70 likes | 105 Vues
Handover Keying. IETF 65 Dallas. Handover in Wireless Access Networks. Access link. BS/AP providing/controlling access service User/device credentials stored at the backend server Handover: Re-establish secure links with new BS/AP. Handover performance is a crucial service quality factor.
E N D
Handover Keying IETF 65 Dallas
Handover in Wireless Access Networks Access link • BS/AP providing/controlling access service • User/device credentials stored at the backend server • Handover: Re-establish secure links with new BS/AP. • Handover performance is a crucial service quality factor MN Access Gateway AAA server Access Gateway BS/AP
EAP Keying for fixed peers EAP server peer Authenticator EAP-XXX authentication Generation of MSK, EMSK, EAP over L2 Generation of MSK, EMSK, EAP over AAA EAP Success + MSK transport EAP Success EAP complete EAP complete Generation of MS-BS Security Association (TSKs) Transported MSK Generation of TSKs Generation of TSKs Use TSKs for link security
EAP with handovers Old SA MSK New SA EAP/AAA server BS/Authenticator • SA for the old link – from SAP exchange (using MSK) • If you send MSK to the first BS, you need a new MSK at the second BS • Run EAP again to establish new MSK/ SA ?
Handover keying using EAP: SDO solutions Long term credential+MSK BS1 TSK EAP. AAA server MN PMK MSK AGW BS2 Authenticator • EAP Solutions in SDOs for Handover • Authenticator consists of ports • Gateway: Authenticator (holds MSK, creates PMK) • BS: Authenticator port (receives PMK from Gateway) • Handover?: Create a PMK for each BS from initial MSK (Port to Port HO) • This only solve Intra-authenticator handover
Problem: Inter-authenticator Long term credential PMK • Authenticator handover not supported • Requires re-authentication (rerun of EAP) • Can we avoid running a new EAP as part of Authenticator Handover? EAP. AAA server TSK MN MSK ANs Authenticator
HOAKEY: Create a Key Hierarchy • Use EAP generated master keys, e.g. EMSK/AMSK as root key and create further keys • To support intra-authenticator as well as Inter-authenticator HO in a way that does not require new EAP runs • Define key derivation at each level (down to AP) • Specify if within IETF scope • Requirement/ guidance when outside IETF scope • Keying parameters (channel binding, scoping, caching life time) • Protocols for key request/ distribution • Security goal: Requirement for new protocols/ extensions for existing protocols • Performance Goal: handover optimization (pre-/ post handover signaling)