1. 21-07-0901-00-0000 1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0024-00-0000 Title: Security Problems related to Transition Date Submitted: January 15, 2007 Presented at IEEE 802.21 session in London, UK Authors or Source(s): Jesse Walker Abstract: This contribution identifies two security problems related to transition and discusses their potential relevance to 802.21

2. 21-07-0901-00-0000 2 IEEE 802.21 presentation release statements: This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE- SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html> Section 6.3 of the IEEE- SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 http://standards.ieee.org/board/pat/guide.html

3. 21-07-0901-00-0000 3 Agenda Goal: Considerations for an 802.21 security SG 1) Two transition problems 2) Problem discussion 3) Considerations for SG Charter

4. 21-07-0901-00-0000 4 Two Transition Problems My view of the problems based purely on security considerations: Key Hierarchy based transition Authentication based transition Note: Non-security considerations may decompose the problem in other ways

5. 21-07-0901-00-0000 5 Background An administrative domain is a single entity that administers is own authentication mechanisms WLAN security uses authentication to authorize a mobile device to access the LAN Authentication creates a key hierarchy as a by-product to represent the authorization decision

6. 21-07-0901-00-0000 6 Key Hierarchy Based Transition Example Usage Scenarios: A mobile device can transition between two different LANs within by the same administrative domain –Transition between two different subnets based on the same media, e.g., 802.11 –Transition between two different subnets based on different media, e.g., 802.11 and 802.16 Since the same administrative domain, no intrinsic reason to authenticate on transition –An already established key hierarchy is all that is needed to support transition –Rekey is still needed between mobile device and new base station New key needed between mobile device and its new base station New context must be bound to the new key In principle, the key distribution and rekey problem is being addressed by IETF HOKEY WG –HOKEY is defining a key hierarchy meant to support transitions across subnet boundaries within the same administrative domain –HOKEY will not define any handshakes, if required, between base stations and mobile devices to effect this

7. 21-07-0901-00-0000 7 Authentication Based Transition Example Usage Scenario: a mobile device can transition between two LANs deployed by different administrative domains Since different administrative domains, no reason in general why authentication can be avoided –There is no reason for the new domain to “trust” keys from the old domain, and no reason for mobile device to “trust” the new domain with keys its used with its old domain –Some administrative domain have concluded “roaming agreements,” but this is not the general (or even normal) case –From a security perspective, “roaming agreements” are a special case of key hierarchy based transition, since key hierarchy rooted in the mobile device’s “home” domain is used No standards group seems chartered to work the Authentication based Transition problem –Some variant pre-authentication scheme (e.g., doc 21-06-0727-01) seems like one plausible approach to this problem –Some LAN specific work may be needed within IEEE 802

8. 21-07-0901-00-0000 8 Problem Discussion Scope: 802.21 is chartered to work on heterogeneous LAN “handoff” (i.e., transition) problems –Transitions between wireless LANs within scope –Transition between wired and wireless LANs within scope –E.g., if work applies to wired LANs as well, then it falls in scope of 802.1/802.3 Although 802.1 is sometimes willing to let other WGs solve this in other WGs in the context of larger problem In general, it is a bad idea to work on a problem being worked in another standard –Leads to market fragmentation –Standards exist to grow markets as large as possible

9. 21-07-0901-00-0000 9 Problem Discussion Is there any part of the key hierarchy based transition problem that is not being worked by HOKEY? –Perhaps base station to mobile device work is needed, but has not been identified Are there any LAN specific sub-problems of the key hierarchy based transition problem?

10. 21-07-0901-00-0000 10 Problem Discussion The Authentication based problem is more promising, because no one is working on this Is the Authentication based transition problem within scope of 802.21? Are there parts of the problem within scope? Are pre-authentication schemes within 802.21 scope? –Maybe its a more general problem within 802.1’s or IETF’s scope, but maybe not What would be new to make pre-authentication work? –At least need specification of binding of context to pre- authenticated generated keys

11. 21-07-0901-00-0000 11 Problem Discussion Any 802.21 Study Group must write a PAR and 5 Criteria to get any new work authorized –5 Criteria document must address market potential, compatibility with other standards, distinct identity, technical feasibility, economic feasibility –Case for market potential, economic feasibility seems fairly straight-forward –Work is required to show compatibility, distinct identity –Technical feasibility may depend on other standards being written

12. 21-07-0901-00-0000 12 Considerations for SG Charter Determine if key hierarchy based transition has any work within scope Determine if authentication based transition is within scope Focus at least on the compatibility and distinct identity issues for any 802.21 Security effort –Should identify what is different, why the proposed work is within scope Identify other standards required for an 802.21 Security effort to succeed