eap Mailing List: Re: EAP Key Management Framework doubt

[Jari Arkko (jari.arkko]

Rafa Marín López wrote:
> Hello Jari
>
> Iniatilly in Figure 4 , authenticator box has a MSK written  on it. So I 

Ah, now I see it. Figure 4 is IMHO wrong. MSK in the authenticator should
be the AAA-Key; as you see the arrow transports the AAA-Key and not the MSK.

> could understand which MSK is transported.... about text... page 30
>
> Utilizing the AAA protocol, the authenticator and backend
>   authentication server mutually authenticate and derive session keys
>   known only to them, used to provide per-packet integrity and replay
>   protection, authentication and confidentiality. 
> ---> The MSK is distributed by the backend authentication server to the 
> authenticator
>   over this channel, bound to attributes constraining its usage, as
>   part of the AAA-Token.  ----> The binding of attributes to the MSK 
> within a
>   protected package is important so the authenticator receiving the
>   AAA-Token can determine that it has not been compromised, and that
>   the keying material has not been replayed, or mis-directed in some

This is wrong too, I think. s/MSK/AAA-Key/g in this paragraph.

Here's a summary of the modifications I would do to fix this:

  o  In Figure 4, s/MSK/AAA-Key/ in the Authenticator box.

  o  In Section 4.1, replace the paragraph

   Utilizing the AAA protocol, the authenticator and backend
   authentication server mutually authenticate and derive session keys
   known only to them, used to provide per-packet integrity and replay
   protection, authentication and confidentiality.  The MSK is
   distributed by the backend authentication server to the authenticator
   over this channel, bound to attributes constraining its usage, as
   part of the AAA-Token.  The binding of attributes to the MSK within a
   protected package is important so the authenticator receiving the
   AAA-Token can determine that it has not been compromised, and that
   the keying material has not been replayed, or mis-directed in some
   way.

     with

   Utilizing the AAA protocol, the authenticator and backend
   authentication server mutually authenticate and derive session keys
   known only to them, used to provide per-packet integrity and replay
   protection, authentication and confidentiality.  The AAA-Key is
   distributed by the backend authentication server to the authenticator
   over this channel, bound to attributes constraining its usage, as
   part of the AAA-Token.  The binding of attributes to the AAA-Key within a
   protected package is important so the authenticator receiving the
   AAA-Token can determine that it has not been compromised, and that
   the keying material has not been replayed, or mis-directed in some
   way.

  o  Section 2.3, replace the paragraph

   The MSK and EMSK are used to derive the AAA-Key and key name which
   are enclosed within the AAA-Token, transported to the  NAS by the AAA
   server, and used within the secure association protocol for
   derivation of Transient Session Keys (TSKs) required for the
   negotiated ciphersuite.

     with

   The MSK and EMSK are used to derive the AAA-Key and key name. AAA-Key
   and key name are enclosed within the AAA-Token, which is transported to the
   NAS by the AAA server, and used within the secure association protocol for
   derivation of Transient Session Keys (TSKs) required for the
   negotiated ciphersuite.

--Jari