80 likes | 91 Views
This draft outlines a protocol for secure handover key exchange between mobile nodes and access routers using AAA infrastructure, facilitating FMIP deployment. The document defines the protocol, message exchange, and key hierarchy for seamless handover in systems.
E N D
Handover Keys Using AAA(draft-vidya-mipshop-handover-keys-aaa-03.txt) vidyan@qualcomm.com narayanan.venkitaraman@motorola.com gerardo.giaretta@telecomitalia.it hannes.tschofenig@siemens.com julien.bournelle@int-evry.fr
Draft Status • No current open issues • Reviews received from MOBDIR; a requested SECDIR review received; comments incorporated • Technical work is mostly complete • Transport over AAA needs to be defined • Not a normative reference to the draft • Needed for practical deployments • Hence the need for RADEXT input IETF 67, RADEXT
AP2.1 AP2.2 AP1.1 AP1.2 Example Topology AR2 MN AAAH Server AR1 MN IETF 67, RADEXT
Solution Goals • Facilitate FMIP deployment in systems with a AAA infrastructure • Establish a handover key between MN and AR to secure FMIP signaling • Use of AAA infrastructure to enable this • Simple, single roundtrip protocol IETF 67, RADEXT
Protocol Overview AAA Server MN AR1 AR2 HMK Generated HMK Generated HKReq RADIUS Access Request ([MN ID, Msg ID, Seq #, MN Nonce], MN-AAA MAC) ([HKReq, NAS IP], AR-AAA MAC) Validate MAC Generate HK1 RADIUS Access Accept ([AAA Nonce, Lifetime] AAA-MN MAC, [HK1], ARn-AAA Key) HKResp Decrypt HK1 ([AAA Nonce, Lifetime] AAA-MN MAC) Generate HK1 MN Handoff To AR2 FNA([FBU], HK1) [FBU], HK1 Validate FBU FBAck FBAck IETF 67, RADEXT
Message Exchange MN AR AAA ---- ---- ----- MSGID, PRF, CoA, N1, ID, [T], MN-AAA MAC --> AAA (MSGID, PRF, CoA, N1,ID, [T], MAC) --> <-- AAA (N2, [MN-AAA MAC]) <-- MSGID, PRF, Code, SPI, N2, [MN-AAA MAC], [T], MN-AR MAC IETF 67, RADEXT
Handover Key Hierarchy HMK (Handover Master Key) … HK1 HIK (Handover Integrity Key) HKn HIK = gprf+ (HMK, "Handover Integrity Key") HK = gprf+ (HMK, MN Nonce | AAA Nonce | MN ID | AR ID | "Handover Key") gprf+ (K, S) = T1 | T2 | T3 | T4 ... where: T1 = PRF (K, S | Y) T2 = PRF (K, T1 | S | Y+1) T3 = PRF (K, T2 | S | Y+2) T4 = PRF (K, T3 | S | Y+3) • No relation to EAP key material • HMK may be a PSK • Future specification of HMK as an EAP USRK feasible • Current document assumes that the HMK is a PSK for FMIP authentication • HMK Key hierarchy has no dependency on EAP IETF 67, RADEXT
Next Steps • Feasibility of using RADIUS as the AAA protocol? • If feasible, is RADEXT willing to review and sponsor the draft? IETF 67, RADEXT