1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-0sec
Title: Observations, Discussions, and Next Steps
Date Submitted: May 13, 2009
Present at IEEE meeting in May of 2009
Authors: Lily Chen (NIST)
Abstract: This document summarizes the observations on the a proposals presented at May Interim Meeting, initiates some discussion topics, and suggests possible next steps to be taken for more detailed explorations.
sec 1

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development
sec 2

3. Outline
Observations
Discussion topics
Next steps
sec 3

4. List of Work Item 1 Proposals
For work Item 1, 5 proposals are received (in presented order).
EAP-FRM (doc #64, by Rafa Marin-Lopez et al)
A new EAP method to execute different fast proactive re-authentication protocols.
Authenticator Discovery (doc #63, by Dapeng Liu)
New services to be added to a for authenticator discovery purpose
Security Related Information Elements (doc #60, by Lily Chen et al)
IEs needed to enable fast establishment of new security connections
Media Independent Authenticator (MI-Auth) (doc #66, by Subir Das et al)
Use MI-Auth to enable proactive authentication.
Pre-distribute contents and keys for pre-authentication and re-authentication (doc #62, by Anirudh Bhatt et al)
sec 4

5. Observations on Work Item 1 Proposals
The proposals cover the following aspects
Protocols and methods to enable fast proactive authentication during the handover (e.g. EAP-FRM).
Services (e.g. authenticator discovery)
Information Elements
Network entities (e.g. MI-Auth)
Relationship among all the above
IEs may carry information on different authentication protocols, methods, as well as authenticator information.
MI-Authenticator is to enable proactive pre-authentication and re-authentications for inter-domain and inter-technology handover.
sec

6. Discussion Topics for Work Item 1 Proposals
Key question – What is in the a scope and what is not?
Which authentication protocols and methods we should make sure to be facilitated by a?
How detailed the information should be provided for the Information Elements?
For each proposal, what is the impact to the existing network landscape?
sec

7. List of Work Item 2 Proposals
For work item 2, 4 proposals are received.
Packet Level Authentication (PLA) (doc #65, by Sumanta Saha et al)
The packets are understood as IP packets. Therefore, it is an IPsec like protection. Need to be clarified by the proposers.
Authenticate MIH Information Using Digital Signature through Hash Tree (doc # 59, by Antonio Izquierdo et al)
Enable re-use and re-package information and maintain origin information authentication.
Use TLS to protect MIH messages (doc #66, by Subir Das et al)
Establish TLS session between MN and PoS. The messages are protected in both directions for confidentiality and integrity/authenticity.
MIH-SAP (Security Module) (doc #62, by Anirudh Bhatt et al)
Introduce MIH-SAP security module to facilitate MIH entity authentication and MIH protections.
sec

8. Observations on Work Item 2 Proposals
The proposals cover the following aspects
From protection perspective: MIH protection may provide integrity/authenticity only or both integrity/authenticity and confidentiality.
For integrity/authenticity: it can be public key based (signature) or symmetric key based (IPsec or TLS)
The protocol for the protections can be IPsec or TLS
Information re-use and re-pack with origin authentication
Function entity: MIH-SAP
The different proposals offer different options. They do not seem conflicting to each other.
sec

9. Discussion Topics for Work Item 2 Proposals
Can we provide multiple options for MIH protection (e.g. IPsec, TLS, MIH specific)?
Do we need any assumption on the transport protocol for MIH if we use IPsec and TLS?
How efficient each existing protocols are to be used in protecting MIH?
Do we need to explicitly introduce (assume) MIH specific infrastructure support (authentication server, CA, etc)?
Do we need to consider all the situations for MIH service?
Access authentication (yes or no)
MIH specific protection (yes or no)
Shall we consider a centralized trust model for IS or distributed trust model?
Information comes from a centralized server, signed and verifiable by all the receivers or every PoS generates its own information package and signs it?
xx-00-0sec

10. Next Steps for Work Item 1 Proposals
Discuss why the proposed new protocols, methods, entities and IEs are in the scope of a.
Generate tentative text to be included in the Amendment.
Discuss applicability of the proposal with existing architecture.
sec

11. Next Steps for Work Item 2 Proposals
Define format for MIH specific protections.
Generate tentative text to be included in the Amendment.
Discuss applicability if existing security protocols such as IPsec and TLS are used to protect MIH messages.
sec