[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

active user identity confidentiality protection

Hi all,


I would like to support the idea of protecting the user's identity against active attacks in IKEv2 for the remote access case (i.e. EAP message exchange), as recently raised by Hugo, Hannes and Scott.


In the SHAMAN project, we identified this to be an important/essential requirement for access to future mobile networks. In GSM and UMTS, this is also a well-established requirement which is "solved" by using temporary identities (can be circumvented by using "false base station attacks"). Not protecting the user's identity against active attacks would mean to ignore long identified security requirements and may allow a bogus access network to get hold of the user's identity.


Best wishes,



Dr. Scarlet Schwiderski-Grosche

Information Security Group

Royal Holloway, University of London

Egham, Surrey TW20 0EX, UK

Tel.: ++44-1784-443089