eap Mailing List: RE: Relationship between AAA-Key and MSK/EMSK

[Nick Petroni (npetroni]

On the topic of the distinction between AAA and MSK keys, it seems Figure
4 in the keying document adds to the confusion (at least for me). The
figure shows the peer, authenticator, and backend all having access to the
MSK. As previously noted in this thread, sometimes AAA == MSK, but
potentially not. If I understand this correctly, I would say the middle
box, which depicts the authenticator, should have "AAA" instead of "MSK".
Perhaps AAA should also be indicated on the peer and backend, probably in
addition to MSK and EMSK.  Any other thoughts on this?

thanks,
nick

On Fri, 6 Feb 2004, Joseph Salowey wrote:

> Hi Hannes,
>
> I agree the definition of the AAA-key seems incomplete, I think the
> definition is any key that is used by the authenticator and supplicant
> to derive keys for data traffic protection (I don't think AAA-key is the
> best name since it doesn't have to involve a AAA in the basic case).
> In the case of standard 802.11 this AAA-Key the same as the MSK.  In the
> fast handoff example I believe additional AAA-keys are pushed to
> neighboring access points.  In order to provide computational
> independence from the MSK they should be derived from the EMSK.
>
> I have submitted an issue in email
> http://mail.frascone.com/pipermail/eap/2004-January/002143.html (which
> has not yet been assigned a number) which describes how to derive keys
> from the EMSK for specific purposes.   I think appendix e needs to be
> updated as discussed in Issue 214
> http://www.drizzle.com/~aboba/EAP/eapissues.html#Issue%20214.  I haven't
> had time to take a detailed look at Jari's proposal.  I'm not sure why
> the A-AAA-Key is needed in this derivation but it is equivalent to the
> MSK.
>
> Could you provide some more context from your discussion?  What exactly
> are you deriving keys to do? In my opinion it is best to use the MSK as
> in the case of 802.11 (single authenticator to supplicant).  If keys are
> going to be used for other purposes, between other parties or in other
> ways they should be derived from the EMSK.
>
> Thanks,
>
> Joe
>
>
> eap-admin [at] frascone.com wrote:
> > hi all,
> >
> > this issue come up when we discussed (Yoshi, Alper, Jari) the
> > relationship between the AAA-key and the MSK/EMSK in PANA .
> >
> > it is said that the AAA-Key is derived from the MSK and EMSK.
> >
> > the eap-keying document does not specify how this key
> > derivation is achieved.
> > worse, in Section 4.2.1 the text says:
> >
> > "  The AAA-Key is derived from the keying material exported by the EAP
> >    method (MSK and EMSK).  This derivation occurs on the AAA
> > server.  In
> >    many existing protocols that use EAP, the AAA-Key and MSK are
> >    equivalent, but more complicated mechanisms are possible (see
> > Appendix E for details). "
> >
> > appendix e, however, does not help since it talks only about
> > a very special case, namely fast handoff.
> >
> > we dicussed this issue in one of the eap keying design team
> > phone conferences but it got lost somehow.
> >
> > it would be more helpful to provide a proposal for AAA-Key to
> > MSK/EMSK key derivation.
> >
> > ciao
> > hannes
> > _______________________________________________
> > eap mailing list
> > eap [at] frascone.com
> > http://mail.frascone.com/mailman/listinfo/eap
>
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>