)
Sheet.69
MIP-RRP
MN-NAI
HA Mobility Binding Table
HoA
CoA
IMSI@realm
CoA(FA)(d.d.d.d)
HoA(z.z.z.z)
HA assigns HoA(z.z.z.z) to MNHA notifies HA IP(y.y.y.y) to MN
FA-HA SPI
2000
FHFH
FA-HA Key
Search FA-HA SPI to find out FA-HA Key
Sheet.84
FA-HA AE
Sheet.86
MIP-RRP
Sheet.88
Sheet.89
Sheet.90
HMAC-MD5
Sheet.92
MIP-RRP message validity check:FA-HA AE(FA)=FA-HA AE(HA)
MN-FA SPI
1000
MN-NAI
IMSI@realm
FFFF
MN-FA Key
Sheet.103
Sheet.104
MIP-RRP
Sheet.106
Sheet.107
Sheet.108
HMAC-MD5
Sheet.110
MN-FA AE
Sheet.15
FA, FA IP=d.d.d.d

Sheet.1
Sheet.2
Sheet.3
Sheet.4
Sheet.6
CMIP CoA: MIP Registration (4/4)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.10
Sheet.11
Sheet.12
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
8
Sheet.28
Sheet.37
Sheet.46
Sheet.62
CMIP CoA Client
HA IP=y.y.y.y
MN-FA AE
MN-HA AE
MN-FA SPI=1000
H(MIP-RRP, MN-FA Key)
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z, HA IP=y.y.y.y, Lifetime)
MN-HA SPI=1000
H(MIP-RRP, MN-HA Key)
Sheet.93
MIP-RRP
MN-FA SPI
2000
MN-HA SPI
1000
FFFF
MN-FA Key
Sheet.67
Sheet.70
Sheet.71
MIP-RRP
Sheet.73
Sheet.74
Sheet.75
Sheet.76
HMAC-MD5
MN-FA AE
Sheet.79
Sheet.80
MIP-RRP
Sheet.85
Sheet.123
Sheet.124
Sheet.125
HMAC-MD5
MN-HA AE
MIP-RRP message validity check:MN-FA AE(MN)=MN-FA AE(FA)
MIP-RRP message validity check:MN-HA AE(MN)=MN-HA AE(HA)
Sheet.15
FA, FA IP=d.d.d.d
Replace FA-HA AE(HA) with MN-FA AE(FA)

Sheet.1
Sheet.6
Sheet.7
Sheet.8
CMIP CoA: MIP RE-Registration
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.14
Sheet.15
Sheet.16
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
9
Sheet.32
Sheet.41
Sheet.50
FA
HA IP=y.y.y.y
CMIP CoA Client
Sheet.4
Sheet.2
Sheet.3
MN-FA SPI
2000
MN-HA SPI
1000
FFFF
MN-FA Key
Sheet.64
Sheet.67
Sheet.68
MIP-RRQ
Sheet.70
Sheet.71
Sheet.72
MN-FA AE
Sheet.76
Sheet.77
MIP-RRQ
Sheet.79
Sheet.80
Sheet.81
MN-HA AE
MN-FA SPI=2000
H(MIP-RRQ, MN-FA Key)
MIP-RRQ (MN-NAI=IMSI@realm, HoA=z.z.z.z, CoA=ASN-GW IP, HA IP=y.y.y.y)
MN-HA SPI=1000
H(MIP-RRQ, MN-HA Key)
Sheet.90
Sheet.91
Sheet.73
HMAC-MD5
Sheet.82
HMAC-MD5
Sheet.92
Sheet.93
FA-HA SPI
2000
MN-FA SPI
1000
MN-NAI
IMSI@realm
FFFF
MN-FA Key
FHFH
FA-HA Key
Sheet.104
MN-FA AE
Sheet.106
FA-HA AE
Sheet.108
MIP-RRQ
Sheet.110
MIP-RRQ
Sheet.112
Sheet.113
Sheet.114
Sheet.115
Search MN-FA SPI to find out MN-FA Key
Replace MN-FA AE(MN) with FA-HA AE(FA)
Sheet.122
Sheet.123
MIP-RRQ message validity check:MN-FA AE(MN)=MN-FA AE(FA)
FA-HA SPI=2000
H(MIP-RRQ, FA-HA Key)
MIP-RRQ (MN-NAI=IMSI@realm, HoA=z.z.z.z, CoA=ASN-GW IP, HA IP=y.y.y.y)
MN-HA SPI=1000
H(MIP-RRQ, MN-HA Key)
Sheet.130
Sheet.116
HMAC-MD5
Sheet.118
HMAC-MD5
Sheet.131
MN-HA AE
FA-HA SPI
2000
FHFH
FA-HA Key
MN-HA SPI
1000
MN-NAI
IMSI@realm
HHHH
MN-HA Key
Sheet.143
FA-HA AE
Sheet.145
MIP-RRQ
Sheet.147
Sheet.148
Search FA-HA SPI to find out FA-HA Key
Sheet.150
Sheet.151
HMAC-MD5
MIP-RRQ message validity check:FA-HA AE(FA)=FA-HA AE(HA)
Sheet.154
MN-HA AE
Sheet.156
MIP-RRQ
Sheet.158
Sheet.159
Search MN-HA SPI to find out MN-HA Key
Sheet.161
Sheet.162
HMAC-MD5
MIP-RRQ messagevalidity check:MN-HA AE(MN)=MN-HA AE(HA)
Sheet.169
MIP-RRQ
Sheet.171
MIP-RRQ
FA-HA SPI
2000
FA-HA Key
MN-HA SPI
1000
MN-NAI
IMSI@realm
MN-HA Key
FA-HA AE
Sheet.181
MIP-RRP
Sheet.183
Sheet.184
Sheet.186
MN-HA AE
Sheet.191
MIP-RRP
Sheet.193
Sheet.194
Sheet.196
FA-HA SPI=2000
H(MIP-RRP, FA-HA Key)
MN-HA SPI=1000
H(MIP-RRP, MN-HA Key)
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z, HA IP=y.y.y.y, Lifetime)
FHFH
HHHH
FA-HA SPI
2000
MN-FA SPI
1000
MN-NAI
IMSI@realm
FFFF
MN-FA Key
FHFH
FA-HA Key
MN-FA AE
Sheet.212
FA-HA AE
Sheet.214
MIP-RRP
Sheet.216
MIP-RRP
Sheet.218
Sheet.219
Sheet.220
Sheet.221
Search FA-HA SPI to find out FA-HA Key
Replace FA-HA AE(HA) with MN-FA AE(FA)
Sheet.224
Sheet.225
MIP-RRP message validity check:FA-HA AE(FA)=FA-HA AE(HA)
MN-FA SPI=1000
H(MIP-RRQ, MN-FA Key)
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z, HA IP=y.y.y.y, Lifetime)
MN-HA SPI=1000
H(MIP-RRQ, MN-HA Key)
MN-HA AE
Sheet.210
Sheet.237
MN-FA SPI
1000
MN-HA SPI
1000
FFFF
MN-FA Key
Sheet.245
Sheet.248
MIP-RRP
Sheet.250
Sheet.251
Sheet.252
Sheet.253
MIP-RRP
Sheet.255
Sheet.256
Sheet.257
Sheet.262
MN-FA AE
MIP-RRP messagevalidity check:MN-FA AE(MN)=MN-FA AE(FA)
Sheet.265
MN-HA AE
MIP-RRP messagevalidity check:MN-HA AE(MN)=MN-HA AE(HA)
Sheet.258
HMAC-MD5
Sheet.260
HMAC-MD5
Sheet.235
HMAC-MD5
Sheet.232
Sheet.233
HMAC-MD5
Sheet.268
Sheet.269
Sheet.270
Sheet.271
Sheet.187
HMAC-MD5
Sheet.197
HMAC-MD5
Sheet.272
Sheet.273
Sheet.274
MIP-RRP
Sheet.276
MIP-RRP
Sheet.19

Sheet.1
Sheet.2
Sheet.3
Sheet.4
Sheet.5
Sheet.6
Sheet.8
CMIP CCoA: Mobile IP Key Distribution (Static)
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.12
Sheet.13
Sheet.14
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
10
Sheet.30
Sheet.39
Sheet.48
Sheet.113
Generate itself
Sheet.115
Receive from AAA
MN-HA Key
Sheet.142
MN-HA Key forMN-HA SPI=200
MN-HA Key
MN-HA Key
Sheet.62
WiMAX Access Authentication Phase(Access Accept)
MN-HA SPI=200
MN-HA SPI=200
MN-HA SPI and MN-HA Key are pre-configured
Sheet.67
MN-HA SPI and MN-HA Key are pre-configured
Sheet.17

Sheet.1
Sheet.2
Sheet.3
Sheet.4
CMIP CCoA: MIP Registration
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.8
Sheet.9
Sheet.10
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
11
Sheet.26
Sheet.35
Sheet.44
HA IP=y.y.y.y
CMIP CCoA Client
Sheet.54
Sheet.55
Sheet.56
HA IP Address
y.y.y.y
MN-HA SPI
200
MN-HA Key
MS’s pre-configuration for HA IP address
MS’s pre-configuration for MIP Security
Sheet.64
DHCP Discover (MAC)
Sheet.67
DHCP Offer (Client IP=CoA(CCoA)=b.b.b.b)
Sheet.75
Pre-configured
MN-HA SPI
MN-NAI
IMSI@realm
MN-HA Key
200
AAAA
Sheet.77
Access Accept (EAP Success, Network-Technology=Simple IP)
MIP-RRQ (MN-NAI=IMSI@realm, HoA=0.0.0.0, CoA(CCoA)=b.b.b.b, HA IP=y.y.y.y)
MN-HA SPI=200
H(MIP-RRQ, MN-HA Key)
Sheet.84
MIP-RRQ
Sheet.86
Sheet.87
Sheet.88
Sheet.89
HMAC-MD5
Sheet.79
Sheet.80
Sheet.91
MN-HA AE
Sheet.93
MIP RRQ
Rectangle.224
MN-NAI
MN-HA SPI
Rectangle.252
MN-HA Key
Rectangle.254
Sheet.101
Sheet.102
Search MN-HA SPI to find out MN-HA Key: Fail (200 not registered)
MN-HA SPI
MN-NAI
IMSI@realm
MN-HA Key
200
AAAA
Sheet.104
Access Request (IMSI@realm, MN-HA SPI=200, HA IP=y.y.y.y)
Search MN-HA SPI (200) to find out MN-HA Key
Access Accept (IMSI@realm, MN-HA Key=AAAA)
Sheet.114
MN-HA SPI
200
MN-NAI
IMSI@realm
AAAA
MN-HA Key
Sheet.122
MIP-RRP
Sheet.124
Sheet.125
Sheet.126
Sheet.127
MIP-RRQ
Sheet.130
Sheet.129
사각형.121
Sheet.131
Sheet.136
MN-HA AE
MIP-RRQ message validity check:MN-HA AE(MN)=MN-HA AE(HA)
MN-HA AE
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z,HA IP=y.y.y.y, Lifetime)
MN-HA SPI=200
H(MIP-RRP, MN-HA Key)
Sheet.143
Sheet.144
Sheet.145
Sheet.132
HMAC-MD5
Sheet.134
HMAC-MD5
MN-NAI
HA Mobility Binding Table
HoA
CoA
IMSI@realm
CoA(CCoA)(b.b.b.b)
HoA(z.z.z.z)
Sheet.153
MIP RRP
Sheet.155
MIP-RRP
Sheet.157
Sheet.158
Sheet.159
Sheet.162
Sheet.163
Sheet.164
AAAA
Sheet.160
HMAC-MD5
MN-HA AE
MIP-RRP message validity check:MN-HA AE(MN)=MN-HA AE(HA)
HA assigns HoA(z.z.z.z) to MN
Sheet.13

Sheet.1
Sheet.2
Sheet.3
Sheet.4
CMIP CCoA: MIP RE-Registration
Netmanias 기술문서: Mobile IP Security for WiBro (PMIP, CMIP CoA, CMIP CCoA)
Sheet.8
Sheet.9
Sheet.10
Copyright ⓒ 2002-2011 NMC Consulting Group. All rights reserved.
12
Sheet.26
Sheet.35
Sheet.44
HA IP=y.y.y.y
CMIP CCoA Client
Sheet.54
Sheet.56
HA IP Address
y.y.y.y
MN-HA SPI
200
MN-HA Key
MS’s pre-configuration for HA IP address
MS’s pre-configuration for MIP Security
MIP-RRQ (MN-NAI=IMSI@realm, HoA=z.z.z.z, CoA(CCoA)=b.b.b.b, HA IP=y.y.y.y)
MN-HA SPI=200
H(MIP-RRQ, MN-HA Key)
Sheet.72
MIP-RRQ
Sheet.74
Sheet.75
Sheet.76
Sheet.77
HMAC-MD5
Sheet.79
Sheet.80
Sheet.81
MN-HA AE
Sheet.83
MIP-RRQ
Sheet.85
Sheet.86
Sheet.87
Sheet.88
Sheet.89
Sheet.90
Sheet.92
HMAC-MD5
MN-HA AE
MIP-RRP message validity check:MN-HA AE(MN)=MN-HA AE(HA)
AAAA
Sheet.51
MIP RRQ
MN-HA SPI
200
MN-NAI
IMSI@realm
AAAA
MN-HA Key
Sheet.98
MIP-RRP
Sheet.100
Sheet.101
Sheet.102
Sheet.103
MIP-RRQ
Sheet.105
Sheet.106
사각형.121
Sheet.108
Sheet.109
MN-HA AE
MIP-RRQ message validity check:MN-HA AE(MN)=MN-HA AE(HA)
MN-HA AE
MIP-RRP (MN-NAI=IMSI@realm, HoA=z.z.z.z,HA IP=y.y.y.y, Lifetime)
MN-HA SPI=200
H(MIP-RRP, MN-HA Key)
Sheet.116
Sheet.117
Sheet.118
Sheet.119
HMAC-MD5
Sheet.121
HMAC-MD5
Search MN-HA SPI (200) to find out MN-HA Key
MN-NAI
HA Mobility Binding Table
HoA
CoA
IMSI@realm
CoA(CCoA)(b.b.b.b)
HoA(z.z.z.z)
HA updates Lifetime
MIP RRP