eap Mailing List: Re: IEEE 802.16e EAP usage modes

[Bernard Aboba (aboba]

The EAP Key Management Framework includes security requirements for EAP
usage modes.  In particular, the "Housley Criteria" describes the
requirements for publication of AAA key management documents in the IETF.
My advice would be to look carefully at those requirements in order to
understand whether 802.16e is compliant or not.

> Basically, in the context of EAP in this model BS acts as a relay and
> implements two functions.
>
>  1. On uplink BS removes EAP pdus from the PKMv2 encapsulation,
> encapsulates them in a "to be defined" encapsulation and forwards them
> to the Gateway which is a RADIUS client.

Does the uplink BS perform any cryptographic operations on data or EAP
packets?  Or does it just encapsulate/decapsulate packets?

>  2. On downlink BS removes EAP pdus from a "to be defined"
> encapsulation, encapsulates them in PKMv2 and forwards them to the MSS

Where are cryptographic keys stored in this architecture?  On the MSS? on
the BS?  On both? How are the keys transported?  How many parties possess
them?

How are transient session keys derived?  How are they bound to the correct
context?  How are authorization attributes handled?  Does this ensure
proper cryptographic binding?

> BS does not implement any Authenticator functions.

How do the parties identify themselves within the IEEE 802.16e exchanges?
If the BS is not an authenticator, then the EAP peer cannot be aware of
its identity;  that is, the BS must appear to be a port of the MSS, and
the EAP peer can only be aware of the MSS identity in the layer below EAP.
Is this how 802.16e works?

How does IEEE 802.16e negotiate the key lifetime of the MSK and TSKs?  Is
this done explicitly?  What meaning is ascribed to the RADIUS Session-Time
attribute?

How are keys named in IEEE 802.16e?  How do the parties synchronize the
key cache?  Are the messages within the Secure Association protocol
authenticated?