O'Reilly logo

AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Madjid Nakhjiri, Mahsa Nakhjiri

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.4. Transport Layer Security

Implementing security mechanisms at network layer for end-to-end communications can run into practical problems, since the network layer needs to take care of the details of packet routing between the two communicating end parties. For IP networking, this means the routers and other network agents such as mobility agents need to access the information inside the IP header to perform routing functions. As we saw earlier, when IPsec is used to protect the packets at IP layer, the information inside higher layer headers (such as TCP headers) is hidden from outside world. Interim network management entities or middle boxes, such as network address translators (NAT) or quality of service (Qos) policing entities that need to look at transport layer ports to perform address translations or traffic shaping will not be able to do their jobs. Significant amount of design and standardization effort has been devoted to solving interoperability issues between IPsec and a variety of middle boxes and network management entities.

Another serious problem for network layer security protocols such as IPsec and IKE is that they typically establish trust relationships (SAs) using IP addresses as identifiers. When a node changes its IP address due to using Mobile IP or other methods, the original SAs are no longer valid.

Figure 4.11. TLS Protocol stack

Finally, IPsec ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required