1 / 6

PEMK (PaC-EP Master Key) draft-ohba-pana-pemk-01.txt

PEMK (PaC-EP Master Key) draft-ohba-pana-pemk-01.txt. Yoshihiro Ohba Alper Yegin. Background. PaC-EP Master Key (PEMK) was defined older revisions of PANA specification A pre-shared key used for bootstrapping a lower-layer SA between PaC and EP The key is derived from MSK

collin
Download Presentation

PEMK (PaC-EP Master Key) draft-ohba-pana-pemk-01.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PEMK (PaC-EP Master Key)draft-ohba-pana-pemk-01.txt Yoshihiro Ohba Alper Yegin IETF70 PANA WG

  2. Background • PaC-EP Master Key (PEMK) was defined older revisions of PANA specification • A pre-shared key used for bootstrapping a lower-layer SA between PaC and EP • The key is derived from MSK • During IETF last call, PEMK was removed from PANA specification, with suggestion to define it in a separate document • This draft is submitted as such a document IETF70 PANA WG

  3. PEMK PEMK = prf+(MSK, "PaC-EP master key" | SID | KID | EPDID) • prf+ : defined in IKEv2 [RFC4306]. The actual pseudo-random function used for the prf+ is negotiated within PANA session (c.f., I-D.ietf-pana-pana) • MSK is a Master Session Key generated by EAP and exported to PANA. • SID: PANA session identifier • KID is the content of the PANA Key-ID AVP. • EPDID: Identifier of the EP. The EPDID format is the same of Address type of Diameter: • 2-octet AddressType + addres value • AddressType contains Address Family defined in [IANAADFAM] • How a PaC configuresthe identifier of the EP is out of the scope of this document. IETF70 PANA WG

  4. Attributes of PEMK • Key Name: TBD • Key Scope: Between PaC and EP • Key Context: Used as the pre-shared key of the secure association protocol in the scope of PEMK • Key Lifetime: No greater than the lifetime of MSK IETF70 PANA WG

  5. Security Considerations • Channel Binding : CB is made at the time of PEMK creation by using EPDID as a KDF parameter • Key distribution (only for split EP and PAA case) • Requirements • Key distribution from PAA to EP MUST be encrypted, integrity and replay protected with a SA between PAA and EP • The SA between PAA and EP MUST be cryptographically bound to the identities of the PAA and EP known to the PaC • The HOKEY 3-party key distribution protocol [I-D.ietf-hokey-key-mgm] is identified to satisfy the requirements IETF70 PANA WG

  6. Thank You! IETF70 PANA WG

More Related