Presentation on theme: "IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec"— Presentation transcript:
1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE r Fast BSS Transition – A StudyDate Submitted: September 21, 2009Present at IEEE meeting in September of 2009Authors: Lily Chen (NIST)Abstract: This document reviews IEEE r solution in Fast BSS Transition. The purpose is to pursue a proper approach in accommodating different authentication options in media independent handover.xx-00-sec
2 IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEEThe contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Developmentxx-00-sec
4 Fast BSS TransitionNetwork (not )Transitionxx-00-sec
5 EAP (Full Auth, Pre-Auth, or Re-Auth) IEEE Way HandshakeAuthenticatorEAP ServerPeerNOT IEEEEAP (Full Auth, Pre-Auth, or Re-Auth)MSKSTA-PMKAP-PMKEAPOL-Key ( ..., …, ANonce)Generate ANonceGenerate SNonceDrive PTKEAPOL-Key ( ..., …, SNonce, STA RSN IE, MIC)Drive PTKEAPOL-Key ( ..., …, ANonce, AP RSN IE, MIC)EAPOL-Key ( ..., …, MIC)Install TKInstall TKIEEE
6 IEEE 802.11r Key Hierarchy It introduces two level of PMKs PMK-R0 derived from MSK (or PSK)PMK-R1s derived from PMK-R0.
7 IEEE 802.11r – Fast BSS Transition Current AP-PMK_R1ATarget AP-PMK_R1BSTASecure session and dataAuth Req (FT … FIIE(SNonce …))PTKB GeneratedAuth Res (FT … FIIE(SNonce, ANonce …))Re-association Req (….)PTKB GeneratedRe-association Res (….)(New) Secure session and data
8 IEEE 802.11r Key Distribution The R0KH and the R1KH are assumed to have a secure channel between them that can be used to exchange cryptographic keys without exposure to any intermediate parties. The cryptographic strength of the secure channel between the R0KH and R1KH is assumed to be greater than or equal to the cryptographic strength of the channels for which the keys will be used. This standard assumes that the key transfer includes the PMK-R1, the PMK-R1 PMKSA, the PMK-R1 context, and the associated key authorizations. The protocol for distribution of keying material from the R0KH to the R1KH is outside the scope of this standard IEEE r, Clause 11A.2.2
9 What do we learn? Key distribution is not a part of IEEE 802.11r. A specific EAP method is not a part of IEEEIt is independent to whether it is aPre-authentication;Re-authentication; orFull-authentication.
10 What we should ask?Do we have to introduce specific EAP methods in IEEE a?Shall MIHF or any IEEE entities handle specific authentication?If it is in EAP layer or above, then we will need to add function of a peer, an authenticator, or a server the 21 entity.If it is a lower layer, then it cannot be media independent.
11 Things to clarifyIn contribution 144, Alternative I: “Work with and to introduce pre-authentication architecture”.Pre-authentication is out of the scope ofThis alternative obviously does not apply(For , further study is needed.)