Bootstrapping in CDMA 1x EvDo (with CHAP)

1. Bootstrapping in CDMA 1x EvDo (with CHAP) • Problem: only MS and AAA know the secret • PDSN sends the CHAP-Challenge and CHAP-Password (i.e., CHAP response) to AAA, and AAA returns either success or failure  there is no way to get the secret out to BSF • The GAA secret has to be agreed between MS and BSF by other means • Solution: • Use Diffie-Hellman to establish GAA secret between MS and BSF • Tie CHAP to GAA secret by deriving the CHAP challenge from GAA secret (MS must check that GAA secret was used to derive the CHAP challenge) • Similar to [11] • Reusing HTTP Digest AKA with conversion functions is not possible: • CHAP response is calculated different way than the HTTP Digest response • Diffie-Hellman parameters cannot be sent using HTTP Digest AKA parameters: the client cannot send Diffie-Hellman parameters to server in HTTP Digest AKA witout violating the HTTP Digest AKA specification  new IETF RFC is needed for specifying Diffie-Hellman key agreement in HTTP Digest (not desired) • Use anonymous TLS with Diffie-Hellman, and run CHAP inside the TLS tunnel

2. RED = NEW Bootstrapping in CDMA 1x EvDo (with CHAP) Message sequence 3 – anonymous TLS with CHAP challenge MS BSF AAA SEC GAA Ub Zh 1. Establish anonymous TLS with Diffie-Hellman 2. Generate CHAP challenge from the agreed key: challenge = KDF (key, “chap-challenge”) 3. CHAP challenge message (inside TLS tunnel) (challenge delivered) 4. Verify that received CHAP challenge is generated from the agreed key. 5. challenge 6. Calculate CHAP response. 7. response 8. CHAP response (inside TLS tunnel) (identity, response delivered) 9. RADIUS Access-Request (identity, challenge, response) 10. Check the response. 11. RADIUS Access-Answer (identity) 13. Set GAA master key: Ks = key, generate B-TID, key lifetime, etc., and store the data. 14. OK (inside TLS tunnel) (B-TID, key lifetime delivered) 15. Set GAA master key: Ks = key, and store it with received B-TID, key lifetime. 16. Close TLS tunnel