Presentation is loading. Please wait.

Presentation is loading. Please wait.

7/13/061 The Problem of Handover Keying IETF 66 Montreal.

Published bySamson Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "7/13/061 The Problem of Handover Keying IETF 66 Montreal."— Presentation transcript:

1 7/13/061 The Problem of Handover Keying IETF 66 Montreal

2 7/13/062 AAA based Keying for Wireless Handovers: Problem Statement draft-nakhjiri-aaa-hokey-ps-03 Madjid Nakhjiri (Huawei USA) Mohan Parthasarathy (Nokia) Julien Bournelle (GET/INT/FT) Hannes Tschofenig (Siemens) R. Marin Lopez (TARI)

3 7/13/063 Slide from IETF 65: Handover in Wireless Access Networks Access Nodes (BS/AP) providing secure access links User/device credentials stored at AAA server Handover: Establish a new secure link with new AN. Handover performance is a crucial service quality factor –Desired: Minimal interaction with AAA server during handover. MN Access Gateway AAA server Access Node Access link Access Gateway

4 7/13/064 Slide from IETF 65: EAP Keying for fixed peers peer Authenticator EAP server Generation of MSK, EMSK, Security Association Protocol (TSKs) Generation of MSK, EMSK, EAP over AAA EAP-XXX Method Authentication MSK transport EAP complete EAP over L2 Transported MSK Generation of TSKs Use TSKs for link security

5 7/13/065 Slide from IETF 65:Use of EAP keying for handovers Old SA (MN-BS1 TSKs): created using MSK (or PMK) at BS1 New SA: (MN-BS2 TSKs): Create a new MSK (MSK2) at BS2? Run EAP again for the new MSK/ SA ? Old SA(TSK) New SA (TSK) EAP/AAA server MSK1 MSK2 Auth-1/BS1 Auth2-BS2 MN Auth3-BS3

6 7/13/066 Slide from IETF 65: Handover keying using EAP: SDO solutions MN Authenticator EAP. AAA server BS2 MSK TSK Split the authenticator into two functions (e.g. WiMAX) 1.Authenticator = Access Gateway: (holds MSK, creates per AN keys: PMK) 2.Authenticator port=Access node (receives PMK, creates TSK through SAP) Intra-Authenticator Handover? A new PMK for each BS from initial MSK (Port to Port HO) PMK BS1 AG

7 7/13/067 Slide from IETF 65: Problem: Inter-authenticator MN Authenticator EAP. AAA server ANs MSK TSK PMK Authenticator handover not supported –Requires re-authentication (re-run of EAP) Can we avoid running a new EAP as part of Authenticator Handover?

8 7/13/068 Slides from IETF 65: HOKEY: Create a Key Hierarchy Use a EAP method generated key to derive a key hierarchy –To support Intra-authenticator as well as Inter-authenticator HO in a way that does not require new EAP runs –To support heterogeneous access technology roaming Define key derivation/ management at each level –(i.e. at AAA server, at ADC level, at AN level) –If the level within IETF scope: specify –If outside IETF scope: Requirement/ guidance/ parameters specifications (e.g. for channel binding, scoping, caching life time) Protocols/ Requirements for key request/ transport/ distribution –Reqs for new protocols/ extensions for existing protocols (e.g. AAA) –Security goals –Performance Goal: handover optimization (pre-/ post handover signaling)

9 7/13/069 Elements according Problem Statement V03 Intra ADC handover: Key management and key derivation inside same ADC. Inter ADC handover: Key Management and key derivation through different ADCs but same AAA, without running EAP again. MN ADMSK-1 AAA server AN3 HRK LSAP LSAP-MK2 ADC1 ADMSK-2 ADC2 LSAP-MK1 AN1 AN2 LSAP-MK3 AD1 AD2 Inter-ADC HO Intra-ADC HO

10 7/13/0610 Terminology according to PS V03 Handover Root Key –Used as the root of key hierarchy (previously called XMSK) is held by AAA server now. Access Domain –A domain whose authentication and key management goes through the same ADC. Access Domain Controller –Entity responsible for keying needs within an Access Domain. It holds ADMSK (derived from XMSK) to derive new keys. Access Domain Controller MSK (ADMSK) –A key that is sent to each Access Domain Controller Inter-ADC versus Intra-ADC handovers –Instead of inter- versus intra-authenticator

11 7/13/0611 To specify HRK (per AAA server) –Separate derivation Spec?: parameters, PRF ADMSK (per ADC) –Derivation spec part of key hierarcy (PRF, parameters) –Transport spec (protocol/triggers/AAA requirements/ specs) LSAP_MK (per AN) –Derivation spec part of key hierarchy (hetero access included) –Transport spec (protocol reqs/triggers/specs) Guidelines on LSK derivation (outside IETF?) Fast re-authentication (session expiry, ADC HO)

12 7/13/0612 Backup: Why ADC instead of Authenticator Allows for easier management of heterogeneous roaming/ handovers (e.g. per-domain technology) –Combine key mgmt with mobility mgmt Handover root key transport/caching behavior –HRK (e.g. MSK) is kept at AAA server, not sent to authenticator –A per ADC master keys (ADMSK) are sent to ADC Separation of EAP auth. and handover keying signaling –Key mgmt and mobility mgmt can be inside an ADC, independent of entity that acts as pass-thru Auth, –Pass-thru auth either in AN or ADC More crisp key usage guidelines –Authenticator master key Authenticator port master key? –Use ADC master key (ADMSK) and AN master key (LSAP_MK) instead

13 7/13/0613 Tough problems Terminology, Terminology, terminology What key to use as handover root key: –MSK or an USRK/AMSK ([I-D.salowey-eap-emsk-deriv] ) –Creates Milestone issues for key hierarchy spec Positioning of pass-through Auth. wrt ADC and AN Definition of fast re-authentiaction (resolved!?) Channel binding –Case 1: when ADC and AN are colocated (EAP keying) –Case 2: when ADC and AN are not colocated (SDO cases)

14 7/13/0614 Handover keying Deliverables (ML May 25) Handover keying problem statement draft (Informational). Handover Root Key (HRK) derivation specification (standards Track) Handover keying key hierarchy draft (Standards Track) Handover keying protocol requirements draft (Informational/ Standards Track) Handover keying protocol solution (depending on the scope)

15 7/13/0615 Proposed milestones (ML May 25) Mar 07 Handover keying PS to IESG Mar 07 Handover root key specification to IESG Sep 07 Handover key hierarchy specification to IESG Dec 07 Handover keying protocol requirements to IESG Aug 08 Handover Keying protocol solutions to IESG

16 7/13/0616 HOAKEY BoF/ HOKEYP Mailing list Report

17 7/13/0617 IETF 65 HOAKEY BoF result Support for work on handover keying Issues with multi-application application keying: –Separate application keying from handover keying and Pre-auth HOAKEY became HOKEYP: –Combine handover keying and Pre-authentication charters Work towards aggressive interim Chartering and/or another BoF in IETF 66

18 7/13/0618 Progress Since IETF 65 Produced –HOKEYP charter V00-V03 (April/May) –Handover keying problem statement update to V02 –Pre-authentication problem statement V00 –USRK (AMSK) derivation draft V00/V01 ML generated 51 emails in April, 93 in May ML Last call on HOKEYP charter proposal on V03 (May 15-May 25)

19 7/13/0619 MLLC results on HOKEYP charter MLLC generated 79 emails in 10 days 11 people approved (13, including ex-BoF chairs ) –6 manufacturers total, 3 operators 2 persons requesting additions of some remaining EAP WG work into the charter/ clarification of some items V04 and V05 generated during last call period, including changes in text, deliverables and deadlines V06 and V07 generated after last call. 2 solution drafts posted on the ML

20 7/13/0620 Contentious topics Choice of HRK (MSK versus AMSK/USRK) –TBD by Expert/Design team meeting USRK/AMSK derivation standardization process? –In HOKEYP, an EAP EXT group? Definition of fast re-authentication –Method dependent or independent (mostly resolved) Channel binding solution –For EAP or HOKEY architecture (in HOKEYP or in EAP EXT?) Milestone dates –Mostly resolved except those relating to HRK choice

21 7/13/0621 Deliverables as of V07 Handover keying problem statement draft (Informational). Handover Root Key (HRK) derivation specification (standards Track) Handover keying key hierarchy draft (Standards Track) Handover keying protocol requirements draft (Informational/ Standards Track) Handover keying protocol solution (depending on the scope) Pre-authentication problem statement draft (Informational) Pre-authentication protocol requirements draft (Informational) Possible partial solution for pre-authentication signaling

22 7/13/0622 Proposed Charter milestones Nov 06 Pre-authentication PS to IESG Mar 07 Handover keying PS to IESG Mar 07 Handover root key specification to IESG Apr 07 Pre-authentication protocol requirement draft to IESG Sep 07 Handover key hierarchy specification to IESG Dec 07 Handover keying protocol requirements to IESG Aug 08 Handover Keying protocol solutions to IESG

Download ppt "7/13/061 The Problem of Handover Keying IETF 66 Montreal."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
21-07-0xxx-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0xxx-00-0000 Title: Proposal for adding a key hierarchy based approach in the security.

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal for adding a key hierarchy based approach in the security.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
21-07-0xxx-00-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0xxx-00-0000 Title: Proposal for adding a key hierarchy based approach in the security.

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal for adding a key hierarchy based approach in the security.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
MANET Where are we? Where are we going? Adrian Farrel Routing AD Honolulu – November 2015 – IETF-91.

MANET Where are we? Where are we going? Adrian Farrel Routing AD Honolulu – November 2015 – IETF-91.
Doc: 11-03-0763-00-0000 Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
21-07-0387-00-00011 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0387-00-0001 Title: Problem Statement for Authentication Signaling Optimization Date.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Doc.: IEEE 802.11-08/0394r0 Submission March 2008 Dorothy Stanley, Aruba NetworksSlide 1 IEEE 802.11-IETF Liaison Report Date: 2008-03-19 Authors:

Doc.: IEEE /0394r0 Submission March 2008 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
21-06-0727-01-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0727-01-0000 Title: Proposal for IEEE 802.21 Study Group on Security Signaling Optimization.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.
Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE 802.11 Liaison To/From.

Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE Liaison To/From.
IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd

IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd
21-09-0059-00-0sec1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-0059-00-0sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.

sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
21-07-xxxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-xxxx-00-0000 Title: IETF Liaison Report Date Submitted: July 19, 2007 Presented at.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: IETF Liaison Report Date Submitted: July 19, 2007 Presented at.
21-07-0301-01-00001 IEEE 802.21 MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,

IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
Doc.: IEEE 802.11-11/0691r0 Submission May 2011 Dorothy Stanley, Aruba NetworksSlide 1 IEEE 802.11-IETF Liaison Report Date: 2011-05-11 Authors:

Doc.: IEEE /0691r0 Submission May 2011 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:

Similar presentations

Ads by Google