the problem of handover keying
Download
Skip this Video
Download Presentation
The Problem of Handover Keying

Loading in 2 Seconds...

play fullscreen
1 / 22

The Problem of Handover Keying - PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on

The Problem of Handover Keying. IETF 66 Montreal. AAA based Keying for Wireless Handovers: Problem Statement draft-nakhjiri-aaa-hokey-ps-03 Madjid Nakhjiri (Huawei USA) Mohan Parthasarathy (Nokia) Julien Bournelle (GET/INT/FT) Hannes Tschofenig (Siemens) R. Marin Lopez (TARI).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The Problem of Handover Keying' - lidia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

AAA based Keying for Wireless Handovers:Problem Statementdraft-nakhjiri-aaa-hokey-ps-03Madjid Nakhjiri (Huawei USA)Mohan Parthasarathy (Nokia)Julien Bournelle (GET/INT/FT)Hannes Tschofenig (Siemens)R. Marin Lopez (TARI)

slide from ietf 65 handover in wireless access networks
Slide from IETF 65:Handover in Wireless Access Networks

Access link

  • Access Nodes (BS/AP) providing secure access links
  • User/device credentials stored at AAA server
  • Handover: Establish a new secure link with new AN.
  • Handover performance is a crucial service quality factor
    • Desired: Minimal interaction with AAA server during handover.

MN

Access Gateway

AAA server

Access Node

Access Gateway

slide from ietf 65 eap keying for fixed peers
Slide from IETF 65: EAP Keying for fixed peers

EAP server

peer

Authenticator

EAP-XXX Method Authentication

Generation of MSK, EMSK,

EAP over L2

Generation of MSK, EMSK,

EAP over AAA

MSK transport

EAP complete

EAP complete

Security Association Protocol (TSKs)

Transported MSK

Generation of TSKs

Generation of TSKs

Use TSKs for link security

slide5

Slide from IETF 65:Use of EAP keying for handovers

Old SA(TSK)

MSK1

MN

Auth-1/BS1

MSK2

New SA (TSK)

Auth2-BS2

EAP/AAA server

Auth3-BS3

  • Old SA (MN-BS1 TSKs): created using MSK (or PMK) at BS1
  • New SA: (MN-BS2 TSKs): Create a new MSK (MSK2) at BS2?
    • Run EAP again for the new MSK/ SA ?
slide from ietf 65 handover keying using eap sdo solutions
Slide from IETF 65:Handover keying using EAP: SDO solutions

TSK

BS1

EAP. AAA

server

MN

PMK

MSK

AG

BS2

Authenticator

  • Split the authenticator into two functions (e.g. WiMAX)
    • Authenticator = Access Gateway: (holds MSK, creates per AN keys: PMK)
    • Authenticator port=Access node (receives PMK, creates TSK through SAP)
  • Intra-Authenticator Handover? A new PMK for each BS from initial MSK (Port to Port HO)
slide from ietf 65 problem inter authenticator
Slide from IETF 65:Problem: Inter-authenticator

Authenticator

PMK

  • Authenticator handover not supported
    • Requires re-authentication (re-run of EAP)
  • Can we avoid running a new EAP as part of Authenticator Handover?

EAP. AAA

server

TSK

MN

MSK

ANs

slides from ietf 65 hokey create a key hierarchy
Slides from IETF 65:HOKEY: Create a Key Hierarchy
  • Use a EAP method generated key to derive a key hierarchy
    • To support Intra-authenticator as well as Inter-authenticator HO in a way that does not require new EAP runs
    • To support heterogeneous access technology roaming
  • Define key derivation/ management at each level
    • (i.e. at AAA server, at ADC level, at AN level)
    • If the level within IETF scope: specify
    • If outside IETF scope: Requirement/ guidance/ parameters specifications (e.g. for channel binding, scoping, caching life time)
  • Protocols/ Requirements for key request/ transport/ distribution
    • Reqs for new protocols/ extensions for existing protocols (e.g. AAA)
    • Security goals
    • Performance Goal: handover optimization (pre-/ post handover signaling)
elements according problem statement v03
Elements according Problem Statement V03
  • Intra ADC handover: Key management and key derivation inside same ADC.
  • Inter ADC handover: Key Management and key derivation through different ADCs but same AAA, without running EAP again.

AN1

ADC1

LSAP

LSAP-MK1

MN

AAA

server

ADMSK-1

Intra-ADC HO

LSAP-MK2

AD1

Inter-ADC HO

HRK

AN2

ADMSK-2

ADC2

LSAP-MK3

AN3

AD2

terminology according to ps v03
Terminology according to PS V03
  • Handover Root Key
    • Used as the root of key hierarchy (previously called XMSK) is held by AAA server now.
  • Access Domain
    • A domain whose authentication and key management goes through the same ADC.
  • Access Domain Controller
    • Entity responsible for keying needs within an Access Domain. It holds ADMSK (derived from XMSK) to derive new keys.
  • Access Domain Controller MSK (ADMSK)
    • A key that is sent to eachAccess Domain Controller
  • Inter-ADC versus Intra-ADC handovers
    • Instead of inter- versus intra-authenticator
to specify
To specify
  • HRK (per AAA server)
    • Separate derivation Spec?: parameters, PRF
  • ADMSK (per ADC)
    • Derivation spec part of key hierarcy (PRF, parameters)
    • Transport spec (protocol/triggers/AAA requirements/ specs)
  • LSAP_MK (per AN)
    • Derivation spec part of key hierarchy (hetero access included)
    • Transport spec (protocol reqs/triggers/specs)
  • Guidelines on LSK derivation (outside IETF?)
  • Fast re-authentication (session expiry, ADC HO)
backup why adc instead of authenticator
Backup: Why ADC instead of Authenticator
  • Allows for easier management of heterogeneous roaming/ handovers (e.g. per-domain technology)
    • Combine key mgmt with mobility mgmt
  • Handover root key transport/caching behavior
    • HRK (e.g. MSK) is kept at AAA server, not sent to authenticator
    • A per ADC master keys (ADMSK) are sent to ADC
  • Separation of EAP auth. and handover keying signaling
    • Key mgmt and mobility mgmt can be inside an ADC, independent of entity that acts as pass-thru Auth,
    • Pass-thru auth either in AN or ADC
  • More crisp key usage guidelines
    • Authenticator master key<->Authenticator port master key?
    • Use ADC master key (ADMSK) and AN master key (LSAP_MK) instead
tough problems
Tough problems
  • Terminology, Terminology, terminology
  • What key to use as handover root key:
    • MSK or an USRK/AMSK ([I-D.salowey-eap-emsk-deriv] )
    • Creates Milestone issues for key hierarchy spec
  • Positioning of pass-through Auth. wrt ADC and AN
  • Definition of fast re-authentiaction (resolved!?)
  • Channel binding
    • Case 1: when ADC and AN are colocated (EAP keying)
    • Case 2: when ADC and AN are not colocated (SDO cases)
handover keying deliverables ml may 25
Handover keying Deliverables (ML May 25)
  • Handover keying problem statement draft (Informational).
  • Handover Root Key (HRK) derivation specification (standards Track)
  • Handover keying key hierarchy draft (Standards Track)
  • Handover keying protocol requirements draft (Informational/ Standards Track)
  • Handover keying protocol solution (depending on the scope)
proposed milestones ml may 25
Proposed milestones (ML May 25)
  • Mar 07 Handover keying PS to IESG
  • Mar 07 Handover root key specification to IESG
  • Sep 07 Handover key hierarchy specification to IESG
  • Dec 07 Handover keying protocol requirements to IESG
  • Aug 08 Handover Keying protocol solutions to IESG
ietf 65 hoakey bof result
IETF 65 HOAKEY BoF result
  • Support for work on handover keying
  • Issues with multi-application application keying:
    • Separate application keying from handover keying and Pre-auth
  • HOAKEY became HOKEYP:
    • Combine handover keying and Pre-authentication charters
  • Work towards aggressive interim Chartering and/or another BoF in IETF 66
progress since ietf 65
Progress Since IETF 65
  • Produced
    • HOKEYP charter V00-V03 (April/May)
    • Handover keying problem statement update to V02
    • Pre-authentication problem statement V00
    • USRK (AMSK) derivation draft V00/V01
  • ML generated 51 emails in April, 93 in May
  • ML Last call on HOKEYP charter proposal on V03 (May 15-May 25)
mllc results on hokeyp charter
MLLC results on HOKEYP charter
  • MLLC generated 79 emails in 10 days
  • 11 people approved (13, including ex-BoF chairs)
    • 6 manufacturers total, 3 operators
  • 2 persons requesting additions of some remaining EAP WG work into the charter/ clarification of some items
  • V04 and V05 generated during last call period, including changes in text, deliverables and deadlines
  • V06 and V07 generated after last call.
  • 2 solution drafts posted on the ML
contentious topics
Contentious topics
  • Choice of HRK (MSK versus AMSK/USRK)
    • TBD by Expert/Design team meeting
  • USRK/AMSK derivation standardization process?
    • In HOKEYP, an EAP EXT group?
  • Definition of fast re-authentication
    • Method dependent or independent (mostly resolved)
  • Channel binding solution
    • For EAP or HOKEY architecture (in HOKEYP or in EAP EXT?)
  • Milestone dates
    • Mostly resolved except those relating to HRK choice
deliverables as of v07
Deliverables as of V07
  • Handover keying problem statement draft (Informational).
  • Handover Root Key (HRK) derivation specification (standards Track)
  • Handover keying key hierarchy draft (Standards Track)
  • Handover keying protocol requirements draft (Informational/ Standards Track)
  • Handover keying protocol solution (depending on the scope)
  • Pre-authentication problem statement draft (Informational)
  • Pre-authentication protocol requirements draft (Informational)
  • Possible partial solution for pre-authentication signaling
proposed charter milestones
Proposed Charter milestones
  • Nov 06 Pre-authentication PS to IESG
  • Mar 07 Handover keying PS to IESG
  • Mar 07 Handover root key specification to IESG
  • Apr 07 Pre-authentication protocol requirement draft to IESG
  • Sep 07 Handover key hierarchy specification to IESG
  • Dec 07 Handover keying protocol requirements to IESG
  • Aug 08 Handover Keying protocol solutions to IESG
ad