AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

8.1. Architecture and Trust Model

Mobile IP-AAA signaling is about establishing trust relationships needed for Mobile IP signaling based on relationships provided by the AAA infrastructure. Thus, it is useful to go through the assumed trust model. The trust model includes the architecture elements involved in the signaling and shows what trust relationships exist prior to the start of Mobile IP-AAA signaling and what trust models are generated as a result of this signaling. As one can imagine, the trust model depends on the mobility pattern of the mobile node, the network topology and the administration policies of the networks the model is trying to connect with. It is therefore important to revisit the trust model for every scenario.

Figure 8.1 shows the Mobile IP-AAA signaling trust model for a very generic scenario, where the mobile node attempts to connect with a foreign network that belongs to an administrative domain separate from the administrative domain to which the mobile node and its home network (and HA) belong. The administrative domain for the foreign network is served by a local AAA server (LAAA or AAAL), while the mobile's home network is served by the so-called home AAA server (HAAA or AAAH). In the model shown in Figure 8.1, the foreign network deploys a foreign agent (FA) to assist the visiting mobile nodes with CoA acquisitions and Mobile IP signaling. Note that FA is a Mobile IPv4-only concept that does not exist for Mobile IPv6. Furthermore, even some networks ...