90 likes | 213 Views
Local Security Association (LSA) The Temporary Shared Key (TSK). draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le. What?. A secure mechanism to setup a Local Security Association between the user and the visited domain An LSA can be utilized for various purposes, including:
E N D
Local Security Association (LSA)The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le
What? • A secure mechanism to setup a Local Security Association between the user and the visited domain • An LSA can be utilized for various purposes, including: • securing message exchanges between user and the visited domain • deriving secondary LSAs between user and visited domain without involving home domain • The mechanism proposed in the draft defines a Temporary Shared Key to setup the LSA • Mechanisms to setup LSAs can be of benefit to URP as an edge protocol (LSA between user and the Registration Agent or Access Router)
Home Domain Visited Domain The Framework Assumptions: • a long term SA is shared between the user and its home domain • long term SA used for: • user/network authentication • for generation of LSAs Scope of LT-SA LT-SA AAAh AAAl AAAc RA URP NAS LT-SA FA Scope of LSA
TSK Features • The Temporary Shared Key is securely established between the user and the visited domain • TSK allows subsequent: • user authentication without involvement of the home domain • network authentication without involvement of the home domain • establishment of secondary LSAs (e.g. MN-AR, MN-FA)
TSK Applicability • applicable to any application, e.g. • Mobile IPv4: • Authentication • Key distribution • Examples of key distribution scenarios • key distribution to FA (MIPv4) • key distribution to HA in Foreign Domain (MIPv4) • keys for User-AR: data protection over the access link
TSK Benefits • Use of TSK reduces the signaling between the home and visited domains • enables frequent user authentications • Enables frequent refreshing of secondary LSAs • Use of TSK reduces the time delay of procedures (user authentication and key distribution)
draft-le-aaa-lsa-tsk-00.txt • The TSK draft describes the procedures for: • TSK Establishment • TSK Distribution • TSK Update • TSK Revocation
TSK and URP • Draft-le-aaa-lsa-tsk-00.txt describes the exchange of information between the user and the visited and home domains • No protocol is specified to carry such information • URP is a good candidate • Usage of LSA empowers URP as edge protocol • Relation between URP and AAA from the point of view of LSA • Registration Agent is AAAc
Conclusion • A potential mechanism for URP to setup a Local Security Association between the user and the visited/access network: the TSK • TSK as the mechanism used together with URP to setup LSA