| Re: AMSKs for MIPv6 | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Thu, 3 Nov 2005 20:45:42 -0500 (EST) | |
MN <------> HA <-------> AAA
So we'll need exchange between MN and HA and between HA and AAA.
Is an EAP exchange being run between the MN and AAA server, with the HA serving as the "EAP authenticator"? If so, the end result of this exchange is that the MN, HA and AAA server share a key.
The EAP peer and server derive MSK and EMSK. The AAA server requests to the EAP server an 'AMSK for Mobile IPv6'.
A mobility management entity (not the EAP lower layer) on the mobile node requests locally the 'AMSK for Mobile IPv6' to the EAP layer.
Assuming that the HA is acting as an "EAP authenticator" here, the end result of this is that the MN and the EAP server/AAA server now have mutually authenticated to each other and have derived an AMSK that they know is fresh, and which is known only to them. The HA and AAA server now mutually authenticate and derive a cryptographically secure channel. The AMSK is now transported to the HA, which can use it in a mutual proof of possession exchange with the MN.
Then, if we want that the mobile node shares a key with the HA, this implies that the HA requests a key to the AAA server.
Before the HA can request a key from the AAA server, it needs to prove that it is authorized to receive that key. Typically this requires that it mutually authenticate to the AAA server *and* include some "proof of liveness" from the EAP peer to show that the peer is actually interested in communicating with it.
So a better way to think about this is that the HA is not really requesting a key -- it is the EAP peer that is requesting that the AAA Server send a key to that specific HA. If the EAP peer and AAA server share a trust relationship and are mutuall authenticated, and if the HA and AAA server are mutually authenticated, and if the key that is being requested is unambiguously specified (e.g. it is "named"), then the AAA server will authorize the request and transport the key to the HA.
I stay vague here. But one can imagine that the 'AMSK for Mobile IPv6' is used by the MN to authenticate himself to the AAA.
"Key Request" proposals typically require mutual authentication between the EAP peer and AAA server. For example, if the MN/peer had previously established a cached AMSK with the AAA server, it can subsequently prove possession of that AMSK, and ask that a key derived from that AMSK be sent to an HA that it specifies. This request needs to be "routed" through the HA itself, which mutually authenticates to the AAA server. This guarantees that the "Key Request" is authenticated, bound to the entities involved in the exchange, and can generate fresh keys (this part probably requires nonces to be exchanged by the parties).
This pre-shared key will be derived at MN and AAA from the "AMSK for Mobile IPv6" and then transported from the AAA to the HA.
If the key is dynamically derived it is not a pre-shared key.
SO the 'AMSK for Mobile IPv6' is cached on the AAA server and MN but not transported. The key derived for MN-HA is deleted on the AAA and transported to the HA.
Right.
Does such a mechanism seem correct respective to EAP keying framework ?
It seems compatible with the "Key Request" extension that has been discussed.
-
Re: AMSKs for MIPv6 Bernard Aboba, November 3 2005
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- Re: Re: AMSKs for MIPv6 Jari Arkko, November 6 2005
-
Re: Re: AMSKs for MIPv6 Julien Bournelle, November 6 2005
- RE: Re: AMSKs for MIPv6 Avi Lior, November 3 2005
-
Re: Re: AMSKs for MIPv6 Jari Arkko, November 5 2005
Results generated by Tiger Technologies using MHonArc.