1 / 13

HandOver and Application KEYing Pre-Authentication

HandOver and Application KEYing Pre-Authentication. HOAKEY and Pre-Auth IETF 65 Dallas. NOTE WELL.

craigt
Download Presentation

HandOver and Application KEYing Pre-Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HandOver and Application KEYingPre-Authentication HOAKEY and Pre-Auth IETF 65 Dallas

  2. NOTE WELL • Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to:-the IETF plenary session,-any IETF working group or portion thereof,-the IESG or any member thereof on behalf of the IESG,-the IAB or any member thereof on behalf of the IAB,-any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices,-the RFC Editor or the Internet-Drafts functionAll IETF Contributions are subject to the rules of RFC 3978 and RFC 3979. Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. • Please consult RFC 3978 for details.

  3. Note these as well: • Minute takers • Blue sheets • Merged the HOAKEY and Pre-auth BoF • Combined charter for the two BoF • BoF chairs: Madjid Nakhjiri, Yoshihiro Ohba • Thanks to: Alper Yegin and Kutal Chowdhury

  4. Agenda • Agenda bashing 5 min • Introduction 5 min • Handover Keying 15 min • Pre-Authentication 15 min • Application keying 15 min • EAP keying gap analysis 10 min • Scope/non-scope/deliverables10 min • Charter discussion

  5. Charter http://www3.ietf.org/proceedings/06mar/agenda/hoakey.txt

  6. Charter summary:Handover keying and Pre-authentication • Handover latency is a big issue in mobile networks • Access authentication and key management cause large delays, the problem can be solved by two ways • Pre-authentication where the mobile node runs EAP authentication prior to handover • Derive keys for new attachment based on existing EAP session

  7. Charter summary (2):Application keying • Providing full service access requires various network signaling protocols • Many of the protocols e.g. Mobile IP rely on security associations to protect their signaling messages • Bootstrapping these security associations can be optimized by deriving keys from the network access authentication

  8. Presentations IETF 65 Dallas

  9. Out of scope: We will not try… (1) • Coming up with EAPv2 • Extending EAP 3748 protocol • Revising EAP keying specs • Defining over-the-air EAP lower layers • Designing new RADIUS messages • BUT, requirements for RADIUS/Diameter attributes/AVP if needed • Replacing existing application signaling security • E.g. replacing Mobile IP authentication methods such as MN-HA AE, or return routabilitys

  10. Out of Scope (2) • Pro-active configuration • E.g., acquiring an IP address from the target network prior to the handover • Making changes to L2 security specs (in other SDOs) • Identification of L2 changes, if any, is within scope

  11. Deliverables (1) • Handover keying hierarchy draft (informational) • Keying hierarchy, functional model, key derivation, requirements for key caching and distribution including key scoping and channel binding for handover keying. • Handover keying protocol requirements draft (informational) • Requirements of a new protocol or new options/attributes for existing protocols for enabling a target authenticator to obtain handover keys.

  12. Deliverables (2) • Application keying hierarchy draft (informational) • Keying hierarchy, functional model, key derivation, requirements for key caching and distribution including key scoping and channel binding for application keying. • Application keying protocol requirements draft (informational) • Requirements of new options/attributes for existing protocols for enabling application keying. • Pre-authentication protocol requirements draft (informational) • Requirements of new options/attributes for existing protocols for enabling a target authenticator to obtain handover keys using a pre-authentication protocol that runs EAP between a mobile node an a target authenticator.

  13. Consensus Qs at the end? • Should IETF solve these problems? • Should a new WG be formed? Or existing WGs should deal with it? • How many people are willing to work on this?

More Related