Download
1 / 5
50 likes | 205 Views
Update on SEND Keys Draft draft-ietf-mipshop-handover-key-00.txt. James Kempf DoCoMo Labs USA kempf@docomolabs-usa.com Rajeev Koodli Nokia rajeev.koodli@nokia.com. Outline. Handover Key exchange Handover Key use. Router Advertisement + Signature + E( K A1 ). Generate Handover Key. MN.
E N D
Update on SEND Keys Draftdraft-ietf-mipshop-handover-key-00.txt James KempfDoCoMo Labs USAkempf@docomolabs-usa.comRajeev Koodli Nokiarajeev.koodli@nokia.com
Outline • Handover Key exchange • Handover Key use
Router Advertisement + Signature + E(KA1) Generate Handover Key MN Router Solicitation + A1 + CGA Option Decrypt + Store KA1 KA1 Handover Key Exchange Access Router A1 – KA1 ... Handover Key Table Access Point E(KA1) = encrypt( RSA Public Key for A1, KA1 )
Changes • MN uses a separate RSA key (Kpub-h) for handover key exchange (SEND has its pair for CGA purposes) • MN sends the RSA public key (Kpub-h) in RtSolPr/RS • Router verifies CGA, and creates (or looks up) a handover secret key (Ksec-h) • Router encrypts handover secret key (Ksec-h) using RSA public key (Kpub-h) and sends it in PrRtAdv/RA • MN verifies CGA, decrypts the option and uses handover key (Ksec-h) to compute the MAC for BADF
Changes • Using Proxy Router messages for key exchange • Make this a SHOULD • Allow RS/RA as a MAY
