| RE: Issue: AMSK generation? | <– Date –> <– Thread –> |
From: Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri motorola.com)
|
|
| Date: Thu, 3 Nov 2005 17:47:10 -0500 (EST) | |
Refreshing the subject to do something constructive with the thread.
Before everybody wears out, lets look if we can work on the AMSK recipe
:)
Madjid
[Joe] The AAA can keep the AMSK if that is what the application
specifies to be done. Generating an AMSK from an EMSK is a more
specialized function that needs to exist outside of AAA since EAP does
not require AAA.
Madjid2>>Outside AAA? Where? In EAP layer. Ok, lets see the latest
definition of AMSK I have seen (in draft-Aboba-eap-keying-extens-00.txt)
do not really give a clean separation of AMSK from MSK/EMSK. The
authenticator keys are calculated from not just AMSK but also AAA-key.
AMSK = KDF(EMSK, "EAP AAA-Key derivation for multiple attachments",
length)
AAA-Key-B = prf(AMSK(0,63),"EAP AAA-Key derivation for
multiple attachments", AAA-Key, B-Called-Station-Id,
Calling-Station-Id,length)
AAA-Key-C = prf(AMSK(0,63),"EAP AAA-Key derivation for
multiple attachments",AAA-Key, C-Called-Station-Id,
Calling-Station-Id, length)
We are stating, if a key is shipped to authenticator it must be deleted,
so that means neither AMSK nor MSK can be shipped to authenticator, so
they must stay at the AAA server, which means for every handover you
HAVE to go to AAAs server.
And also remember that Bernard said 802.11r and others have multiple
layers of hierarchy. I like to think that it means the BS/ AP gets
another key derived from AAA-key-B, so you called-station-ID cannot
really be the BS/ AP id, but the authenticator ID.
>
> [Joe] This depends on how you define your key hierarchy. If you
> derive your keys directly from the EMSK you have a problem. If you
> define your keys from an AMSK derive for the purpose of pre-emptive
> key distribution then things work out a bit better.
>
> Madjid>>Are you saying we create our application specific keys out of
> AMSK that is already called application master key? Not sure what
> "rainy day" we are saving EMSK for? Why have so many key levels, does
> anybody care about the CPU and battery consumptions down at a tiny
> mobile device that may have to do all this?
>
[Joe] The EMSK is the root of a key hierarchy used only to generate
AMSKs. This is to ensure that application keys are cryptographically
separate from one another so that one application does not cause a
compromise in another. If the EMSK is used by multiple applications
this opens you up to a catastrophic compromise if one application has a
problem.
Madjid>> Yes, but when you generate one AMSK and delete EMSK
immediately, how do you delete further AMSKs?
-
RE: Issue: AMSK generation? Nakhjiri Madjid-MNAKHJI1, November 3 2005
- RE: Issue: AMSK generation? Bernard Aboba, November 3 2005
Results generated by Tiger Technologies using MHonArc.