1 / 8

Application Keying Scope of the work item

Application Keying Scope of the work item. Kuntal Chowdhury Julien Bournelle Gerardo Giaretta. Problem Statement draft-chowdhury-hokey-amsk-ps-00.txt. Network Operators may offer multiple services: (IP network Access) (MN – NAS) Mobile IPv4/IPv6 (MN – HA/FA) SIP (MN – xCSCF)

benson
Download Presentation

Application Keying Scope of the work item

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application Keying Scope of the work item Kuntal Chowdhury Julien Bournelle Gerardo Giaretta AMSK PS - IETF 65

  2. Problem Statementdraft-chowdhury-hokey-amsk-ps-00.txt • Network Operators may offer multiple services: • (IP network Access) (MN – NAS) • Mobile IPv4/IPv6 (MN – HA/FA) • SIP (MN – xCSCF) • PMIPv4/v6 (AR – HA) • Others ? (MN –Service Equipment) • Each of these services require Auth/Authz and SA setup (Node – Node) AMSK PS - IETF 65

  3. Multiple EAP Scenario • EAP is used for Network Access Authentication in many networks today • Re-run of multiple authentication/ bootstrapping transactions (EAP/ non-EAP from scratch for each services • Increase network load • Increase Session set-up latency for each services AMSK PS - IETF 65

  4. Multiple EAP TransactionsExample Scenario-1, Service Access MIP Home Agent AAA/EAP server Inet AR/FA Service Equipment MN/EAP Client AMSK PS - IETF 65

  5. Multiple EAP TransactionsExample Scenario-2, Mip6 • Bootstrapping solution in integrated scenario • draft-ietf-mip6-bootstrapping-integrated-dhc-00 • two EAP runs are performed with the same EAP/AAA server EAP/AAA Server Home Agent NAS EAP AAA-HA (EAP) EAPoIKEv2 Bu BA AMSK PS - IETF 65

  6. Rely on EAP Keying Framework • Goal: • Avoid multiple EAP transactions • How ? • Rely on keys derived during network access authentication (cf. EMSK) • Derive AMSK per application • Distribute AMSK on request by the specific application or push it down as pre-configuration for known services AMSK PS - IETF 65

  7. What is needed? • Define how AMSKs are derived • Define how AMSKs are distributed and Cached • Push vs Pull Model ? • Keys sent in Service Equipment • Keys fetched by Service Equipment AMSK PS - IETF 65

  8. Questions ? AMSK PS - IETF 65

More Related