Handover%20Keys%20Using%20AAA%20(draft-vidya-mipshop-handover-keys-aaa-03.txt) - PowerPoint PPT Presentation

About This Presentation
Title:

Handover%20Keys%20Using%20AAA%20(draft-vidya-mipshop-handover-keys-aaa-03.txt)

Description:

julien.bournelle_at_int-evry.fr. IETF 67, RADEXT. 2. Draft Status. No current open issues. Reviews received from MOBDIR; a requested SECDIR review received; comments ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 9
Provided by: Qual79
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Handover%20Keys%20Using%20AAA%20(draft-vidya-mipshop-handover-keys-aaa-03.txt)


1
Handover Keys Using AAA(draft-vidya-mipshop-hando
ver-keys-aaa-03.txt)
  • vidyan_at_qualcomm.com
  • narayanan.venkitaraman_at_motorola.com
  • gerardo.giaretta_at_telecomitalia.it
  • hannes.tschofenig_at_siemens.com
  • julien.bournelle_at_int-evry.fr

2
Draft Status
  • No current open issues
  • Reviews received from MOBDIR a requested SECDIR
    review received comments incorporated
  • Technical work is mostly complete
  • Transport over AAA needs to be defined
  • Not a normative reference to the draft
  • Needed for practical deployments
  • Hence the need for RADEXT input

3
Example Topology
AR2
MN
AAAH Server
AR1
MN
4
Solution Goals
  • Facilitate FMIP deployment in systems with a AAA
    infrastructure
  • Establish a handover key between MN and AR to
    secure FMIP signaling
  • Use of AAA infrastructure to enable this
  • Simple, single roundtrip protocol

5
Protocol Overview
AAA Server
MN
AR1
AR2
HMK Generated
HMK Generated
HKReq
RADIUS Access Request
(MN ID, Msg ID, Seq , MN Nonce, MN-AAA MAC)
Validate MAC Generate HK1
(HKReq, NAS IP, AR-AAA MAC)
RADIUS Access Accept
(AAA Nonce, Lifetime AAA-MN MAC, HK1, ARn-AAA
Key)
HKResp
Decrypt HK1
(AAA Nonce, Lifetime AAA-MN MAC)
Generate HK1
MN Handoff To AR2
FNA(FBU, HK1)
FBU, HK1
Validate FBU
FBAck
FBAck
6
Message Exchange
MN AR
AAA ----
----
----- MSGID, PRF, CoA, N1, ID,
T, MN-AAA MAC --gt
AAA (MSGID, PRF, CoA, N1,ID, T, MAC) --gt

lt-- AAA (N2, MN-AAA MAC)
lt-- MSGID, PRF, Code, SPI, N2,
MN-AAA MAC, T, MN-AR MAC
7
Handover Key Hierarchy
HMK (Handover Master Key)

HIK (Handover Integrity Key)
HK1
HKn
HIK gprf (HMK, "Handover Integrity Key")
HK gprf (HMK, MN Nonce AAA Nonce MN ID
AR ID "Handover Key")
gprf (K, S) T1 T2 T3 T4 ... where T1
PRF (K, S Y) T2 PRF (K, T1 S Y1) T3
PRF (K, T2 S Y2) T4 PRF (K, T3 S
Y3)
  • No relation to EAP key material
  • HMK may be a PSK
  • Future specification of HMK as an EAP USRK
    feasible
  • Current document assumes that the HMK is a PSK
    for FMIP authentication
  • HMK Key hierarchy has no dependency on EAP

8
Next Steps
  • Feasibility of using RADIUS as the AAA protocol?
  • If feasible, is RADEXT willing to review and
    sponsor the draft?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Handover%20Keys%20Using%20AAA%20(draft-vidya-mipshop-handover-keys-aaa-03.txt)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!