1 / 9

Local Security Association (LSA) The Temporary Shared Key (TSK)

Local Security Association (LSA) The Temporary Shared Key (TSK). draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le. What?. A secure mechanism to setup a Local Security Association between the user and the visited domain An LSA can be utilized for various purposes, including:

lucio
Télécharger la présentation

Local Security Association (LSA) The Temporary Shared Key (TSK)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Local Security Association (LSA)The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le

  2. What? • A secure mechanism to setup a Local Security Association between the user and the visited domain • An LSA can be utilized for various purposes, including: • securing message exchanges between user and the visited domain • deriving secondary LSAs between user and visited domain without involving home domain • The mechanism proposed in the draft defines a Temporary Shared Key to setup the LSA • Mechanisms to setup LSAs can be of benefit to URP as an edge protocol (LSA between user and the Registration Agent or Access Router)

  3. Home Domain Visited Domain The Framework Assumptions: • a long term SA is shared between the user and its home domain • long term SA used for: • user/network authentication • for generation of LSAs Scope of LT-SA LT-SA AAAh AAAl AAAc RA URP NAS LT-SA FA Scope of LSA

  4. TSK Features • The Temporary Shared Key is securely established between the user and the visited domain • TSK allows subsequent: • user authentication without involvement of the home domain • network authentication without involvement of the home domain • establishment of secondary LSAs (e.g. MN-AR, MN-FA)

  5. TSK Applicability • applicable to any application, e.g. • Mobile IPv4: • Authentication • Key distribution • Examples of key distribution scenarios • key distribution to FA (MIPv4) • key distribution to HA in Foreign Domain (MIPv4) • keys for User-AR: data protection over the access link

  6. TSK Benefits • Use of TSK reduces the signaling between the home and visited domains • enables frequent user authentications • Enables frequent refreshing of secondary LSAs • Use of TSK reduces the time delay of procedures (user authentication and key distribution)

  7. draft-le-aaa-lsa-tsk-00.txt • The TSK draft describes the procedures for: • TSK Establishment • TSK Distribution • TSK Update • TSK Revocation

  8. TSK and URP • Draft-le-aaa-lsa-tsk-00.txt describes the exchange of information between the user and the visited and home domains • No protocol is specified to carry such information • URP is a good candidate • Usage of LSA empowers URP as edge protocol • Relation between URP and AAA from the point of view of LSA • Registration Agent is AAAc

  9. Conclusion • A potential mechanism for URP to setup a Local Security Association between the user and the visited/access network: the TSK • TSK as the mechanism used together with URP to setup LSA

More Related