110 likes | 260 Views
The 65 th IETF. Access Authentication Protocol in FMIP6 (draft-jung-mipshop-access-auth-00.txt). Souhwan Jung Jaeduck Choi Soongsil University. Problem Statements. Problem Statements IP layer authentication at the AR is necessary.
E N D
The 65th IETF Access Authentication Protocol in FMIP6(draft-jung-mipshop-access-auth-00.txt) Souhwan Jung Jaeduck Choi Soongsil University
Problem Statements • Problem Statements • IP layer authentication at the AR is necessary. (Link layer authentication may not be enough for mobility management.) • Existing authentication schemes are proposed mainly for protecting handoff signaling messages (e.g. BU and BA, Route Optimization) • A full hierarchical key generations and management for handover may cause too much burdens to the AAA server. • Goal • How to verify MR for access authentication at the NAR in FMIP6
Key idea • The MN generates a session key for access authentication at the NAR before handover, and delivers it to the NAR via the AAA server using existing secure channels (MN-AAA-AR). • The delivered session key can also be used for protecting BU and BA messages for next handover. • Distribute some part of handover burdens of the AAA server like key generations and management to the MNs.
Assumption & Terminology • Assumptions • Initial full EAP authentication is done in bootstrapping procedure • Secure channels exist between AR and AAA server • Key suites • EMSK (Extended Master Session Key) • Additional keying material between MN and AAAH (RFC 3748) • AAMK (Access Authentication Master Key) • A key derived from the EMSK for authenticating the MN • AEMK (Access Encryption Master Key) • A key derived from the EMSK for encrypting the AAK • AAK (Access Authentication Key) • A key used for authenticating MN after the MN attaches to the NAR
PAR NAR AAA Server MN MN Message Flow Key Generation between MN and AAA Key Generation in MN AAMK = H(EMSK_0_31, “Authentication Key”) AEMK = K1 | K2 K1 = H(EMSK_32_47, “Encryption Key” | 0x01) K2 = H(EMSK_48_63, “Encryption Key” | 0x02) AAK = H(Time_Stamp, MN_ID|NAR_ID | “Access Authentication Key”) Verify MAC_AAA Decrypt AAK [Enc(AAK), MAC_AAA] 2a [AAK] 3 [Nonce] 2b Verify MAC_PAR Verify MAC_NAR [Enc(AAK), MAC_PAR, MAC_AAA, Nonce] [MAC_NAR] [MAC_MN] 1 4 5 AAMK, AEMK, AAK Movement
FMIP6 Scenario:Predictive Access Authentication PAR NAR AAA Server MN EAP full authentication AAMK, AEMK Generated RtSolPr AAMK, AEMK Generated PrRtAdv Secure Channel (IPSec, TLS) Generate AAK AAuthReq (MN_ID,NAR_ID,AAA_ID, E_AEMK(AAK),MAC_PAR,MAC_AAA) Verify MAC_PAR AAA Request (MN_ID,NAR_ID,AAA_ID,E_AEMK(AAK),MAC_AAA) AAuthResp Verify MAC_AAA, Decrypt AAK AAA Response (Result) FBU HI (Result, AAK) (Nonce) (Nonce) Create authentication table (MN_ID, Nonce, AAK, MAC_NAR) HAck FBack FBack MN Handoff to NAR FNA (MN_ID,MAC_NAR) Verify MAC_NAR AAuthResp (Result,MAC_MN) Network Access
FMIP6 Scenario: Predictive Access Authentication (2/2) • MAC_PAR • A resistance against DoS attack • In case of verification failure, PAR just discards the AAuthReq message. • Verification of MAC-PAR provides the integrity for the E_AEMK(AAK) and the MAC_AAA
FMIP6 Scenario: Reactive Access Authentication (1/2) PAR NAR AAA Server MN EAP full authentication AAMK, AEMK Generated RtSolPr AAMK, AEMK Generated PrRtAdv Secure Channel (IPSec, TLS) Generate AAK MN Handoff to NAR FNA[FBU] AAuthReq (MN_ID,NAR_ID,AAA_ID,Nonce,E_AEMK(AAK),MAC_NAR,MAC_AAA) FBU FBack Create authentication table (MN_ID, Nonce, MAC_NAR) AAA Request Verify MAC_AAA (MN_ID,NAR_ID,AAA_ID,Nonce E_AEMK(AAK),MAC_NAR,MAC_AAA) AAA Response (Result, AAK) Verify MAC_NAR AAuthResp (Result,MAC_MN) Network Access
FMIP6 Scenario: Reactive Access Authentication (2/2) • The NAR must send the AAA Request if only the FBU is successful. • Secure against DoS attack • MAC_AAA provides the integrity for the E_AEMK(AAK), Nonce, and MAC_NAR
Summary • This draft proposes a secure authentication mechanism between the MN and NAR in FMIP6. • The established authentication key can be used for authenticating MN, and also for protecting Binding Messages (BU, BA) between MN and AR. • This scheme distributes some part of the handover burden of the AAA server like key generation and management to the MNs.
Any Comments? To be a WG item? Thank You.