Browse Prior Art Database

TLS Probing Method

IP.com Disclosure Number: IPCOM000168082D
Published in the IP.com Journal: Volume 8 Issue 3A (2008-03-11)
Included in the Prior Art Database: 2008-Mar-11
Document File: 1 page(s) / 31K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Telecommunication networks, e.g. WCDMA RAN (Wideband Code Division Multiple Access Radio Access Network) or WiMax ASN (Worldwide Interoperability for Microwave Access Service Network) consist of thousands of network elements whose software has to be updated e.g. when a new security feature is put into operation. Nevertheless, the whole network cannot be upgraded at once for which reason the new features are being put into use gradually or after the whole network has been upgraded gradually. In addition, a change of configuration on both ends of the network is required before the security features are started. This configuration has to be started on both ends at the same time in order to avoid connection breaks. In order to protect O&M (Operation & Maintenance) connections in a network a TLS (Transport Layer Security) protocol can be used. TLS is a protocol which provides security services such as encryption, data integrity protection, clients and server authentication and key generation.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 1

TLS Probing Method

Idea: Juha Ollila, FI-Oulu; Andreas Wannenwetsch, DE-Duesseldorf; André Wardaschka, DE-

Duesseldorf

Telecommunication networks, e.g. WCDMA RAN (Wideband Code Division Multiple Access Radio Access Network) or WiMax ASN (Worldwide Interoperability for Microwave Access Service Network) consist of thousands of network elements whose software has to be updated e.g. when a new security feature is put into operation. Nevertheless, the whole network cannot be upgraded at once for which reason the new features are being put into use gradually or after the whole network has been upgraded gradually. In addition, a change of configuration on both ends of the network is required before the security features are started. This configuration has to be started on both ends at the same time in order to avoid connection breaks.

In order to protect O&M (Operation & Maintenance) connections in a network a TLS (Transport Layer Security) protocol can be used. TLS is a protocol which provides security services such as encryption, data integrity protection, clients and server authentication and key generation.

At present, the standard RFC 2817 is used for upgrading to TLS within HTTP/1.1 (Hypertext Transfer Protocol) which defines a method to upgrade the existing unprotected HTTP connection to the secure HTTP connection. A disadvantage of this method is that it cannot be used if the existing interface does not use HTTP as transport protocol. Moreover, if HTTP is used as a transport protocol then an additional header has to be added for each datagram causing unnecessary overhead.

A novel solution is proposed which enables a gradual upgrade of the network and at the same time the use of the more secure connections. Therefore, three modes are defined for the NE (Network Element), e.g. the Base Transceiver Station (BTS):

1) Off - where insecure plain text connections are to be used.

2) Forced - where connections are perfo...